CVE-2023-45796

A stored cross-site scripting vulnerability in the Runtime component of Pilz PASvisu before 1.14.1 and PMI v8xx up to and including 2.0.33992 allows a low-privileged remote unauthenticated attacker to manipulate process data with potential impact on integrity and/or availability...

CVE-2023-45795

A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device...

CVE-2023-45795

A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device...

EUVD-2023-60594

A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device...

CVE-2023-45795

The provided CVE describes a cross-site scripting (XSS) vulnerability in the Builder Component of Pilz PASvisu before version 1.14.1. The issue allows a local unauthenticated attacker to inject malicious JavaScript and gain full control over the device. Concrete exploitation details are not provi...

CVE-2023-45795 Pilz: XSS vulnerability in Pilz PASvisu and PMI v8xx

A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device...

CVE-2023-45796 XSS vulnerability in Pilz PASvisu and PMI v8xx

A stored cross-site scripting vulnerability in the Runtime component of Pilz PASvisu before 1.14.1 and PMI v8xx up to and including 2.0.33992 allows a low-privileged remote unauthenticated attacker to manipulate process data with potential impact on integrity and/or availability...

EUVD-2023-60593

A stored cross-site scripting vulnerability in the Runtime component of Pilz PASvisu before 1.14.1 and PMI v8xx up to and including 2.0.33992 allows a low-privileged remote unauthenticated attacker to manipulate process data with potential impact on integrity and/or availability...

CVE-2023-45796

The CVE-2023-45796 applies to Pilz PASvisu Runtime (before 1.14.1) and PMI v8xx (up to 2.0.33992). It is a stored XSS that allows a low-privileged, remote, unauthenticated attacker to manipulate process data, affecting integrity and availability. CVSSv3.1: 8.1 (HIGH); AV:N, AC:L, PR:L, UI:N, S:U,...

CVE-2020-12067

In Pilz PMC programming tool 3.x before 3.5.17 based on CODESYS Development System, a user's password may be changed by an attacker without knowledge of the current password...

EUVD-2020-4383

Malware in sbrugna...

EUVD-2018-10727

Malware in sbrugna...

EUVD-2019-18398

Malware in sbrugna...

EUVD-2022-44222

Malicious code in bioql PyPI...

EUVD-2022-44223

Malicious code in bioql PyPI...

The vulnerability of the Node-RED visual programming tool’s server on the Pilz IndustrialPI operating system allows a perpetrator to execute arbitrary commands.

The vulnerability of the Node-RED visual programming tool on the Pilz IndustrialPI industrial computer server is related to the absence of default authentication settings. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2025-41656 Pilz: Missing Authentication in Node-RED integration

An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the NodeRED server is not configured by default...

CVE-2025-41656 Pilz: Missing Authentication in Node-RED integration

An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the NodeRED server is not configured by default...

CVE-2025-41656

CVE-2025-41656 concerns the Pilz IndustrialPI Node-RED integration, where the authentication for the Node-RED server is not configured by default. This allows an unauthenticated remote attacker to execute arbitrary commands with high privileges on affected devices. The CVSS 3.1 base score is 10.0...

Pilz IndustrialPI 访问控制错误漏洞

Pilz IndustrialPI is a gateway for the Industrial Internet of Things from Pilz Individual Developers in Germany. An access control error vulnerability exists in Pilz IndustrialPI that stems from the default unconfigured NodeRED server authentication leading to command execution...