21 matches found
EUVD-2021-29010
Malicious code in bioql PyPI...
EUVD-2021-31071
Malicious code in bioql PyPI...
EUVD-2021-31070
Malicious code in bioql PyPI...
CVE-2021-42022
A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Package All versions V21.00 SP3. When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the...
Siemens SIMATIC eaSie Input Validation Error Vulnerability
SIMATIC eaSie, the digital assistant for automation and process control technology in the Siemens Automation Concept "Total Integrated Automation", is vulnerable to an input validation error that could be exploited by remote attackers to trigger a denial of service on the affected system...
Siemens SIMATIC eaSie Authentication Error Vulnerability
SIMATIC eaSie, the digital assistant for automation and process control technology in the Siemens Automation Concept "Total Integrated Automation", is vulnerable to an authentication error that could be exploited by a remote, unauthenticated attacker to send arbitrary messages to the service,...
CVE-2021-44222
A vulnerability has been identified in SIMATIC eaSie Core Package All versions V22.00. The underlying MQTT service of affected systems does not perform authentication in the default configuration. This could allow an unauthenticated remote attacker to send arbitrary messages to the service and...
CVE-2021-44221
A vulnerability has been identified in SIMATIC eaSie Core Package All versions V22.00. The affected systems do not properly validate input that is sent to the underlying message passing framework. This could allow an remote attacker to trigger a denial of service of the affected system...
Input validation
A vulnerability has been identified in SIMATIC eaSie Core Package All versions V22.00. The affected systems do not properly validate input that is sent to the underlying message passing framework. This could allow an remote attacker to trigger a denial of service of the affected system...
Default configuration
A vulnerability has been identified in SIMATIC eaSie Core Package All versions V22.00. The underlying MQTT service of affected systems does not perform authentication in the default configuration. This could allow an unauthenticated remote attacker to send arbitrary messages to the service and...
CVE-2021-44222
A vulnerability has been identified in SIMATIC eaSie Core Package All versions V22.00. The underlying MQTT service of affected systems does not perform authentication in the default configuration. This could allow an unauthenticated remote attacker to send arbitrary messages to the service and...
CVE-2021-44222
CVE-2021-44222 affects Siemens SIMATIC eaSie Core Package: all versions before v22.00 with the MQTT service that does not perform authentication by default, allowing an unauthenticated remote attacker to send arbitrary messages and issue arbitrary requests within the affected system. MITRE CVSSv3...
CVE-2021-44221
CVE-2021-44221 affects Siemens SIMATIC eaSie Core Package (all versions before v22.00). The underlying issue is improper input validation in the message passing framework, allowing a remote attacker to trigger a denial of service. ICSA/Siemens advisories cite a CVSSv3 base score of 7.5 (AV:N/AC:L...
Siemens SIMATIC eaSie Core Package
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC eaSie Vulnerabilities: Improper Input Validation, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...
SIMATIC eaSie PCS 7 Skill Package (6DL5424- 0BX00-0AV8) Arbitrary File Download Vulnerability
SIMATIC eaSie is the digital assistant automation concept for Siemens Automation and Process Control Technology, "Totally Integrated Automation". SIMATIC eaSie PCS 7 Skill Package 6DL5424- 0BX00-0AV8 arbitrary file download vulnerability can be exploited by an attacker to read arbitrary files...
CVE-2021-42022
A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Package All versions V21.00 SP3. When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the...
Design/Logic Flaw
A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Package All versions V21.00 SP3. When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the...
CVE-2021-42022
A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Package All versions V21.00 SP3. When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the...
CVE-2021-42022
CVE-2021-42022 affects Siemens SIMATIC eaSie PCS 7 Skill Package: all versions before 21.00 SP3 are vulnerable to path traversal during file downloads. The issue arises from improper neutralization of elements in the pathname, allowing an attacker to resolve the path outside the restricted direct...
Siemens SIMATIC eaSie PCS 7 Skill Package
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC eaSie PCS 7 Skill Package Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated remote attacker to read...