CVE-2026-27476

RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send crafted hex-encoded payloads containing system commands to execute arbitrary operations on the targe...

CVE-2026-27476 RustFly 2.0.0 Command Injection via UDP Remote Control

RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send crafted hex-encoded payloads containing system commands to execute arbitrary operations on the targe...

CVE-2026-27476

RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send crafted hex-encoded payloads containing system commands to execute arbitrary operations on the targe...

PT-2026-20937

Name of the Vulnerable Software and Affected Versions RustFly version 2.0.0 Description RustFly 2.0.0 contains a command injection issue in its remote UI control mechanism. The software accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send crafted...

CVE-2025-12599

Multiple Devices are Sharing the Same Secrets for SDKSocket TCP/5000.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

PT-2025-44726

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description Multiple devices are sharing the same secrets for SDKSocket, which uses TCP port 5000. This could allow unauthorized access or compromise of devices utilizing this...

CVE-2020-17475

Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000...

CVE-2020-10924

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

CVE-2020-10923

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A...

Siemens SPPA-T3000 Heap Buffer Overflow Vulnerability (CNVD-2019-44775)

The SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants. A heap buffer overflow vulnerability exists in the Siemens SPPA-T3000. This allows an attacker with network access to the MS3000 server to cause a denial of service conditio...

CVE-2019-6139

Forcepoint User ID FUID server versions up to 1.2 have a remote arbitrary file upload vulnerability on TCP port 5001. Successful exploitation of this vulnerability may lead to remote code execution. To fix this vulnerability, upgrade to FUID version 1.3 or higher. To prevent the vulnerability on...

Microprogramming software for Siemens SIPROTEC 4 relay protection microprocessors

The vulnerability of the software of the Siemens SIPROTEC 4 relay protection micro-processor terminal allows a remote attacker to cause a malfunction of the micro-processor terminal by sending a specially crafted UDP packet to port 50000. This causes the micro-processor terminal to cease...

Hospira Communication Engine Stack Buffer Overflow Vulnerability

The Hospira LifeCare PCA Infusion System, Plum A+ Infusion System, and Plum A+3 Infusion System are all intelligent infusion systems from Hospira, U.S.A. The Hospira Communication Engine CE is one of the Ethernet port components used to communicate with external systems. The Hospira Communication...

Siemens SIPROTEC 4 Denial of Service Vulnerability

SIPROTEC 4 and SIPROTEC devices offer a wide range of integrated protection, control, measurement and power substation automation functions; EN100 modules are used to implement IEC 61850 communication. SIPROTEC 4 has been disclosed to have a denial of service vulnerability, which can be exploited...

PT-2015-1513

Name of the Vulnerable Software and Affected Versions Firmware variant PROFINET IO for EN100 Ethernet module versions prior to V1.04.01 Firmware variant Modbus TCP for EN100 Ethernet module versions prior to V1.11.00 Firmware variant DNP3 TCP for EN100 Ethernet module versions prior to V1.03...

go2call dialer DoS

Program crashes on malformed data to UDP/5000...