29 matches found
CVE-2022-40190
SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting XSS. The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive...
CVE-2022-40190
SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting XSS. The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive...
Cross site scripting
SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting XSS. The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive...
CVE-2022-40190
SAUTER moduWeb firmware version 2.7.1 is affected by a reflective cross-site scripting (XSS) vulnerability due to insufficient sanitization of request strings. This can allow an attacker to execute malicious JavaScript in a user’s browser and potentially steal credentials or other sensitive data....
CVE-2022-40190
SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting XSS. The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive...
CVE-2022-40190
SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting XSS. The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive...
PT-2022-25271 · Sauter Controls · Sauter Controls Moduweb
Name of the Vulnerable Software and Affected Versions: SAUTER Controls moduWeb firmware version 2.7.1 Description: The web application does not adequately sanitize request strings of malicious JavaScript, allowing an attacker to execute malicious code in users' browsers and steal sensitive...
SAUTER Controls moduWeb
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: SAUTER Controls Equipment: moduWeb Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to trick users into clicking on malicious...
Sauter moduWeb Vision Vulnerabilities
OVERVIEW Martin Jartelius and John Stock of Outpost24 have identified three vulnerabilities in Sauter’s moduWeb Vision application. Sauter has produced a new firmware version to mitigate these vulnerabilities. The researchers have tested the new firmware version to validate that it resolves the...
The vulnerability of the web server for visualizing BACnet/IP network controllers, SAUTER moduWeb Vision, allows a intruder to obtain confidential information.
The vulnerability of the BACnet/IP network controller visualization web server, SAUTER moduWeb Vision, is related to the transmission of data in an open manner. Exploiting this vulnerability could allow a malicious actor to obtain confidential information by listening to network traffic...
The vulnerability of the web server for visualizing BACnet/IP network controllers, SAUTER moduWeb Vision, allows a intruder to bypass the authentication process.
The vulnerability of the BACnet/IP network controller visualization web server from SAUTER moduWeb Vision is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to bypass authentication procedures by utilizing knowledge of password hashes without knowi...
The vulnerability of the Web server for visualizing BACnet/IP network controllers, SAUTER moduWeb Vision, allows a intruder to inject arbitrary Web or HTML code.
The vulnerability of the BACnet/IP network controller visualization web server from SAUTER moduWeb Vision exists due to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using a specially craft...
Sauter moduWeb Vision Security Bypass Vulnerability
Sauter moduWeb Vision is an embedded web-based SCADA system for HVAC. Sauter modoWeb Vision transmits data in plaintext. A remote attacker could use this vulnerability to obtain credentials and bypass authentication...
Sauter moduWeb Vision Certificate Insecure Storage Vulnerability
Sauter moduWeb Vision is an embedded web-based SCADA system for HVAC. Sauter modoWeb Vision uses an insecure method of storing credentials, allowing remote attackers to bypass authentication by exploiting this vulnerability...
Sauter moduWeb Vision Web Server Cross-Site Scripting Vulnerability
Sauter moduWeb Vision is an embedded web-based SCADA system for HVAC. A cross-site scripting vulnerability exists in the web server of Sauter modoWeb Vision, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain access to...
CVE-2015-7916
Cross-site scripting XSS vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query...
CVE-2015-7915
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network...
CVE-2015-7915
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network...
CVE-2015-7914
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password...
Cross site scripting
Cross-site scripting XSS vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query...