24 matches found
EUVD-2022-34378
Malicious code in bioql PyPI...
EUVD-2022-34394
Malicious code in bioql PyPI...
CVE-2022-2106
Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files...
CVE-2022-2088
An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0...
CVE-2022-2140
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters...
The vulnerability of the software platform for industrial automation and IoT solutions, Elcomplus SmartICS, is related to the lack of measures to sanitize input data. This allows attackers to execute cross-site scripting (XSS) attacks.
The vulnerability of the software platform for industrial automation and IoT solutions, Elcomplus SmartICS, is related to the lack of measures to sanitize input data. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks XSS...
The vulnerability of the software platform for industrial automation and IoT solutions, Elcomplus SmartICS, is related to inadequate access control mechanisms. This allows a malicious individual to complete any process within the system.
The vulnerability of the software platform for industrial automation and IoT solutions, Elcomplus SmartICS, is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to complete any process within the system remotely...
The vulnerability of the software platform for industrial automation and IoT solutions, Elcomplus SmartICS, is related to errors in processing the relative path to the catalog. This vulnerability allows a perpetrator to disclose protected information and replace arbitrary files.
The vulnerability of the software platform for industrial automation and IoT solutions, Elcomplus SmartICS, is related to errors in processing the relative path to the catalog. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information and replace arbitrary files...
CVE-2022-2088
An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0...
CVE-2022-2140
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters...
CVE-2022-2088
An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0...
Design/Logic Flaw
An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0...
Authentication flaw
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters...
Path traversal
Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files...
CVE-2022-2106 Elcomplus SmartICS Path Traversal
Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files...
CVE-2022-2106 Elcomplus SmartICS Path Traversal
Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files...
CVE-2022-2106
Elcomplus SmartICS Web HMI v2.3.4.0 exposes a relative path traversal due to insufficient filename validation. An authenticated administrator can specify arbitrary files, enabling potential exposure of sensitive data. Mitigation: upgrade to SmartICS 2.4 (patch released) and apply network/access c...
CVE-2022-2140 Elcomplus SmartICS Cross-site Scripting
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters...
CVE-2022-2140 Elcomplus SmartICS Cross-site Scripting
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters...
CVE-2022-2088
CVE-2022-2088 affects Elcomplus SmartICS v2.3.4.0. The root cause is an improper access control vulnerability that allows an authenticated user with admin privileges to terminate any process on the system running SmartICS. This is documented in multiple sources including the CISA ICS advisory (IC...