Lucene search
K

32 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.4 views

Trane Tracer SC, Tracer SC+, and Tracer Concierge Use of a Broken or Risky Cryptographic Algorithm (CVE-2026-28252)

A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device. This plugin only works with Tenable.ot. Please visit...

9.8CVSS5.8AI score0.00216EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/05/27 12:0 a.m.10 views

ABB M2M Gateway Heap Overflow in embedded Zlib (CVE-2022-37434)

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call...

9.8CVSS6.9AI score0.1593EPSS
Exploits1References56
Tenable Nessus
Tenable Nessus
added 2025/05/27 12:0 a.m.43 views

ABB M2M Gateway Out-Of-Bound Read/Write in embedded Linux Kernel (CVE-2023-35001)

Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nftbyteorder poorly handled vm register contents when CAPNETADMIN is in any user or network namespace This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...

7.8CVSS6.8AI score0.01508EPSS
Exploits2References14
Tenable Nessus
Tenable Nessus
added 2025/05/27 12:0 a.m.59 views

ABB M2M Gateway Use-After-Free in embedded Linux Kernel (CVE-2023-32233)

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. This plug...

7.8CVSS6.5AI score0.12966EPSS
Exploits7References25
Tenable Nessus
Tenable Nessus
added 2025/05/06 12:0 a.m.6 views

Configuration Change Detected (Medium)

The system detected a change in the controller code that was made via the network. An attacker may use code changes to disrupt normal operations, to cause production losses, or to create a security threat. This plugin only works with Tenable.ot. Please visit...

5.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/05/05 12:0 a.m.4 views

Controller Code Modification Detected (Medium)

The system detected a change in the controller code that was made via the network. An attacker may use code changes to disrupt normal operations, to cause production losses, or to create a security threat. This plugin only works with Tenable.ot. Please visit...

5.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/05/05 12:0 a.m.5 views

Controller Code Modification Detected (Critical)

The system detected a change in the controller code that was made via the network. An attacker may use code changes to disrupt normal operations, to cause production losses, or to create a security threat. This plugin only works with Tenable.ot. Please visit...

5.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/04/16 12:0 a.m.4 views

Firmware Version Change Detected (High)

Changes in the controller firmware represent a major change in the behavior of the device and usually cause a temporary interruption of operations. An attacker could use firmware changes to add malicious code to the controller, causing it to perform harmful operations which are hard to detect. Th...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/03/17 12:0 a.m.8 views

Siemens SIMATIC S7-1500 TM MFP Double Free (CVE-2024-41046)

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiqetop: fix double free in detach The number of the currently released descriptor is never incremented which results in the same skb being released multiple times. This plugin only works with Tenable.ot. Please...

7.8CVSS6.1AI score0.00299EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/13 12:0 a.m.12 views

Siemens SCALANCE X-200RNA Switch Devices Use After Free (CVE-2015-6564)

Use-after-free vulnerability in the mmanswerpamfreectx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITORREQPAMFREECTX request. This plugin only works...

7CVSS6.3AI score0.00599EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.15 views

Siemens SIMATIC Devices Linux Kernel Use After Free (CVE-2022-42703)

mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anonvma double reuse. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

5.5CVSS6.5AI score0.00971EPSS
Exploits3References7
Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.20 views

Siemens SIMATIC Devices Linux Kernel Use After Free (CVE-2022-1882)

A use-after-free flaw was found in the Linux kernel's pipes functionality in how a user performs manipulations with the pipe postonenotification after freepipeinfo that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system. This plugin on...

7.8CVSS6.4AI score0.00347EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.7 views

Siemens SIMATIC S7-1500 TM MFP BIOS Out-of-bounds Write (CVE-2022-4378)

A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. This plugin only works with Tenable.ot. Please visit...

7.8CVSS6.5AI score0.00428EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/02/24 12:0 a.m.11 views

Siemens SCALANCE W700 Double Free (CVE-2022-40304)

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. This plugin only works with Tenable.ot. Please visit...

7.8CVSS6.7AI score0.06782EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2025/02/24 12:0 a.m.12 views

Siemens SIMATIC and SCALANCE Devices OS Command Injection (CVE-2023-51385)

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or...

6.5CVSS7.3AI score0.19753EPSS
Exploits8References7
Tenable Nessus
Tenable Nessus
added 2025/02/24 12:0 a.m.8 views

Siemens SIMATIC and SCALANCE Devices Missing Critical Step in Authentication (CVE-2023-51384)

In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS11-hosted private keys, these constraints are only applied to the first key, even if a PKCS11 token returns multiple keys. This plugin...

5.5CVSS6.8AI score0.00426EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/10/01 12:0 a.m.19 views

Synology DiskStation Manager Weak Password Recovery Mechanism for Forgotten Password (CVE-2018-8916)

Unverified password change vulnerability in Change Password in Synology DiskStation Manager DSM before 6.2-23739 allows remote authenticated users to reset password without verification. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

8.8CVSS7.3AI score0.00977EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/10/01 12:0 a.m.21 views

Synology DiskStation Manager OS Command Injection (CVE-2018-13284)

Command injection vulnerability in ftpd in Synology Diskstation Manager DSM before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the 1 MKD or 2 RMD command. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for mo...

9CVSS8.2AI score0.02308EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/10/01 12:0 a.m.43 views

Synology DiskStation Manager Out-of-bounds Read (CVE-2022-3576)

A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band OOB Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager DSM versions before 7.1.1-42962...

7.5CVSS7.2AI score0.00885EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/01/15 12:0 a.m.32 views

Siemens SCALANCE LPE9403 Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-41092)

A vulnerability was found in the Docker CLI where running 'docker login my-private-registry.example.com' with a misconfigured configuration file typically /.docker/config.json listing a credsStore or credHelpers that could not be executed would result in any provided credentials being sent to...

7.5CVSS6.2AI score0.01536EPSS
Exploits0References4
Rows per page
Query Builder