93 matches found
Code injection
An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawkremembermeid parameter in the loginfromcookie cookie. The user logout routine could be used by unauthenticated remote attackers to execute code as hauser...
CVE-2020-12495
Endress+Hauser Ecograph T Neutral/Private Label RSG35, ORSG35 with Firmware version prior to V2.0.0 is prone to improper privilege management. The affected device has a web-based user interface with a role-based access system. Users with different roles have different write and read privileges. T...
CVE-2020-12496
Endress+Hauser Ecograph T Neutral/Private Label RSG35, ORSG35 and Memograph M Neutral/Private Label RSG45, ORSG45 with Firmware version V2.0.0 and above is prone to exposure of sensitive information to an unauthorized actor. The firmware release has a dynamic token for each request submitted to t...
CVE-2020-12495
Endress+Hauser Ecograph T Neutral/Private Label RSG35, ORSG35 with Firmware version prior to V2.0.0 is prone to improper privilege management. The affected device has a web-based user interface with a role-based access system. Users with different roles have different write and read privileges. T...
CVE-2020-12496
Endress+Hauser Ecograph T Neutral/Private Label RSG35, ORSG35 and Memograph M Neutral/Private Label RSG45, ORSG45 with Firmware version V2.0.0 and above is prone to exposure of sensitive information to an unauthorized actor. The firmware release has a dynamic token for each request submitted to t...
Code injection
Endress+Hauser Ecograph T Neutral/Private Label RSG35, ORSG35 and Memograph M Neutral/Private Label RSG45, ORSG45 with Firmware version V2.0.0 and above is prone to exposure of sensitive information to an unauthorized actor. The firmware release has a dynamic token for each request submitted to t...
CVE-2020-12496 ENDRESS+HAUSER: Ecograph T utilizing Webserver firmware version 2.x exposures sensitive information to an unauthorized actor
Endress+Hauser Ecograph T Neutral/Private Label RSG35, ORSG35 and Memograph M Neutral/Private Label RSG45, ORSG45 with Firmware version V2.0.0 and above is prone to exposure of sensitive information to an unauthorized actor. The firmware release has a dynamic token for each request submitted to t...
CVE-2020-12496
The CVE-2020-12496 entry concerns Endress+Hauser Ecograph T and Memograph M devices (Firmware v2.0.0 and above). A server-side access-control matrix misconfiguration allows a low-privilege user to access endpoints that should be restricted, leading to exposure of sensitive information. The firmwa...
CVE-2020-12495
The CVE-2020-12495 entry concerns Endress+Hauser Ecograph T (Neutral/Private Label) devices (RSG35, ORSG35) with firmware
CVE-2020-12495 ENDRESS+HAUSER: Ecograph T utilizing Webserver firmware version 1.x has improper privilege management
Endress+Hauser Ecograph T Neutral/Private Label RSG35, ORSG35 with Firmware version prior to V2.0.0 is prone to improper privilege management. The affected device has a web-based user interface with a role-based access system. Users with different roles have different write and read privileges. T...
Endress+hauser Ecograph Information Disclosure Vulnerability
The Endress+hauser Ecograph is a data logger from Endress+Hauser Switzerland. It is used to record and visualize all process sequences safely and completely. An information disclosure vulnerability exists in Endress+hauser Ecograph T version V2.0.0 and later versions, which stems from the easy...
Endress+Hauser RSG35 and Endress+Hauser ORSG35 Access Control Error Vulnerabilities
Endress+Hauser Endress+Hauser ORSG35 is a graphical data manager from Endress+Hauser Switzerland for process monitoring in industrial production. Endress+Hauser ORSG35 is a graphical data manager from Endress+Hauser, Switzerland, for process monitoring and control in industrial processes. An acce...
hauser-kaibling.at Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1198052 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
WordPress Tickera plugin <= 3.4.6.7 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Florian Hauser in WordPress Tickera plugin versions = 3.4.6.7. Solution Update the WordPress Tickera plugin to the latest available version at least 3.4.6.9...
Endress and Hauser Proline Promass Coriolis Flowmeter
Binary data 199.prm...
CVE-2018-16059
Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter...
CVE-2018-16059
Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter...
Directory traversal
Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter...
CVE-2018-16059
Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter...
CVE-2018-16059
CVE-2018-16059 affects Endress+Hauser WirelessHART Fieldgate SWG70 devices (3.x/3.0). It is a Local File Inclusion/Directory Traversal vulnerability via the fcgi-bin/wgsetcgi filename parameter, enabling reading of sensitive files and potentially unauthorized access. Affected firmware paths per I...