Lucene search
K

337 matches found

Prion
Prion
added 2022/07/28 4:15 p.m.15 views

Hardcoded credentials

Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The...

4.6CVSS8.1AI score0.00361EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/07/28 3:41 p.m.35 views

CVE-2022-30314

Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The...

6.1AI score0.00272EPSS
Exploits0References2
CVE
CVE
added 2022/07/28 3:41 p.m.75 views

CVE-2022-30314

CVE-2022-30314 affects Honeywell Experion PKS Safety Manager 5.02. The vulnerability arises from hard-coded credentials used to access the POLO bootloader, which is exposed via the DCOM-232/485 serial interface used for firmware management. An attacker with physical or gateway-access to the seria...

4.6CVSS5.7AI score0.00272EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/07/28 3:41 p.m.26 views

CVE-2022-30316

Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The...

8.3AI score0.00361EPSS
Exploits0References2
OSV
OSV
added 2022/07/01 12:15 a.m.2 views

CVE-2022-32295

On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component...

9.8CVSS5.8AI score0.0122EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/06/22 12:0 a.m.4 views

PT-2022-3178 · Honeywell +1 · Honeywell Experion Pks Safety Manager +1

Name of the Vulnerable Software and Affected Versions: Honeywell Experion PKS Safety Manager version 5.02 Description: The issue is related to the use of hard-coded credentials in the Honeywell Experion PKS Safety Manager. The affected component is the POLO bootloader. An attacker with access to...

7.8CVSS4.4AI score0.00272EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2022/05/11 12:0 a.m.5 views

PT-2022-9730 · Amd +1 · Amd Secure Processor +1

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor affected versions not specified Description: The issue is related to a failure to validate the integer operand in the ASP bootloader, which may allow an attacker to introduce an integer overflow in the L2 directory table ...

8.8CVSS5.5AI score0.00491EPSS
Exploits0References55
OSV
OSV
added 2022/04/05 2:15 a.m.4 views

CVE-2021-42324

An issue was discovered on DCN Digital China Networks S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authenticated attacker to escape the sandbox environment and execute system commands as root via shell...

7.4CVSS7.2AI score0.00614EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2021/11/23 12:0 a.m.5 views

The vulnerability of the NPort IAW5250A-6I/O serial interface converter lies in its information disclosure capabilities, which allow attackers to gain access to confidential information or modify the device’s firmware.

The vulnerability of the NPort IAW5250A-6I/O serial interface converter is related to the disclosure of information. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information or modify the device’s firmware...

9.4CVSS5.5AI score
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/11/10 12:0 a.m.5 views

Intel NUC 访问控制错误漏洞

The Intel NUC is a small minicomputer from Intel USA. An Access Control Error vulnerability exists in the Intel NUC 11 Gen Intel Serial IO driver, which stems from a default privilege management error in the product's installer. An attacker could use this vulnerability to cause a denial of servic...

7.8CVSS7.4AI score0.00238EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/05/24 12:0 a.m.6 views

The vulnerability of the serial interface converters NPort IA5150A/IA5250A, IA5450A lies in their lack of access control mechanisms. This allows attackers to circumvent existing security restrictions and gain increased privileges.

The vulnerability of the serial interface converters NPort IA5150A/IA5250A, IA5450A is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to bypass existing security restrictions and gain increased privileges...

9.4CVSS6.5AI score0.00691EPSS
Exploits0References3Affected Software3
CNVD
CNVD
added 2020/05/06 12:0 a.m.3 views

Ubiquiti Networks UniFi Cloud Key Access Control Error Vulnerability

Ubiquiti Networks UniFi Cloud Key is a secret key device that supports management of UniFi networks from Ubiquiti Networks USA. An Access Control Error vulnerability exists in the Ubiquiti Networks UniFi Cloud Key gen2 and Cloud Key gen2 Plus using firmware version 1.1.10 and earlier, which can b...

7.2CVSS7.2AI score0.00341EPSS
Exploits0References1
OSV
OSV
added 2020/05/02 4:15 p.m.2 views

CVE-2020-8157

UniFi Cloud Key firmware = v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface UART...

6.8CVSS5.8AI score0.00341EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/05/02 3:19 p.m.20 views

CVE-2020-8157

UniFi Cloud Key firmware = v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface UART...

6.7AI score0.00341EPSS
Exploits0References2
CNVD
CNVD
added 2020/03/09 12:0 a.m.4 views

Unspecified Vulnerability in XIAOMI AI speaker MDZ-25-DT

Xiaomi AI speaker MDZ-25-DT is a smart speaker device from Chinese company Xiaomi Technology Xiaomi. A security vulnerability exists in XIAOMI AI speaker MDZ-25-DT version 1.34.36 and 1.40.14. An attacker can exploit this vulnerability by sending a UART interface to obtain a root shell, read the...

7.2CVSS6.9AI score0.00559EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2020/01/13 12:0 a.m.3 views

The vulnerability of Siemens S7-1200 microprogramming software lies in the presence of unsafe functions during physical connection via the UART interface. This allows attackers to obtain additional diagnostic information during the device loading process.

The vulnerability of Siemens S7-1200 microprogramming software is related to the presence of unsafe functions during physical connection via the UART interface. Exploiting this vulnerability can allow an attacker to obtain additional diagnostic information during the device loading process...

6.8CVSS6.6AI score0.00532EPSS
Exploits0References3
NVD
NVD
added 2020/01/06 9:15 p.m.16 views

CVE-2019-20348

OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to interrupt the boot sequence in order to execute arbitrary commands with root privileges and conduct further attacks...

7.2CVSS6.9AI score0.0056EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/01/06 8:31 p.m.16 views

CVE-2019-20348

OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to interrupt the boot sequence in order to execute arbitrary commands with root privileges and conduct further attacks...

6.9AI score0.0056EPSS
Exploits1References1
OSV
OSV
added 2019/12/11 11:15 p.m.7 views

CVE-2019-3983

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections...

6.8CVSS7AI score0.01022EPSS
Exploits1References1
CNVD
CNVD
added 2019/11/13 12:0 a.m.5 views

Siemens SIMATIC S7-1200 CPU Access Vulnerability

Siemens SIMATIC S7-1200 CPU family products are designed for discrete and continuous control in industrial environments such as manufacturing, food and beverage, and chemical industries. A security vulnerability exists in the Siemens SIMATIC S7-1200 CPU. An attacker could exploit this security...

6.8AI score
Exploits0References1
Rows per page
Query Builder