21 matches found
Sauter moduWeb Vision Vulnerabilities
OVERVIEW Martin Jartelius and John Stock of Outpost24 have identified three vulnerabilities in Sauter’s moduWeb Vision application. Sauter has produced a new firmware version to mitigate these vulnerabilities. The researchers have tested the new firmware version to validate that it resolves the...
The vulnerability of the Web server for visualizing BACnet/IP network controllers, SAUTER moduWeb Vision, allows a intruder to inject arbitrary Web or HTML code.
The vulnerability of the BACnet/IP network controller visualization web server from SAUTER moduWeb Vision exists due to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using a specially craft...
The vulnerability of the web server for visualizing BACnet/IP network controllers, SAUTER moduWeb Vision, allows a intruder to obtain confidential information.
The vulnerability of the BACnet/IP network controller visualization web server, SAUTER moduWeb Vision, is related to the transmission of data in an open manner. Exploiting this vulnerability could allow a malicious actor to obtain confidential information by listening to network traffic...
The vulnerability of the web server for visualizing BACnet/IP network controllers, SAUTER moduWeb Vision, allows a intruder to bypass the authentication process.
The vulnerability of the BACnet/IP network controller visualization web server from SAUTER moduWeb Vision is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to bypass authentication procedures by utilizing knowledge of password hashes without knowi...
Sauter moduWeb Vision Certificate Insecure Storage Vulnerability
Sauter moduWeb Vision is an embedded web-based SCADA system for HVAC. Sauter modoWeb Vision uses an insecure method of storing credentials, allowing remote attackers to bypass authentication by exploiting this vulnerability...
Sauter moduWeb Vision Security Bypass Vulnerability
Sauter moduWeb Vision is an embedded web-based SCADA system for HVAC. Sauter modoWeb Vision transmits data in plaintext. A remote attacker could use this vulnerability to obtain credentials and bypass authentication...
Sauter moduWeb Vision Web Server Cross-Site Scripting Vulnerability
Sauter moduWeb Vision is an embedded web-based SCADA system for HVAC. A cross-site scripting vulnerability exists in the web server of Sauter modoWeb Vision, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain access to...
CVE-2015-7916
Cross-site scripting XSS vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query...
CVE-2015-7915
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network...
CVE-2015-7915
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network...
Cross site scripting
Cross-site scripting XSS vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query...
CVE-2015-7914
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password...
Design/Logic Flaw
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network...
CVE-2015-7916
Cross-site scripting XSS vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query...
CVE-2015-7914
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password...
CVE-2015-7915
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network...
CVE-2015-7914
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password...
CVE-2015-7916
The CVE-2015-7916 vulnerability affects Sauter moduWeb Vision (EY-WS505F0x0) prior to firmware 1.6.0, enabling remote exploitation of a cross-site scripting (XSS) flaw in the web interface. ICSA-16-033-01 notes remote exploitability and that public exploits are not known for this CVE, with Sauter...
CVE-2015-7915
CVE-2015-7915 affects Sauter moduWeb Vision (EY-WS505F0x0) prior to firmware 1.6.0. The vulnerability involves cleartext transmission of credentials, enabling remote attackers to obtain sensitive information by sniffing network traffic. The ICSA/CISA advisory notes remote exploitation potential a...
CVE-2015-7914
The CVE-2015-7914 vulnerability affects Sauter moduWeb Vision (EY-WS505F0x0) before firmware version 1.6.0. It allows remote attackers to bypass authentication by abusing knowledge of a password hash without the actual password, enabling unauthorized access. The issue stems from insecure credenti...