Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.11 views

CVE-2026-25599

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

6.3CVSS5.6AI score0.00114EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 11:16 a.m.15 views

CVE-2026-25599

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

6.3CVSS0.00114EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 9:17 a.m.30 views

CVE-2026-25599 Missing authentication and clear‑text data transmission affecting Orca heat pumps

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

6.3CVSS0.00114EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 9:17 a.m.9 views

CVE-2026-25599 Missing authentication and clear‑text data transmission affecting Orca heat pumps

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

6.3CVSS5.9AI score0.00114EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 9:17 a.m.22 views

CVE-2026-25599

CVE-2026-25599 involves Orca heat pump devices communicating with the Orca server over unencrypted HTTP, with missing authentication and input validation on aggregated data. This combination enables stored XSS in the heat pump web control interface and potential cookie theft, as well as attacker ...

6.3CVSS5.9AI score0.00114EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.16 views

PT-2026-45397

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

6.3CVSS5.9AI score0.00114EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:35 a.m.10 views

CVE-2024-22894

An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file...

6.8CVSS8.2AI score0.00731EPSS
Exploits1References1
Pen Test Partners Blog
Pen Test Partners Blog
added 2025/05/13 5:30 a.m.13 views

New cybersecurity rules for smart heat pump manufacturers

TL;DR Smart heat pumps face new UK cybersecurity rules Must meet ETSI EN 303 645 under the Smart Secure Electricity Systems programme Applies to most domestic heat devices up to 45 kW Compliance deadline expected to be late 2026 / early 2027 Aims to protect consumers, data, and the national grid...

6.8AI score
Exploits0
OSV
OSV
added 2024/01/30 10:15 a.m.6 views

CVE-2024-22894

An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file...

6.8CVSS6.1AI score0.00731EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2024/01/30 12:0 a.m.8 views

The vulnerability of the microprogramming software of Alpha Innotec and Novelan heat pumps allows a hacker to gain full access to the device.

The vulnerability of Alpha Innotec and Novelan thermal pump microprogramming systems is related to the use of pre-set configuration data in the wp2reg-V3.88.0-9015 file. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain full access to the device by using...

10CVSS6.7AI score0.00731EPSS
Exploits1References3
Rows per page
Query Builder