CVE-2018-10605

Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect to the RTU...

CVE-2018-10605

CVE-2018-10605 affects Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4. The vulnerability stems from Incorrect Default Permissions (CWE-276): an attacker can connect to the RTU using default credentials to modify/upload a new system configuration or take full control of the RTU, due to m...

CVE-2018-10605

Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect to the RTU...

Code injection

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel...

CVE-2018-10603

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process...

CVE-2018-10607

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel...

CVE-2018-10607

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel...

CVE-2018-10609

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges...

Authentication flaw

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process...

CVE-2018-10609

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges...

CVE-2018-10603

CVE-2018-10603 affects Martem TELEM-GW6 and GWM devices running firmware 2018.04.18-linux_4-01-601cb47 and prior. The root cause is missing authentication for IEC-104 control commands (CWE-306), enabling a rogue node to remotely control the industrial process. Public documents confirm a high/seve...

CVE-2018-10603

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process...

CVE-2018-10607

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel...

CVE-2018-10607

CVE-2018-10607 affects Martem TELEM-GW6 and GWM devices. The vulnerability allows creating new connections to one or more IOAs without properly closing them, causing a denial of service in the industrial process control channel. Affected firmware: 2018.04.18-linux_4-01-601cb47 and prior; remediat...

CVE-2018-10609

CVE-2018-10609 affects Martem TELEM-GW6/GWM devices; vulnerability lies in improper sanitization of data over WebSocket, enabling cross-site scripting and client-side code execution with target user privileges. Affected firmware: GW6/GWM

CVE-2018-10609

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges...

Martem TELEM-GW6/GWM Critical Function Missing Authentication Vulnerability

Martem specializes in providing remote control systems for monitoring and controlling distribution networks, and its customers include distribution companies as well as industrial and transportation companies that own their own power grids. A critical function missing authentication vulnerability...

Martem TELEM-GW6/GWM (Update B)

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Martem Equipment : TELEM-GW6/GWM --------- Begin Update B Part 1 of 5 -------- Vulnerabilities : Missing Authentication for Critical Function, Incorrect Default Permissions, Resource Exhaustion,...

CVE-2008-6108

CVE-2008-6108 is a cross-site scripting (XSS) vulnerability in Galatolo WebManager (GWM) 1.0, exploitable via result.php and the key parameter. The issue allows remote attackers to inject arbitrary web script or HTML. It is tracked in multiple feeds (NVD, CVE lists, Prion, etc.). The NVD entry li...

CVE-2008-2699

Galatolo WebManager (GWM) 1.0 is affected by directory traversal vulnerabilities that allow remote attackers to include and execute arbitrary local files via directory traversal sequences in (1) the plugin parameter to admin/plugins.php or (2) the com parameter to index.php. This is documented in...