EUVD-2015-6416

Malware in sbrugna...

IBC Solar ServeMaster Cross-Site Scripting Vulnerability

ServeMaster TLP+ and Danfoss TLX Pro+ are web-based SCADA systems. A cross-site scripting vulnerability exists in ServeMaster TLP+ and Danfoss TLX Pro+. An attacker could exploit this vulnerability to perform XSS attacks...

IBC Solar ServeMaster Source Code Vulnerability

ServeMaster TLP+ and Danfoss TLX Pro+ are web-based SCADA systems. A source code vulnerability exists in IBC Solar ServeMaster. An attacker could exploit this vulnerability to obtain source code for executable scripts...

IBC Solar ServeMaster Plain Text Password Vulnerability

ServeMaster TLP+ and Danfoss TLX Pro+ are web-based SCADA systems. A plain text password vulnerability exists in ServeMaster TLP+ and Danfoss TLX Pro+. An attacker can exploit this vulnerability to obtain a plain text password by viewing the web page source code...

CVE-2015-6475

Multiple cross-site scripting XSS vulnerabilities in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-6474

IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to discover cleartext passwords by reading HTML source code...

CVE-2015-6469

The interpreter in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allows remote attackers to discover script source code via unspecified vectors...

Code injection

The interpreter in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allows remote attackers to discover script source code via unspecified vectors...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-6474

The CVE-2015-6474 entry concerns IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ where an attacker can discover cleartext passwords by viewing the HTML source of web pages. Affected products are web-based SCADA systems; the root cause is improper handling/storage of credentials leading to exposur...

CVE-2015-6475

CVE-2015-6475 involves multiple cross-site scripting (XSS) vulnerabilities in the web-based SCADA products served by IBC Solar: ServeMaster TLP+ and Danfoss TLX Pro+. The public records describe XSS as the underlying issue enabling an attacker to inject arbitrary web script or HTML via unspecifie...

CVE-2015-6469

CVE-2015-6469 affects IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ where an interpreter misconfiguration allows remote disclosure of executable script source code. Affected products are web-based SCADA systems; attacker could obtain source code via unspecified vectors. ICS-CERT reports no patc...

CVE-2015-6475

Multiple cross-site scripting XSS vulnerabilities in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-6474

IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to discover cleartext passwords by reading HTML source code...

CVE-2015-6469

The interpreter in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allows remote attackers to discover script source code via unspecified vectors...

IBC Solar ServeMaster Source Code Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified three vulnerabilities in IBC Solar products. The vulnerabilities are disclosure of applications source code, plain text passwords, and cross site scripting. IBC Solar has not produced a patch to mitigate these vulnerabilities. These...