Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2022-35813

Malicious code in bioql PyPI...

8.1CVSS8.1AI score0.00113EPSS
Exploits0References1
CVE
CVEadded 2024/03/08 1:35 a.m.83 views

CVE-2024-23288

CVE-2024-23288 affects Apple platforms and is fixed by removing the vulnerable code in tvOS 17.4, iOS 17.4 / iPadOS 17.4, macOS Sonoma 14.4, and watchOS 10.4. The issue could allow an app to elevate privileges. The connected documents confirm the remediation versions and the privilege-elevation i...

8.4CVSS7.1AI score0.00042EPSS
Exploits0References15Affected Software5
Prion
Prionadded 2023/01/30 11:15 p.m.14 views

Spoofing

A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert CAE Versions prior to 2.2...

4.8CVSS7.8AI score0.00113EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2023/01/30 12:0 a.m.34 views

CVE-2022-32747

CVE-2022-32747 affects Schneider Electric’s EcoStruxure Cybersecurity Admin Expert (CAE) prior to 2.2. The issue is a CWE-290 authentication bypass by spoofing a device on the local network, which could cause legitimate users to be locked out or enable backdoor account creation. Root cause: spoof...

8.1CVSS7.8AI score0.00113EPSS
Exploits0References1Affected Software1
ICS
ICSadded 2021/07/13 12:0 a.m.143 views

Schneider Electric Modicon Controllers and Software (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : EcoStruxure Control Expert, EcoStruxure Process Expert, SCADAPack RemoteConnect x70, SCADAPack x70 RTUs, and Modicon M580 and M340 control products Vulnerabilities :...

9.1CVSS8.4AI score0.00183EPSS
Exploits0References5
Talos
Talosadded 2019/06/10 12:0 a.m.201 views

Schneider Electric Modicon M580 UMAS Improper Authentication Vulnerability

Summary An exploitable improper authentication vulnerability exists in the UMAS PLC reservation function of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can allow an attacker to masquerade as an authenticated use...

9.8CVSS9.9AI score0.10127EPSS
Exploits1
Prion
Prionadded 2019/05/22 8:29 p.m.20 views

Spoofing

A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller...

7.5CVSS9.3AI score0.10127EPSS
Exploits1References2
CVE
CVEadded 2019/05/22 7:59 p.m.70 views

CVE-2018-7842

The CVE-2018-7842 issue affects Schneider Electric Modicon M580, M340, Quantum, and Premium PLCs. Root cause: CWE-290 Authentication Bypass by Spoofing enabling brute-forcing of Modbus parameters to gain elevated privileges. Impact: elevation of privilege and potential unauthorized control of dev...

9.8CVSS9.3AI score0.10127EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder