81 matches found
EUVD-2021-8404
Malicious code in bioql PyPI...
EUVD-2021-8403
Malicious code in bioql PyPI...
Weidmueller Interface多款产品 安全漏洞
Weidmueller Interface E-SW-VL08MT-8TX and others are products of Weidmueller Interface, Germany.Weidmueller Interface E-SW-VL08MT-8TX is a managed network switch.Weidmueller Interface IE-SW-PL10M-3GT-7TX is an Ethernet switch.Weidmueller Interface IE-SW-PL10MT-3GT-7TX is a managed network switch....
Cisco Small Business Series Switches Stacked Reload ACL Bypass (cisco-sa-sb-bus-acl-bypass-5zn9hNJk)
A vulnerability with the access control list ACL management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected...
Schneider Electric Modicon PLCs Insufficiently Protected Credentials (CVE-2017-6028)
An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials...
Dell Networking X-Series Input Validation Error Vulnerability
Dell Networking X-Series is a series of intelligent managed switches from Dell, U.S.A. The Dell Networking X-Series is vulnerable to an input validation error that could be exploited by a remote, unauthenticated attacker to trigger a denial of service by sending specially crafted data...
CVE-2021-20997
In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users...
CVE-2021-20998
In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users...
Code injection
In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management...
Authorization
In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users...
Code injection
In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties...
CVE-2021-20998
CVE-2021-20998 affects WAGO 750-88x series managed switches/PLCs. The vulnerability enables unauthorized creation of user accounts via specially crafted packets, indicating an unauthenticated access path that can impact confidentiality, integrity, and availability. Public references describe the ...
CVE-2021-20997 WAGO: Managed Switches: Unauthorized access to password hashes
In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users...
CVE-2021-20998 WAGO: Managed Switches: Unauthorized creation of user accounts
In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users...
CVE-2021-20995
CVE-2021-20995 affects multiple WAGO managed switches across versions, where the web UI’s server cookies expose user credentials. The issue stems from the web server handling cookies insecurely, enabling exposure of authentication data. Documented impact relates to confidentiality (credentials di...
CVE-2021-20994 WAGO: Managed Switches: Reflected Cross-site Scripting
In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management...
CVE-2021-20996
The CVE-2021-20996 entry concerns WAGO managed switches. Affected product: multiple WAGO managed switches across different versions. Vulnerability: specially crafted requests can cause cookies to be transferred to third parties, exposing session-related data. Root cause details are limited in the...
CVE-2021-20996 WAGO: Managed Switches: Unsecure Cookie settings
In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties...
CVE-2021-20995 WAGO: Managed Switches: Storage of user credentials in a cookie
In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials...
CVE-2021-20994
CVE-2021-20994 concerns a cross-site scripting vulnerability in WAGO 750-88x series managed switches. The root cause is insufficient validation of client-side data in the WEB application, allowing an attacker to trick a legitimate user into clicking a link that injects malicious code into the web...