Lucene search
K

115 matches found

Prion
Prion
added 2022/01/11 12:15 p.m.17 views

Hardcoded credentials

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C All versions V16.20, CP-8000 MASTER MODULE WITH I/O -40/+70°C All versions V16.20, CP-8021 MASTER MODULE All versions V16.20, CP-8022 MASTER MODULE WITH GPRS All versions V16.20. An undocumented debug port uses...

8.5CVSS8.5AI score0.00906EPSS
Exploits0References1Affected Software4
CVE
CVE
added 2022/01/11 11:27 a.m.75 views

CVE-2021-45033

CVE-2021-45033 affects Siemens SICAM A8000 family: CP-8000 MASTER MODULE WITH I/O -25/+70°C (all versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (all versions < V16.20), CP-8021 MASTER MODULE (all versions < V16.20), and CP-8022 MASTER MODULE WITH GPRS (all versions

8.8CVSS8.4AI score0.00906EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/01/11 11:27 a.m.36 views

CVE-2021-45033

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C All versions V16.20, CP-8000 MASTER MODULE WITH I/O -40/+70°C All versions V16.20, CP-8021 MASTER MODULE All versions V16.20, CP-8022 MASTER MODULE WITH GPRS All versions V16.20. An undocumented debug port uses...

8.6AI score0.00906EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/01/11 12:0 a.m.3 views

Siemens SICAM A8000 CP-8000 信任管理问题漏洞

The SICAM A8000 is used for automation applications in all areas of remote control and energy supply. A hard-coded credentials vulnerability exists in the Siemens SICAM A8000, which can be exploited by an attacker to enable the debug port using default credentials...

8.8CVSS5.7AI score0.00906EPSS
Exploits0References4
ICS
ICS
added 2022/01/11 12:0 a.m.54 views

Siemens SICAM A8000

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM A8000 Vulnerabilities: Use of Hard-coded Credentials, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a privileged user...

8.8CVSS8.5AI score0.02307EPSS
Exploits2References11
Prion
Prion
added 2021/05/28 11:15 a.m.15 views

Design/Logic Flaw

An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page...

6.8CVSS8.6AI score0.01588EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/05/20 2:15 p.m.11 views

CVE-2021-28112

Draeger X-Dock Firmware before 03.00.13 has Active Debug Code on a debug port, leading to remote code execution by an authenticated attacker...

8.8CVSS0.01878EPSS
Exploits0References2
Prion
Prion
added 2021/05/20 2:15 p.m.17 views

Remote code execution

Draeger X-Dock Firmware before 03.00.13 has Active Debug Code on a debug port, leading to remote code execution by an authenticated attacker...

6.5CVSS8.9AI score0.01878EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/05/20 1:32 p.m.60 views

CVE-2021-28112

Vulnerability: Draeger X-Dock Firmware prior to 03.00.13 contains Active Debug Code on a debug port, enabling remote code execution by an authenticated attacker. Affected product: Draeger X-Dock Firmware (pre-03.00.13). Root cause: presence of debug code on a reachable port. Impact: remote code e...

8.8CVSS8.9AI score0.01878EPSS
Exploits0References2Affected Software1
Gitee
Gitee
added 2020/09/28 2:31 p.m.5 views

maobugs

maobugs 喵喵喵 1.samples-web-1.2.4.war 为 shiro =1.2.4 硬编码漏洞的war包。说实在这个war真的是难打... 2.jdwp-shellifier-master.zip 自己调试的话使用 java -Xdebug -Xrunjdwp:transport=dtsocket,server=y,suspend=n,address=5005 -jar spring-boot-h2-0.0.1-SNAPSHOT.jar 打开jdwp端口 jdwp 端口开启了的话就能被rce ,详情解压文件readme。 这里并不是无条件rce。...

7.1AI score
Exploits0
NVD
NVD
added 2020/08/26 4:15 p.m.11 views

CVE-2020-15483

An issue was discovered on Nescomed Multipara Monitor M1000 devices. The physical UART debug port provides a shell, without requiring a password, with complete access...

7.2CVSS6.5AI score0.00424EPSS
Exploits1References2
Prion
Prion
added 2020/08/26 4:15 p.m.17 views

Default credentials

An issue was discovered on Nescomed Multipara Monitor M1000 devices. The physical UART debug port provides a shell, without requiring a password, with complete access...

7.2CVSS6.5AI score0.00424EPSS
Exploits1References2
CVE
CVE
added 2020/08/26 3:37 p.m.54 views

CVE-2020-15483

CVE-2020-15483 affects Nescomed Multipara Monitor M1000 devices. The issue is a passwordless, full-access shell via the physical UART debug port, granting local/physical access with high impact on confidentiality, integrity, and availability. Public documentation in NVD/Red Hat confirms the UART ...

7.2CVSS6.5AI score0.00424EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/08/26 3:37 p.m.20 views

CVE-2020-15483

An issue was discovered on Nescomed Multipara Monitor M1000 devices. The physical UART debug port provides a shell, without requiring a password, with complete access...

6.5AI score0.00424EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2020/08/26 12:0 a.m.5 views

PT-2020-14450 · Nescomed · Nescomed Multipara Monitor M1000

Name of the Vulnerable Software and Affected Versions: Nescomed Multipara Monitor M1000 devices affected versions not specified Description: An issue was discovered where the physical UART debug port on the devices provides a shell without requiring a password, giving complete access...

7.2CVSS6.5AI score0.00424EPSS
Exploits1References3
CNVD
CNVD
added 2020/08/04 12:0 a.m.4 views

Schneider Electric Tricon TCM Model Information Disclosure Vulnerability

Schneider Electric Tricon TCM Model 4351 and others are a communication module from Schneider Electric, France. An information disclosure vulnerability exists in the Schneider Electric Tricon TCM Model that stems from an older version of the program's debug port account being visible on the...

7.5CVSS6.5AI score0.01308EPSS
Exploits0References1
NVD
NVD
added 2020/07/23 9:15 p.m.18 views

CVE-2020-7491

VERSION NOT SUPPORTED WHEN ASSIGNED A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4...

7.5CVSS8AI score0.01308EPSS
Exploits0References2
OSV
OSV
added 2020/07/23 9:15 p.m.5 views

CVE-2020-7491

VERSION NOT SUPPORTED WHEN ASSIGNED A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4...

7.5CVSS7.2AI score0.01308EPSS
Exploits0References2
Prion
Prion
added 2020/07/23 9:15 p.m.19 views

Design/Logic Flaw

VERSION NOT SUPPORTED WHEN ASSIGNED A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4...

5CVSS7.9AI score0.01308EPSS
Exploits0References2Affected Software7
CVE
CVE
added 2020/07/23 8:46 p.m.54 views

CVE-2020-7491

CVE-2020-7491 is an improper access control flaw in Schneider Electric Triconex legacy equipment. A legacy debug port account in Tricon system TCMs (Models 4351/4352, 4351A/B, 4352A/B) installed in Tricon v10.0–10.5.3 is visible on the network, potentially allowing inappropriate access. This vuln...

7.5CVSS7.5AI score0.01308EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder