CVE-2026-42518 Information Disclosure Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to disclosure of sensitive information and hardcoded AES encryption keys in client-side JavaScript. An unauthenticated remote attacker could exploit this vulnerability by accessing the client-side code to extract sensitive information and cryptographic...

CVE-2026-42517 Cryptographic Failure Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive...

CVE-2026-42517 Cryptographic Failure Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive...

CVE-2026-42516 Broken Access Control Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in the request URL to gain unauthorized access to patient accounts on the targeted system...

CVE-2026-42515 Insecure Direct Object Reference (IDOR) Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API request URL to gain unauthorized access to sensitive information of patients on the targeted system...

CVE-2026-42515

CVE-2026-42515 is an IDOR vulnerability in the e-Sushrut HMIS. Improper access control in resource access validation allows an authenticated attacker to manipulate a URL parameter in the API request to gain unauthorized access to patients’ sensitive information. The CVSS 4.0 base score is 7.1 (HI...

CVE-2026-42514 Sensitive Data Exposure Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext within API responses. A remote attacker could exploit this vulnerability by intercepting API responses containing valid OTPs. Successful exploitation of this vulnerability could allow an attacker to impersonate the target...

CVE-2026-42514 Sensitive Data Exposure Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext within API responses. A remote attacker could exploit this vulnerability by intercepting API responses containing valid OTPs. Successful exploitation of this vulnerability could allow an attacker to impersonate the target...

CVE-2026-42514

CVE-2026-42514 affects e-Sushrut HMIS. The issue is exposure of OTPs in plaintext within API responses, enabling a remote attacker to intercept responses containing valid OTPs. If exploited, an attacker could impersonate a target user and gain unauthorized access to user accounts. Metrics indicat...

CVE-2026-42513 Authentication Bypass Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vulnerability by intercepting and modifying the server response. Successful exploitation of this...

CVE-2026-42513

CVE-2026-42513 affects e-Sushrut HMIS. The vulnerability stems from improper authentication logic that relies on client-side response parameters to determine login status, enabling a remote attacker to intercept and modify server responses to bypass authentication and gain unauthorized access to ...

EUVD-2020-4826

Malware in sbrugna...

CISA and EPA Release Joint Fact Sheet Detailing Risks Internet-Exposed HMIs Pose to WWS Sector

Today, CISA and the Environmental Protection Agency EPA released Internet-Exposed HMIs Pose Cybersecurity Risks to Water and Wastewater Systems. This joint fact sheet provides Water and Wastewater Systems WWS facilities with recommendations for limiting the exposure of Human Machine Interfaces HM...

Unitronics VisiLogic < 9.9.00 Default Password

The version of Unitronics VisiLogic installed on the remote host is prior to 9.9.00. It is, therefore, affected by a vulnerability. - Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with networ...

CVE-2023-6448

Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system...

Default credentials

Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system...

CVE-2023-6448 Unitronics VisiLogic uses a default administrative password

Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system...

CVE-2023-6448 Unitronics VisiLogic uses a default administrative password

Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system...

CVE-2023-6448

Unitronics VisiLogic before version 9.9.00 (Vision and Samba PLCs/HMIs) is affected by CVE-2023-6448 due to an insecure default administrative password. An unauthenticated, network-accessible attacker can gain full administrative control of a vulnerable system. Mitigation includes upgrading to Vi...

Weak Encryption Vulnerability in Multiple Siemens Products

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers PLCs or Human Machine Interfaces HMIs, that comply with the IEEE 802.11...