Lucene search
K

4050 matches found

ICS
ICS
added 2017/08/22 12:0 a.m.70 views

General Motors and Shanghai OnStar (SOS) iOS Client

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: General Motors GM, Shanghai OnStar SOS Equipment: SOS iOS Client Vulnerabilities: Cleartext Storage of Sensitive Information, Man-in-the-Middle, Improper Authentication REPOSTED INFORMATION This advisory was originall...

8.8CVSS7.7AI score0.01852EPSS
Exploits0References2
Hacker One
Hacker One
added 2017/08/08 11:3 p.m.174 views

Snapchat: RCE/LFI on test Jenkins instance due to improper authentication flow

@nahamsec found a test Jenkins instance where they could login with any valid Google account. Once logged in, they gained the ability to execute arbitrary code via the Jenkins Script Console. This was a test jenkins instance with no access to source code or resources. Methodology Here is the...

0.7AI score
Exploits0
NVD
NVD
added 2017/08/07 8:29 a.m.19 views

CVE-2017-7920

An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator URL on the web server, a malicious user is able to access internal information...

7.5CVSS7.5AI score0.02715EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2017/08/07 8:29 a.m.4 views

CVE-2017-9630

An Improper Authentication issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, LaserJet, all versions, ProTouch Tandem, all versions,...

9.4CVSS5.5AI score0.01186EPSS
Exploits0References2
Prion
Prion
added 2017/08/07 8:29 a.m.17 views

Authentication flaw

An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator URL on the web server, a malicious user is able to access internal information...

5CVSS7.4AI score0.02715EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2017/08/07 8:0 a.m.44 views

CVE-2017-9630

CVE-2017-9630 is an Improper Authentication vulnerability in PDQ Manufacturing LaserWash/G5, G5 S, M5, 360/360 Plus, AutoXpress/AutoExpress Plus, LaserJet, ProTouch Tandem/Icon/AutoGloss. The web server does not properly verify authentication information, enabling remote access with no user privi...

9.4CVSS9.2AI score0.01186EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/08/07 8:0 a.m.60 views

CVE-2017-7920

The CVE-2017-7920 issue affects ABB VSN300 WiFi Logger Card and VSN300 WiFi Logger Card for React (versions 1.8.15 and prior; 2.1.3 and prior, respectively). The root cause is Improper Authentication: a malicious actor can access internal status and connected-device information by requesting a sp...

7.5CVSS7.4AI score0.02715EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/08/07 8:0 a.m.21 views

CVE-2017-7920

An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator URL on the web server, a malicious user is able to access internal information...

7.5AI score0.02715EPSS
Exploits0References3
ICS
ICS
added 2017/07/27 12:0 a.m.94 views

PDQ Manufacturing, Inc. LaserWash, Laser Jet and ProTouch

CVSS v3 9.4 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available Vendor: PDQ Manufacturing, Inc. Equipment: LaserWash, Laser Jet and ProTouch Vulnerabilities: Improper Authentication, Missing Encryption of Sensitive Data AFFECTED PRODUCTS The following version...

9.8CVSS10AI score0.01186EPSS
Exploits0References3
ICS
ICS
added 2017/07/11 12:0 a.m.64 views

ABB VSN300 WiFi Logger Card

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: ABB Equipment: VSN300 WiFi Logger Card Vulnerabilities: Improper Authentication; Permissions, Privileges, and Access Controls AFFECTED PRODUCTS The following versions of VSN300 WiFi Logger Card, a device for solar...

7.5CVSS7.5AI score0.02715EPSS
Exploits0References3
Prion
Prion
added 2017/07/07 5:29 p.m.13 views

Authentication flaw

An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process CP of the RNA series module, if network access to Port 102/TCP is available a...

6.8CVSS8AI score0.04174EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2017/07/07 5:29 p.m.12 views

CVE-2017-6868

An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process CP of the RNA series module, if network access to Port 102/TCP is available a...

8.1CVSS8.2AI score0.04174EPSS
Exploits0References4
Cvelist
Cvelist
added 2017/07/07 5:0 p.m.21 views

CVE-2017-6868

An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process CP of the RNA series module, if network access to Port 102/TCP is available a...

8.1AI score0.04174EPSS
Exploits0References4
ICS
ICS
added 2017/07/06 12:0 a.m.60 views

Siemens SIPROTEC 4 and SIPROTEC Compact (Update C)

CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication UPDATE INFORMATION This updated advisory is a follow-up to the updated...

10CVSS1.5AI score0.74323EPSS
Exploits7References49
Tenable Nessus
Tenable Nessus
added 2017/07/06 12:0 a.m.47 views

HP SiteScope Multiple Vulnerabilities (HPESBGN03763)

The version of HP SiteScope running on the remote host is 11.2x or 11.3x. It is, therefore, affected by multiple vulnerabilities : - A cryptographic weakness exists in the sspu.jar library due to the use of hard-coded encryption keys. A local attacker can exploit this to disclose potentially...

7.8CVSS7.3AI score0.04934EPSS
Exploits0References8
Prion
Prion
added 2017/07/03 7:29 p.m.12 views

Authentication flaw

An Improper Authentication issue was discovered in Newport XPS-Cx and XPS-Qx. An attacker may bypass authentication by accessing a specific uniform resource locator URL...

7.5CVSS9.6AI score0.02602EPSS
Exploits0References2
CVE
CVE
added 2017/07/03 7:0 p.m.39 views

CVE-2017-7919

The CVE-2017-7919 issue affects Newport XPS-Cx and XPS-Qx, where an attacker may bypass authentication by accessing a specific URL. This is classified as Improper Authentication with high impact (CVSS v3 base score 9.8) and is remotely exploitable with no user interaction. Affected products inclu...

9.8CVSS9.5AI score0.02602EPSS
Exploits0References2Affected Software1
ICS
ICS
added 2017/06/29 12:0 a.m.66 views

Siemens Viewport for Web Office Portal

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Viewport for Web Office Portal Vulnerability: Improper Authentication AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following ViewPort for Web Office Portal products: ViewPort...

10CVSS10AI score0.0298EPSS
Exploits0References3
ICS
ICS
added 2017/06/29 12:0 a.m.147 views

Schneider Electric U.motion Builder (Update A)

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Schneider Electric Equipment: U.motion Builder --------- Begin Update A Part 1 of 5 -------- Vulnerabilities: SQL Injection, Path Traversal, Improper...

9.8CVSS10AI score0.04606EPSS
Exploits3References5
ICS
ICS
added 2017/06/27 12:0 a.m.32 views

Newport XPS-Cx, XPS-Qx

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Newport Equipment: XPS-Cx, XPS-Qx Vulnerability: Improper Authentication AFFECTED PRODUCTS The following versions of XPS-Cx and XPS-Qx, a universal motion controller, are affected: XPS-Cx all versions, and XPS-Qx all...

9.8CVSS9.8AI score0.02602EPSS
Exploits0References3
Rows per page
Query Builder