3851 matches found
CVE-2023-46387
LOYTEC electronics GmbH LINX-212 and LINX-151 devices all versions are vulnerable to Incorrect Access Control via dpalconfig.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration...
CVE-2023-46384
LOYTEC electronics GmbH LINX Configurator all versions is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authentication to login Loytec device...
CVE-2023-46389
LOYTEC LINX-212 and LINX-151 devices (all versions) are affected by CVE-2023-46389 due to Incorrect Access Control via the registry.xml file, enabling remote disclosure of sensitive configuration data. The ICS advisory lists affected products (LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580...
CVE-2023-46388
LOYTEC LINX-212 and LINX-151 devices (all versions) are affected by CVE-2023-46388 due to Insecure Permissions via dpal_config.zml, enabling remote disclosure of SMTP client credentials and bypass of email authentication. The issue is tracked across multiple sources (including Red Hat and CISA IC...
CVE-2023-46386
LOYTEC electronics GmbH LINX-212 and LINX-151 devices all versions are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication...
Delta Electronics InfraSuite Device Master RunScript Exposed Dangerous Method Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RunScript method. The issue results from an exposed...
CVE-2023-46387
LOYTEC LINX-212 (firmware 6.2.4) and LINX-151 (firmware 7.2.4) are affected by CVE-2023-46387 due to Improper Access Control via the dpal_config.zml file. The Red Hat/CISA ICS and related sources describe an exploit scenario where this file’s accessibility enables remote disclosure of sensitive d...
CVE-2023-46383
The CVE-2023-46383 entry concerns LOYTEC LINX Configurator (all versions). The underlying issue is HTTP Basic Authentication transmitting credentials in base64-encoded cleartext, enabling remote attackers to steal admin passwords and gain full control of Loytec device configuration. Affected prod...
CVE-2023-46384
CVE-2023-46384 affects LOYTEC electronics LINX Configurator (v7.4.10; and LINX-related components) with insecure permissions that allow cleartext credential storage, enabling remote disclosure of the admin password and bypass of authentication to log in to Loytec devices. Technical details from c...
Delta Electronics InfraSuite Device Master Security Vulnerability
Delta Electronics InfraSuite Device Master is a device used to simplify and automate the monitoring of critical equipment from Delta Electronics Taiwan, China. A security vulnerability exists in Delta Electronics InfraSuite Device Master v.1.0.7 and prior versions that originated from a...
Delta Electronics InfraSuite Device Master Security Vulnerability
Delta Electronics InfraSuite Device Master is a device for simplifying and automating critical device monitoring from Delta Electronics, Taiwan, China. A security vulnerability exists in Delta Electronics InfraSuite Device Master version v.1.0.7, which originated from a vulnerability that could...
CVE-2023-46385
CVE-2023-46385 affects LOYTEC electronics LINX Configurator (all versions). The vulnerability is caused by insecure permissions: an admin credential is passed as a value in URL parameters without encryption, enabling remote attackers to steal the password and gain full control of Loytec device co...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on November 28, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-331-01 Delta Electronics InfraSuite Device Master ICSA-23-331-02 Franklin Electric...
Delta Electronics InfraSuite Device Master
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Delta Electronics Equipment : InfraSuite Device Master Vulnerabilities : Path Traversal, Deserialization of Untrusted Data, Exposed Dangerous Method or Function. 2. RISK EVALUATION...
PT-2023-7641 · Delta Electronics · Infrasuite Device Master
Name of the Vulnerable Software and Affected Versions: Delta Electronics InfraSuite Device Master version 1.0.7 Description: A vulnerability exists in Delta Electronics InfraSuite Device Master that allows an attacker to write to any file in any location of the filesystem, potentially leading to...
PT-2023-7439 · Delta Electronics · Infrasuite Device Master
Name of the Vulnerable Software and Affected Versions: Delta Electronics InfraSuite Device Master version 1.0.7 Description: A vulnerability exists in Delta Electronics InfraSuite Device Master that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtai...
TOTOLINK A3700R Code Execution Vulnerability
The TOTOLINK A3700R is a wireless router from China's Gion Electronics TOTOLINK. A code execution vulnerability exists in the TOTOLINK A3700R v9.1.2u.6134B20201202 version, which can be exploited by an attacker to execute arbitrary code on the system...
The vulnerability of the web server of Delta Electronics’ DX-3021L9 microprogrammed router software arises from insufficient validation of input data. This allows attackers to add, modify, or delete data.
The vulnerability of the web server of the microprogrammed routing software from Delta Electronics DX-3021L9 exists due to insufficient verification of input data. Exploiting this vulnerability can allow a remote attacker to add, modify, or delete data...
kernel: drm: bridge: adv7511: unregister cec i2c device after cec adapter
In the Linux kernel, the following vulnerability has been resolved: drm: bridge: adv7511: unregister cec i2c device after cec adapter cecunregisteradapter assumes that the underlying adapter ops are callable. For example, if the CEC adapter currently has a valid physical address, then the...
Delta Electronics DIAScreen XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...