24 matches found
EUVD-2017-1349
Malware in sbrugna...
EUVD-2018-19542
Malware in sbrugna...
EUVD-2018-19516
Malware in sbrugna...
Schneider Electric Modicon Weak Password Recovery Mechanism for Forgotten Password (CVE-2018-7809)
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server. This plugin only works with Tenable.ot. Please visit...
Schneider Electric Modicon Weak Password Recovery Mechanism for Forgotten Password (CVE-2018-7811)
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server This plugin only works with Tenable.ot. Please visit...
Schneider Electric Modicon Exposure of Sensitive Information to an Unauthorized Actor (CVE-2018-7812)
An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether...
GoAhead 2.5.0 - Host Header Injection Vulnerability
Exploit Title: GoAhead Web server HTTP Header Injection. Shodan Query: Server: Goahead Exploit Author: Ramikan Vendor Homepage: https://www.embedthis.com/goahead/ Affected Version: 2.5.0 may be others. Tested On Version: 2.5.0 in Cisco Switches and Net Gear routers. Vendor Fix: N/A CVE : N/A CVSS...
Information disclosure
An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether...
Input validation
An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable...
CVE-2018-7812
An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether...
CVE-2018-7833
An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable...
CVE-2018-7812
An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether...
CVE-2018-7833
CVE-2018-7833 affects the embedded web servers in Schneider Electric Modicon M340, Premium, Quantum PLCs and BMXNOR0200. A vulnerability described as an improper check for unusual or exceptional conditions allows an unauthenticated remote attacker to send specially crafted XML data via a POST req...
Default credentials
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server...
Crlf injection
Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting' vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for 1 minute by sending a specially crafted HTTP request...
Default credentials
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server...
CVE-2018-7830
Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting' vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for 1 minute by sending a specially crafted HTTP request...
CVE-2018-7831
An Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a...
CVE-2018-7811
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server...
CVE-2018-7830
The CVE-2018-7830 entry applies to Schneider Electric Modicon embedded web servers (M340, Premium, Quantum PLCs and BMXNOR0200). It is a HTTP Response Splitting issue caused by improper neutralization of CRLF sequences in HTTP headers, leading to a denial of service for about one minute when a sp...