18 matches found
Sauter moduWeb Vision Vulnerabilities
OVERVIEW Martin Jartelius and John Stock of Outpost24 have identified three vulnerabilities in Sauter’s moduWeb Vision application. Sauter has produced a new firmware version to mitigate these vulnerabilities. The researchers have tested the new firmware version to validate that it resolves the...
Sauter moduWeb Vision Certificate Insecure Storage Vulnerability
Sauter moduWeb Vision is an embedded web-based SCADA system for HVAC. Sauter modoWeb Vision uses an insecure method of storing credentials, allowing remote attackers to bypass authentication by exploiting this vulnerability...
Sauter moduWeb Vision Security Bypass Vulnerability
Sauter moduWeb Vision is an embedded web-based SCADA system for HVAC. Sauter modoWeb Vision transmits data in plaintext. A remote attacker could use this vulnerability to obtain credentials and bypass authentication...
Sauter moduWeb Vision Web Server Cross-Site Scripting Vulnerability
Sauter moduWeb Vision is an embedded web-based SCADA system for HVAC. A cross-site scripting vulnerability exists in the web server of Sauter modoWeb Vision, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain access to...
CVE-2015-7916
Cross-site scripting XSS vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query...
CVE-2015-7915
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network...
CVE-2015-7914
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password...
CVE-2015-7915
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network...
CVE-2015-7914
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password...
Cross site scripting
Cross-site scripting XSS vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query...
CVE-2015-7916
Cross-site scripting XSS vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query...
Design/Logic Flaw
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network...
CVE-2015-7915
CVE-2015-7915 affects Sauter moduWeb Vision (EY-WS505F0x0) prior to firmware 1.6.0. The vulnerability involves cleartext transmission of credentials, enabling remote attackers to obtain sensitive information by sniffing network traffic. The ICSA/CISA advisory notes remote exploitation potential a...
CVE-2015-7916
The CVE-2015-7916 vulnerability affects Sauter moduWeb Vision (EY-WS505F0x0) prior to firmware 1.6.0, enabling remote exploitation of a cross-site scripting (XSS) flaw in the web interface. ICSA-16-033-01 notes remote exploitability and that public exploits are not known for this CVE, with Sauter...
CVE-2015-7914
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password...
CVE-2015-7914
The CVE-2015-7914 vulnerability affects Sauter moduWeb Vision (EY-WS505F0x0) before firmware version 1.6.0. It allows remote attackers to bypass authentication by abusing knowledge of a password hash without the actual password, enabling unauthorized access. The issue stems from insecure credenti...
CVE-2015-7916
Cross-site scripting XSS vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query...
CVE-2015-7915
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network...