16 matches found
EUVD-2018-7677
Malware in sbrugna...
CVE-2018-15820
EasyIO EasyIO-30P devices before 2.0.5.27 allow XSS via the dev.htm GDN parameter...
CVE-2018-15820
EasyIO EasyIO-30P devices before 2.0.5.27 allow XSS via the dev.htm GDN parameter...
CVE-2018-15819
EasyIO EasyIO-30P devices before 2.0.5.27 have Incorrect Access Control, related to webuser.js...
Design/Logic Flaw
EasyIO EasyIO-30P devices before 2.0.5.27 have Incorrect Access Control, related to webuser.js...
Design/Logic Flaw
EasyIO EasyIO-30P devices before 2.0.5.27 allow XSS via the dev.htm GDN parameter...
CVE-2018-15820
EasyIO EasyIO-30P devices before 2.0.5.27 allow XSS via the dev.htm GDN parameter...
CVE-2018-15819
EasyIO EasyIO-30P devices before 2.0.5.27 have Incorrect Access Control, related to webuser.js...
CVE-2018-15819
CVE-2018-15819 affects EasyIO-30P controllers (versions before 2.0.5.27). The vulnerability arises from Incorrect Access Control in the web interface (webuser.js), enabling authentication bypass. Connected sources also note associated cross‑site scripting issues (CVE-2018-15820) and remote exploi...
EasyIO 30P Controller Detection (HTTP)
HTTP based detection of EasyIO 30P controllers. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
EasyIO 30P Authentication Bypass / Cross Site Scripting Vulnerabilities
EasyIO 30P versions prior to 2.0.5.27 suffer from authentication bypass and cross site scripting vulnerabilities. EasyIO 30P Authentication Bypass / Cross Site Scripting Vulnerabilities INFORMATION Product: EasyIO 30P http://www.easyio.com Affected versions: 2.0.5.27 tested on version 2.0.5.16 CV...
EasyIO 30P Authentication Bypass / Cross Site Scripting
INFORMATION Product: EasyIO 30P http://www.easyio.com Affected versions: 2.0.5.27 tested on version 2.0.5.16 CVE IDs: CVE-2018-15820 Stored XSS and CVE-2018-15819 Authentication bypass Remote-exploit: yes TIMELINE Vendor notification: 3rd August, 2018 Vendor acknowledgment: 22nd August, 2018 Patc...
EasyIO EasyIO-30P-SF Controller Hardcoding Vulnerability
The EasyIO EasyIO-30P-SF is a 32-bit controller for DDC Direct Digital Control systems. The EasyIO EasyIO-30P-SF controller uses hard-coded passwords that allow remote attackers to exploit vulnerabilities for unauthorized access...
CVE-2015-3974
EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x before 2.0.5.21, as used in Accutrol, Bar-Tech Automation, Infocon/EasyIO, Honeywell Automation India, Johnson Controls, SyxthSENSE, Transformative Wave Technologies, Tridium Asia Pacific, and Tridium Europe products, have a...
Hardcoded credentials
EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x before 2.0.5.21, as used in Accutrol, Bar-Tech Automation, Infocon/EasyIO, Honeywell Automation India, Johnson Controls, SyxthSENSE, Transformative Wave Technologies, Tridium Asia Pacific, and Tridium Europe products, have a...
EasyIO-30P-SF Hard-Coded Credential Vulnerability
OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on August 25, 2015, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified a hard-coded credential vulnerability in the EasyIO-30P-SF controller. EasyIO has produced a...