Exploit for CVE-2012-1803

CVE-2012-1803 Critical vulnerability in Siemens Rugge...

EUVD-2026-29434

A vulnerability has been identified in ROS All versions V2.2.2. Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device...

CVE-2026-41551

ROS# vulnerability CVE-2026-41551 affects all versions

CVE-2026-41551

A vulnerability has been identified in ROS All versions V2.2.2. Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device...

CVE-2026-41551

A vulnerability has been identified in ROS All versions V2.2.2. Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device...

CVE-2026-41551

A vulnerability has been identified in ROS All versions V2.2.2. Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device...

Siemens RUGGEDCOM ROS Improper Input Validation (CVE-2025-40935)

Affected devices do not properly validate input during the TLS certificate upload process of the web service. This could allow an authenticated remote attacker to trigger a device crash and reboot, leading to a temporary Denial of Service on the device. This plugin only works with Tenable.ot...

Resource Allocation in Siemens RUGGEDCOM Allocation of Resources Without Limits or Throttling (CVE-2023-39269)

The web server of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause total loss of availability of the web server, which might recover after the attack is over. This plugin only works with Tenable.ot. Please visit...

Network Mirroring in Siemens RUGGEDCOM Incorrect Provision of Specified Functionality (CVE-2023-24845)

The affected products insufficiently block data from being forwarded over the mirror port into the mirrored network. An attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behavior. This plugin onl...

Siemens RUGGEDCOM ROS Improper Control of Generation of Code (CVE-2022-34663)

Affected devices are vulnerable to a web-based code injection attack via the console. An attacker could exploit this vulnerability to inject code into the web server and cause malicious behavior in legitimate users accessing certain web resources on the affected device. This plugin only works wit...

Siemens RUGGEDCOM ROS Devices Integer Overflow or Wraparound (CVE-2021-42019)

Within a third-party component, the process to allocate partition size fails to check memory boundaries. Therefore, if a large amount is requested by an attacker, due to an integer-wrap around, it could result in a small size being allocated instead. This plugin only works with Tenable.ot. Please...

Siemens RUGGEDCOM ROS Devices Improper Neutralization of Input During Web Page Generation (CVE-2021-37208)

Improper neutralization of special characters on the web server configuration page could allow an attacker, in a privileged position, to retrieve sensitive information via cross-site scripting. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for mo...

Siemens RUGGEDCOM ROS Devices Observable Timing Discrepancy (CVE-2021-42016)

A timing attack, in a third-party component, could make the retrieval of the private key possible, used for encryption of sensitive data. If a threat actor were to exploit this, the data integrity and security could be compromised. This plugin only works with Tenable.ot. Please visit...

Siemens RUGGEDCOM ROS Devices Improper Check for Unusual or Exceptional Conditions (CVE-2021-42020)

The third-party component, in its TFTP functionality fails to check for null terminations in file names. If an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application. This plugin only works with Tenable.ot. Please visit...

EUVD-2025-175309

A flaw has been found in Fabian Ros/SourceCodester Simple E-Banking System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been published and may be used...

Advisory ROSA-SA-2025-3072

Software: libwebp 1.0.0 OS: ROSA Virtualization 3.0 unaffected versions = libwebp-1.0.0.0-10.0.1.rv30 affected versions libwebp-1.0.0.0-10.0.1.rv30 CVE-ID: CVE-2020-36332 BDU-ID: CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is associated...

Advisory ROSA-SA-2025-3067

Software: bzip2 1.0.6 OS: ROSA Virtualization 3.0 unaffected versions = bzip2-1.0.6-28.rv30 affected versions bzip2-1.0.6-28.rv30 CVE-ID: CVE-2019-12900 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the BZ2decompress decompress.c function of the bzip2 data compression utility is related to...

CVE-2025-41109

Ghost Robotics Vision 60 v0.27.2 includes, among its physical interfaces, three RJ45 connectors and a USB Type-C port. The vulnerability is due to the lack of authentication mechanisms when establishing connections through these ports. Specifically, with regard to network connectivity, the robot'...

CVE-2025-41109 Use of Hard-coded Credentials vulnerability in Ghost Robotics' Vision 60

Ghost Robotics Vision 60 v0.27.2 includes, among its physical interfaces, three RJ45 connectors and a USB Type-C port. The vulnerability is due to the lack of authentication mechanisms when establishing connections through these ports. Specifically, with regard to network connectivity, the robot'...

CVE-2025-41109

CVE-2025-41109 affects Ghost Robotics Vision 60 (v0.27.2). The issue arises from lack of authentication for physical interfaces (three RJ45s and a USB-C port). The device’s internal router automatically assigns IPs to any physically connected equipment, enabling an attacker who controls a rogue W...