Lucene search
K

16 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2023-23525

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00678EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/04/20 12:0 a.m.6 views

The vulnerability of the AVEVA Plant SCADA system and the AVEVA Telemetry Server, caused by deficiencies in authentication procedures, allows a intruder to trigger a service failure.

The vulnerabilities of the AVEVA Plant SCADA system and the AVEVA Telemetry Server are due to deficiencies in the authentication process. Exploiting these vulnerabilities allows a malicious actor, who may act remotely without having undergone identity verification, to cause service failures...

10CVSS7.8AI score0.00678EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/04/03 12:0 a.m.6 views

The vulnerability of extensions for providing access to InTouch Access Anywhere and Plant SCADA Access Anywhere, related to errors in processing the relative path to the catalog, allows a hacker to gain read access to files located outside the protected web server.

The vulnerability of extensions for providing access to InTouch Access Anywhere and Plant SCADA Access Anywhere lies in errors in processing the relative path to the catalog. Exploiting this vulnerability could allow a malicious actor to gain read access to files located outside the protected web...

7.8CVSS7.2AI score0.45957EPSS
Exploits5References5Affected Software2
NVD
NVD
added 2023/03/16 7:15 p.m.33 views

CVE-2023-1256

The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states...

9.8CVSS9.5AI score0.00678EPSS
Exploits0References1
OSV
OSV
added 2023/03/16 7:15 p.m.6 views

CVE-2023-1256

The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states...

9.8CVSS7.3AI score0.00678EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/16 6:33 p.m.6 views

CVE-2023-1256 CVE-2023-1256

The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states...

9.8CVSS7.1AI score0.00678EPSS
Exploits0References1
CVE
CVE
added 2023/03/16 6:33 p.m.67 views

CVE-2023-1256

CVE-2023-1256 affects AVEVA Plant SCADA and AVEVA Telemetry Server with an improper authorization (CWE-285) vulnerability. An unauthenticated remote attacker could read data, cause DoS, and tamper with alarm states. Affected products/versions include AVEVA Plant SCADA (2023, 2020R2 Update 10 and ...

9.8CVSS9.5AI score0.00678EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2023/03/16 6:33 p.m.29 views

CVE-2023-1256 CVE-2023-1256

The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states...

9.8CVSS9.5AI score0.00678EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/03/15 12:0 a.m.38 views

AVEVA Plant SCADA Access Anywhere 授权问题漏洞

AVEVA Plant SCADA Access Anywhere is a reliable, flexible and high-performance Supervisory Control and Data Acquisition SCADA software solution for industrial process customers from AVEVA. The true value and power of Plant SCADA can be accessed in any compatible web browser. An authorization issu...

9.8CVSS8.4AI score0.00678EPSS
Exploits0References3
ICS
ICS
added 2022/12/08 12:0 a.m.145 views

AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere

1. EXECUTIVE SUMMARY --------- Begin Update A Part 1 of 6 --------- CVSS v3 9.8 --------- End Update A Part 1 of 6 --------- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: AVEVA --------- Begin Update A Part 2 of 6 --------- Equipment: InTouch Access...

9.8CVSS9.6AI score0.99019EPSS
Exploits13References5
NVD
NVD
added 2022/05/23 8:16 p.m.34 views

CVE-2022-1467

Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate...

9.9CVSS0.00873EPSS
Exploits0References2
Prion
Prion
added 2022/05/23 8:16 p.m.18 views

Command injection

Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate...

8.5CVSS9.4AI score0.00873EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/05/23 7:17 p.m.29 views

CVE-2022-1467 AVEVA InTouch Access Anywhere Exposure of Resource to Wrong Sphere

Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate...

7.4CVSS9.7AI score0.00873EPSS
Exploits0References2
CVE
CVE
added 2022/05/23 7:17 p.m.115 views

CVE-2022-1467

CVE-2022-1467 affects AVEVA InTouch Access Anywhere and AVEVA Plant SCADA Access Anywhere (all versions). The root cause is a Windows language bar overlay that can be manipulated to launch an OS command prompt from within the browser, creating a context-escape from the hosted application to the O...

9.9CVSS8.7AI score0.00873EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/05/13 12:0 a.m.5 views

The vulnerability of extensions for providing access to InTouch Access Anywhere and Plant SCADA Access Anywhere, related to the disclosure of information in the error data area, allows a intruder to execute arbitrary OS commands.

The vulnerability of extensions for providing access to InTouch Access Anywhere and Plant SCADA Access Anywhere relates to the disclosure of information in the error area of data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary OS commands remotely...

7.4CVSS8.1AI score0.00873EPSS
Exploits0References5
ICS
ICS
added 2022/05/10 12:0 a.m.67 views

AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: AVEVA InTouch Access Anywhere and AVEVA Plant SCADA Access Anywhere Vulnerability: Exposure of Resource to Wrong Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability...

9.9CVSS9AI score0.00873EPSS
Exploits0References5
Rows per page
Query Builder