Lucene search
K

18 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.6 views

Automated Logic WebCTRL Premium Server Improper Neutralization of Input During Web Page Generation (CVE-2024-8528)

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. User input is not properly sanitized, allowing injection of malicious scripts into web pages viewed by...

5.4CVSS5.8AI score0.00104EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.4 views

Vertiv Liebert SiteScan Cross-site Scripting (CVE-2024-5540)

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products in versions older than 8.0. Untrusted data is included in web pages without proper validation, allowing...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.5 views

Vertiv Liebert SiteScan Incorrect Authorization (CVE-2024-5539)

CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...

9.2CVSS5.9AI score0.00287EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.4 views

Vertiv Liebert SiteScan Improper Validation of Array Index (CVE-2025-0657)

CWE-129 Improper Validation of Array Index vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. Software uses an array index that has not been properly validated to ensure it falls within valid array bounds. This can result in out-of-bounds access,...

8.8CVSS5.7AI score0.00291EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-9196

Malware in sbrugna...

9.8CVSS9.5AI score0.03521EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/04/06 12:0 a.m.19 views

Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU Improper Restriction of XML External Entity Reference (CVE-2016-5795)

An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...

7.5CVSS7.5AI score0.02239EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/04/06 12:0 a.m.27 views

Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU Improper Restriction of XML External Entity Reference (CVE-2016-5795)

An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...

7.5CVSS7.5AI score0.02239EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/04/06 12:0 a.m.29 views

Vertiv Liebert SiteScan Web Improper Restriction of XML External Entity Reference (CVE-2016-8348)

An XML External Entity XXE issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or...

9.8CVSS8.8AI score0.03521EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/04/06 12:0 a.m.35 views

Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU Improper Restriction of XML External Entity Reference (CVE-2016-5795)

An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...

7.5CVSS7.5AI score0.02239EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2017/10/05 12:0 a.m.7 views

The vulnerability of Liebert SiteScan, a web-based system for controlling critical equipment, stems from an improper limitation on XML links to external objects. This allows a violator to access confidential information.

The vulnerability of the Liebert SiteScan web-based critical equipment monitoring system lies in improper restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information by using specially crafted XML requests...

5CVSS7.8AI score0.03521EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2017/08/31 9:29 p.m.4 views

CVE-2016-5795

An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...

7.3CVSS6AI score0.02239EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/08/31 9:0 p.m.24 views

CVE-2016-5795

An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...

7.4AI score0.02239EPSS
Exploits0References2
OSV
OSV
added 2017/02/13 9:59 p.m.1 views

CVE-2016-8348

An XML External Entity XXE issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or...

9.8CVSS6AI score
Exploits0References2
NVD
NVD
added 2017/02/13 9:59 p.m.14 views

CVE-2016-8348

An XML External Entity XXE issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or...

9.8CVSS9.7AI score0.03521EPSS
Exploits0References2
CVE
CVE
added 2017/02/13 9:0 p.m.67 views

CVE-2016-8348

CVE-2016-8348 describes an XML External Entity (XXE) vulnerability in Emerson Liebert SiteScan Web (Version 6.5 and earlier). The issue arises from a weakly configured XML parser, allowing an attacker to send malicious XML input that could cause arbitrary code execution or disclosure of server/ne...

9.8CVSS9.6AI score0.03521EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/02/13 9:0 p.m.18 views

CVE-2016-8348

An XML External Entity XXE issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or...

9.7AI score0.03521EPSS
Exploits0References2
ICS
ICS
added 2016/09/02 6:0 a.m.35 views

Emerson Liebert SiteScan XML External Entity Vulnerability

OVERVIEW Researcher Evgeny Ermakov from Kaspersky Lab has identified an XML External Entity XXE vulnerability affecting Emerson’s Liebert SiteScan application. Emerson has produced patches to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The...

9.8CVSS10AI score0.03521EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2013/10/03 12:0 a.m.6 views

PT-2016-35: XML External Entity Injection in Liebert SiteScan

The specialists of the Positive Research center have detected an XML External Entity Injection vulnerability in Liebert SiteScan. Vulnerability in Liebert SiteScan allows attackers to obtain sensitive information via a specially crafted XML request. How to fix Update your software up to the lates...

9.8CVSS9.4AI score0.03521EPSS
Exploits0References4
Rows per page
Query Builder