Lucene search
K

83 matches found

Prion
Prion
added 2022/06/27 5:15 p.m.20 views

Authentication flaw

Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters...

6CVSS9.1AI score0.00765EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/06/27 5:15 p.m.17 views

Design/Logic Flaw

An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0...

6.8CVSS5.9AI score0.00741EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/06/27 5:15 p.m.18 views

Path traversal

Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files...

4CVSS5AI score0.00587EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/27 4:15 p.m.34 views

CVE-2022-2106 Elcomplus SmartICS Path Traversal

Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files...

3.8CVSS4.7AI score0.00587EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/06/27 4:15 p.m.8 views

CVE-2022-2106 Elcomplus SmartICS Path Traversal

Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files...

3.8CVSS6.8AI score0.00587EPSS
Exploits0References1
CVE
CVE
added 2022/06/27 4:15 p.m.64 views

CVE-2022-2106

Elcomplus SmartICS Web HMI v2.3.4.0 exposes a relative path traversal due to insufficient filename validation. An authenticated administrator can specify arbitrary files, enabling potential exposure of sensitive data. Mitigation: upgrade to SmartICS 2.4 (patch released) and apply network/access c...

4CVSS4.3AI score0.00587EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/06/27 4:14 p.m.8 views

CVE-2022-2140 Elcomplus SmartICS Cross-site Scripting

Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters...

8.8CVSS9.1AI score0.00765EPSS
Exploits0References1
CVE
CVE
added 2022/06/27 4:14 p.m.49 views

CVE-2022-2140

CVE-2022-2140 affects Elcomplus SmartICS Web-based HMI (v2.3.4.0). The vulnerability arises because input is not neutralized, enabling an authenticated user to inject arbitrary code into specific parameters. CVSSv3.1 base score in advisories is 8.8 (HIGH) with NETWORK attack vector, LOW complexit...

9CVSS9.1AI score0.00765EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/27 4:14 p.m.25 views

CVE-2022-2140 Elcomplus SmartICS Cross-site Scripting

Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters...

8.8CVSS9.2AI score0.00765EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/06/27 4:14 p.m.24 views

CVE-2022-2088 Elcomplus SmartICS Access Control

An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0...

6.8CVSS6.7AI score0.00741EPSS
Exploits0References1
CVE
CVE
added 2022/06/27 4:14 p.m.64 views

CVE-2022-2088

CVE-2022-2088 affects Elcomplus SmartICS v2.3.4.0. The root cause is an improper access control vulnerability that allows an authenticated user with admin privileges to terminate any process on the system running SmartICS. This is documented in multiple sources including the CISA ICS advisory (IC...

6.8CVSS5.4AI score0.00741EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/06/27 4:14 p.m.6 views

CVE-2022-2088 Elcomplus SmartICS Access Control

An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0...

6.8CVSS6.6AI score0.00741EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/27 12:0 a.m.19 views

Elcomplus LLC SmartICS Path Traversal Vulnerability

Elcomplus LLC SmartICS is a builder of top-level visualizations for industrial automation systems from Elcomplus LLC. A path traversal vulnerability exists in Elcomplus LLC SmartICS, which stems from inadequate validation of file names. An attacker could exploit this vulnerability to perform a pa...

4CVSS4.2AI score0.00587EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/27 12:0 a.m.21 views

Elcomplus LLC SmartICS Access Control Error Vulnerability

Elcomplus LLC SmartICS is a builder for top-level visualization of industrial automation systems from Elcomplus LLC. An access control error vulnerability exists in Elcomplus LLC SmartICS version 2.3.4.0. An authenticated attacker with administrator privileges can exploit this vulnerability to be...

6.8CVSS3.9AI score0.00741EPSS
Exploits0References1
CNVD
CNVD
added 2022/06/27 12:0 a.m.17 views

Elcomplus LLC SmartICS Cross-Site Scripting Vulnerability

Elcomplus LLC SmartICS is a builder of top-level visualizations for industrial automation systems from Elcomplus LLC. A cross-site scripting vulnerability exists in Elcomplus LLC SmartICS. The vulnerability stems from a failure to neutralize user-controllable input and can be exploited by an...

9CVSS4AI score0.00765EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/06/23 12:0 a.m.2 views

Elcomplus LLC SmartICS 路径遍历漏洞

Elcomplus LLC SmartICS is a builder of top-level visualizations for industrial automation systems from Elcomplus LLC. A path traversal vulnerability exists in Elcomplus LLC SmartICS, which stems from inadequate validation of file names. An attacker could exploit this vulnerability to perform a pa...

4CVSS5.6AI score0.00587EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/06/23 12:0 a.m.5 views

PT-2022-3470 · Elcomplus · Elcomplus Smartics

Name of the Vulnerable Software and Affected Versions: Elcomplus SmartICS version 2.3.4.0 Description: The issue is related to inadequate access control in the Elcomplus SmartICS platform, which can be exploited by a remote attacker to terminate any process in the system. An authenticated user wi...

6.8CVSS5.1AI score0.00741EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/06/23 12:0 a.m.5 views

PT-2022-3471 · Elcomplus · Elcomplus Smartics

Name of the Vulnerable Software and Affected Versions: Elcomplus SmartICS version 2.3.4.0 Description: The issue is related to insufficient filename validation, which allows authenticated administrator-level users to perform path traversal attacks and specify arbitrary files. This can be exploite...

5.5CVSS3.9AI score0.00587EPSS
Exploits0References6
ICS
ICS
added 2022/06/23 12:0 a.m.80 views

Elcomplus SmartICS

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Elcomplus LLC Equipment: SmartICS Vulnerabilities: Improper Access Control, Relative Path Traversal, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

9CVSS6.3AI score0.00765EPSS
Exploits0References4
OSV
OSV
added 2022/04/29 4:15 p.m.4 views

CVE-2021-43938

Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization...

9.8CVSS7.3AI score0.01028EPSS
Exploits0References1
Rows per page
Query Builder