14 matches found
EUVD-2016-5509
Malware in sbrugna...
Rockwell Automation FactoryTalk EnergyMetrix Elevation of Privilege Vulnerability
Rockwell Automation FactoryTalk EnergyMetrix is a Web-based software management package for capturing, analyzing, storing and sharing energy data from Rockwell Automation. A security vulnerability exists in Rockwell Automation FactoryTalk EnergyMetrix versions prior to 2.20.00, which can be...
CVE-2016-4531
Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...
CVE-2016-4531
Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...
CVE-2016-4522
SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2016-4522
SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Design/Logic Flaw
Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...
Sql injection
SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2016-4522
SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2016-4531
Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...
EUVD-2016-5518
Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...
CVE-2016-4531
Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon logout, enabling potential reuse of active sessions by an unattended workstation (CWE-613). Affected product: FactoryTalk EnergyMetrix web application; root cause: insufficient session expiration. CVS...
CVE-2016-4522
Rockwell Automation FactoryTalk EnergyMetrix (web-based energy data management) is affected by a SQL Injection vulnerability (CVE-2016-4522) in versions prior to 2.20.00. An unauthenticated, remote attacker could execute arbitrary SQL commands via unspecified vectors. Mitigation: upgrade to Energ...
Rockwell Automation FactoryTalk EnergyMetrix SQL Injection Vulnerability
Rockwell Automation FactoryTalk EnergyMetrix is a Web-based software management package for capturing, analyzing, storing and sharing energy data from Rockwell Automation. A SQL injection vulnerability exists in Rockwell Automation FactoryTalk EnergyMetrix versions prior to 2.20.00. A remote...