83 matches found
Authentication flaw
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters...
Design/Logic Flaw
An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0...
Path traversal
Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files...
CVE-2022-2106 Elcomplus SmartICS Path Traversal
Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files...
CVE-2022-2106 Elcomplus SmartICS Path Traversal
Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files...
CVE-2022-2106
Elcomplus SmartICS Web HMI v2.3.4.0 exposes a relative path traversal due to insufficient filename validation. An authenticated administrator can specify arbitrary files, enabling potential exposure of sensitive data. Mitigation: upgrade to SmartICS 2.4 (patch released) and apply network/access c...
CVE-2022-2140 Elcomplus SmartICS Cross-site Scripting
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters...
CVE-2022-2140
CVE-2022-2140 affects Elcomplus SmartICS Web-based HMI (v2.3.4.0). The vulnerability arises because input is not neutralized, enabling an authenticated user to inject arbitrary code into specific parameters. CVSSv3.1 base score in advisories is 8.8 (HIGH) with NETWORK attack vector, LOW complexit...
CVE-2022-2140 Elcomplus SmartICS Cross-site Scripting
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters...
CVE-2022-2088 Elcomplus SmartICS Access Control
An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0...
CVE-2022-2088
CVE-2022-2088 affects Elcomplus SmartICS v2.3.4.0. The root cause is an improper access control vulnerability that allows an authenticated user with admin privileges to terminate any process on the system running SmartICS. This is documented in multiple sources including the CISA ICS advisory (IC...
CVE-2022-2088 Elcomplus SmartICS Access Control
An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0...
Elcomplus LLC SmartICS Path Traversal Vulnerability
Elcomplus LLC SmartICS is a builder of top-level visualizations for industrial automation systems from Elcomplus LLC. A path traversal vulnerability exists in Elcomplus LLC SmartICS, which stems from inadequate validation of file names. An attacker could exploit this vulnerability to perform a pa...
Elcomplus LLC SmartICS Access Control Error Vulnerability
Elcomplus LLC SmartICS is a builder for top-level visualization of industrial automation systems from Elcomplus LLC. An access control error vulnerability exists in Elcomplus LLC SmartICS version 2.3.4.0. An authenticated attacker with administrator privileges can exploit this vulnerability to be...
Elcomplus LLC SmartICS Cross-Site Scripting Vulnerability
Elcomplus LLC SmartICS is a builder of top-level visualizations for industrial automation systems from Elcomplus LLC. A cross-site scripting vulnerability exists in Elcomplus LLC SmartICS. The vulnerability stems from a failure to neutralize user-controllable input and can be exploited by an...
Elcomplus LLC SmartICS 路径遍历漏洞
Elcomplus LLC SmartICS is a builder of top-level visualizations for industrial automation systems from Elcomplus LLC. A path traversal vulnerability exists in Elcomplus LLC SmartICS, which stems from inadequate validation of file names. An attacker could exploit this vulnerability to perform a pa...
PT-2022-3470 · Elcomplus · Elcomplus Smartics
Name of the Vulnerable Software and Affected Versions: Elcomplus SmartICS version 2.3.4.0 Description: The issue is related to inadequate access control in the Elcomplus SmartICS platform, which can be exploited by a remote attacker to terminate any process in the system. An authenticated user wi...
PT-2022-3471 · Elcomplus · Elcomplus Smartics
Name of the Vulnerable Software and Affected Versions: Elcomplus SmartICS version 2.3.4.0 Description: The issue is related to insufficient filename validation, which allows authenticated administrator-level users to perform path traversal attacks and specify arbitrary files. This can be exploite...
Elcomplus SmartICS
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Elcomplus LLC Equipment: SmartICS Vulnerabilities: Improper Access Control, Relative Path Traversal, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...
CVE-2021-43938
Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization...