CVE-2023-41921 Download of Code Without Integrity Check in Kiloview P1/P2 devices

A vulnerability allows attackers to download source code or an executable from a remote location and execute the code without sufficiently verifying the origin and integrity of the code. This vulnerability can allow attackers to modify the firmware before uploading it to the system, thus achievin...

Schneider Electric PowerLogic ION8650,ION8800 Download of Code Without Integrity Check (CVE-2023-5984)

A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could result in full control over the device. This plugin only works with Tenable.ot. Please visit...

Design/Logic Flaw

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC...

CVE-2023-5592 Phoenix Contact: ProConOs prone to Download of Code Without Integrity Check

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR SDK allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity...

CVE-2023-5630

A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware...

CVE-2023-5630

A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware...

Buildroot BR_NO_CHECK_HASH_FOR data integrity vulnerability

Talos Vulnerability Report TALOS-2023-1845 Buildroot BRNOCHECKHASHFOR data integrity vulnerability December 5, 2023 CVE Number CVE-2023-43608 SUMMARY A data integrity vulnerability exists in the BRNOCHECKHASHFOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted...

CVE-2023-5984

A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could result in full control over the device...

CVE-2023-5984

Affected products: Schneider Electric PowerLogic ION8650 and ION8800. Vulnerability: CWE-494 Download of Code Without Integrity Check allows a modified firmware to be uploaded during a firmware update initiated by an authorized admin. Impact: could result in full control over the device due to un...

Code injection

Synel Terminals - CWE-494: Download of Code Without Integrity Check...

CVE-2023-37220

CVE-2023-37220 affects Synel Terminals, with the issue described as CWE-494: Download of Code Without Integrity Check. Public sources consistently state that vulnerable software is Synel Terminals, and the root cause is downloading code from a remote location without integrity verification, poten...

CVE-2023-37220 Synel Terminals - CWE-494: Download of Code Without Integrity Check

Synel Terminals - CWE-494: Download of Code Without Integrity Check...

CVE-2023-22635

A download of code without Integrity check vulnerability CWE-494 in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate...

CVE-2023-0391: MGT-COMMERCE CloudPanel Shared Certificate Vulnerability and Weak Installation Procedures

While using the popular self-hosted web administration solution, CloudPanel from MGT-COMMERCE, Rapid7 researcher Tod Beardsley discovered three security concerns. The first, an issue involving the trustworthiness of the installation script provided by the vendor, was an instance of CWE-494:...

Swisslog Healthcare Translogic PTS

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Swisslog Healthcare Equipment: Translogic PTS Pneumatic Tube Systems Vulnerabilities: Use of Hard-coded Password, Execution with Unnecessary Privileges, Improper Authentication, Download of Code without...

CVE-2020-28213

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when sending specially crafted requests over Modbus...

CVE-2020-7505

A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 Firmware version 1.5.2 and older which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system...

Design/Logic Flaw

A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 Firmware version 1.5.2 and older which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system...

Philips IntelliVue WLAN

1. EXECUTIVE SUMMARY CVSS v3 6.4 Vendor: Philips Equipment: IntelliVue M3002A X2 MMS Transport Monitor/Module and IntelliVue MP monitors MP2/X2, MP5, MP20-MP90, MX600, MX700 and MX800 Vulnerabilities: Use of Hard-coded Password, Download of Code Without Integrity Check 2. RISK EVALUATION...

GHSA-JWQM-C9F2-2CQ3 Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit

Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected...