Lucene search
+L

89 matches found

OSV
OSV
added 2016/12/23 5:59 a.m.2 views

CVE-2016-9154

Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D All firmware versions V6.00.046 and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U All...

7.5CVSS5.8AI score
Exploits0References3
Prion
Prion
added 2016/12/23 5:59 a.m.16 views

Design/Logic Flaw

Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D All firmware versions V6.00.046 and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U All...

5CVSS7.1AI score0.01499EPSS
Exploits0References3Affected Software6
CVE
CVE
added 2016/12/23 5:0 a.m.47 views

CVE-2016-9154

Siemens Desigo PX Web modules (PXA40-W0/W1/W2; PXA30-W0/W1/W2 for PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D, PXC00-U, PXC64-U, PXC128-U) are affected by CVE-2016-9154. The root cause is a pseudo-random number generator with insufficient entropy used to generate HTTPS certificates, enabling a r...

7.5CVSS7.4AI score0.01499EPSS
Exploits0References3Affected Software6
Cvelist
Cvelist
added 2016/12/23 5:0 a.m.22 views

CVE-2016-9154

Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D All firmware versions V6.00.046 and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U All...

7.4AI score0.01499EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2016/12/22 12:28 p.m.20 views

Siemens Patches Insufficient Entropy Vulnerability in ICS Systems

German industrial giant Siemens has provided a firmware update addressing vulnerabilities that are found in a popular line of its Desigo PX industrial control hardware used in controlling primarily HVAC systems in commercial buildings . On Wednesday, Siemens, in coordination with ICS-CERT, issued...

5CVSS1.6AI score0.01499EPSS
Exploits0References2
CNVD
CNVD
added 2016/12/19 12:0 a.m.6 views

Entropy Insufficiency Vulnerability in Pseudo-Random Number Generation in SIEMENS Desigo PX Web Module

SIEMENS Building Automation Systems Desigo PX programmable automation station offers a flexible solution with the ability to signal alarms, time-based logging programs and trends that can be modified or expanded at any time. An entropy insufficiency vulnerability exists in the pseudo-random numbe...

7.5CVSS7AI score0.01499EPSS
Exploits0References1
ICS
ICS
added 2016/09/23 6:0 a.m.50 views

Siemens Desigo PX Web Module Insufficient Entropy Vulnerability

OVERVIEW Siemens has released a firmware update to mitigate an insufficient entropy vulnerability that affects Siemens Desigo PX Web modules. Marcella Hastings, Joshua Fried, and Nadia Heninger from the University of Pennsylvania coordinated this vulnerability directly with Siemens. This...

7.5CVSS7.8AI score0.01499EPSS
Exploits0References10
seebug.org
seebug.org
added 2014/10/02 12:0 a.m.19 views

CuuMall免费开源商城系统 sql多处注入

简要描述: CuuMall免费开源商城系统 sql多处注入 详细说明: 直接看代码: SearchAction.class.php71-109: public function Exsearch $pinpai = $POST'pinpai'; $pr1 = $POST'pr1'; $pr2 = $POST'pr2'; $keyword = $POST'keyword'; if $pinpai == 0 $pinpai = ""; if $pinpai != "" $sql1 = "pinpai=".$pinpai." and "; else $sql1 = ""; if $pr1 !=...

7.1AI score
Exploits0
NVD
NVD
added 2014/07/14 9:55 p.m.25 views

CVE-2014-2955

Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 aka cipher zero and an arbitrary password...

10CVSS8AI score0.02774EPSS
Exploits0References2
Prion
Prion
added 2014/07/14 9:55 p.m.20 views

Authentication flaw

Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 aka cipher zero and an arbitrary password...

10CVSS8.5AI score0.02774EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2014/07/14 9:0 p.m.29 views

CVE-2014-2955

Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 aka cipher zero and an arbitrary password...

8AI score0.02774EPSS
Exploits0References2
CVE
CVE
added 2014/07/14 9:0 p.m.64 views

CVE-2014-2955

CVE-2014-2955 affects Raritan PX power distribution software (DPXR20A-16) prior to version 1.5.11. The vulnerability arises in cipher suite 0 (cipher zero) used during IPMI authentication, allowing remote attackers to bypass authentication and execute arbitrary IPMI commands. Impact is remote una...

10CVSS8.2AI score0.02774EPSS
Exploits0References2Affected Software2
CERT
CERT
added 2014/07/10 12:0 a.m.38 views

Raritian PX power distribution software is vulnerable to the cipher zero attack.

Overview Raritan PX power distribution software version 01.05.08 and previous running on a model DPXR20A-16 device allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 aka cipher zero and an arbitrary password. Description CWE-287: Improper...

10CVSS7.7AI score0.02774EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2014/07/03 12:0 a.m.154 views

Raritan PX IPMI Disclosure

Vulnerability: Raritan PX power distribution software contains several well known IPMI vulnerabilities, e.g. - ipmi zero cipher - ipmi dump hash passwords Details: E.g. Model DPXR20A-16: Software release all before and including 01.05.08 recent version from october 2013 ipmitool -I lanplus -C 0 -...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

Easy Px 41 CMS 09.00.00B1 - (fiche) Local File Inclusion Vulnerability

No description provided by source. Easy Px 41 CMS v09.00.00B1 fiche Local File Include Exploit D.Script: http://www.easy-script.com/scripts-dl/EPX41v9.zip Discovered by: ThE g0bL!N Greetz To: ALL My Friend dz Exploit: /path/?view=LivreDor&fiche=../../../../../../../../etc/passwd%00 Demo...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2013/11/27 12:0 a.m.98 views

IPMI Cipher Suite 0 (Cipher Zero) Authentication Bypass Vulnerability (IPMI Protocol)

Intelligent Platform Management Interface IPMI services are prone to an authentication bypass vulnerability through the use of cipher suite 0 aka cipher zero. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

6.8AI score
Exploits0References6
NVD
NVD
added 2009/06/01 7:30 p.m.16 views

CVE-2009-1847

Directory traversal vulnerability in index.php in Easy PX 41 CMS 9.0 B1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the fiche parameter...

7.5CVSS7.1AI score0.02347EPSS
Exploits1References3
Prion
Prion
added 2009/06/01 7:30 p.m.13 views

Directory traversal

Directory traversal vulnerability in index.php in Easy PX 41 CMS 9.0 B1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the fiche parameter...

7.5CVSS7.6AI score0.02347EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2009/06/01 7:0 p.m.19 views

CVE-2009-1847

Directory traversal vulnerability in index.php in Easy PX 41 CMS 9.0 B1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the fiche parameter...

7.1AI score0.02347EPSS
Exploits1References3
CVE
CVE
added 2009/06/01 7:0 p.m.39 views

CVE-2009-1847

CVE-2009-1847 affects Easy PX 41 CMS 9.0 B1, with a vulnerability in index.php that allows directory traversal via the fiche parameter, enabling remote inclusion/execution of local files. The provided documents do not specify affected subversions beyond the product/version, nor a patch or workaro...

7.5CVSS7.3AI score0.02347EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder