Lucene search
K

48 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.10 views

Vertiv Liebert SiteScan Incorrect Authorization (CVE-2024-5539)

CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...

9.2CVSS5.9AI score0.00287EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.5 views

Vertiv Liebert SiteScan Improper Validation of Array Index (CVE-2025-0657)

CWE-129 Improper Validation of Array Index vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. Software uses an array index that has not been properly validated to ensure it falls within valid array bounds. This can result in out-of-bounds access,...

8.8CVSS5.7AI score0.00291EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.5 views

Vertiv Liebert SiteScan Cross-site Scripting (CVE-2024-5540)

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products in versions older than 8.0. Untrusted data is included in web pages without proper validation, allowing...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.7 views

Automated Logic WebCTRL Premium Server Improper Neutralization of Input During Web Page Generation (CVE-2024-8528)

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. User input is not properly sanitized, allowing injection of malicious scripts into web pages viewed by...

5.4CVSS5.8AI score0.00106EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-9196

Malware in sbrugna...

9.8CVSS9.5AI score0.03521EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/04/06 12:0 a.m.16 views

Automated Logic Corporation WebCTRL, i-VU, SiteScan Improper Limitation of a Pathname to a Restricted Directory (CVE-2017-9640)

A Path Traversal issue was discovered in Automated Logic Corporation ALC ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An...

6.5CVSS6.8AI score0.0845EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2023/04/06 12:0 a.m.19 views

Automated Logic Corporation WebCTRL, i-VU, SiteScan Unrestricted Upload of File with Dangerous Type (CVE-2017-9650)

An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation ALC ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu,...

7.8CVSS7.6AI score0.02368EPSS
Exploits6References4
Tenable Nessus
Tenable Nessus
added 2023/04/06 12:0 a.m.22 views

Automated Logic Corporation WebCTRL, i-VU, SiteScan Unrestricted Upload of File with Dangerous Type (CVE-2017-9650)

An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation ALC ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu,...

7.8CVSS7.6AI score0.02368EPSS
Exploits6References4
Tenable Nessus
Tenable Nessus
added 2023/04/06 12:0 a.m.24 views

Automated Logic Corporation WebCTRL, i-VU, SiteScan Unquoted Search Path or Element (CVE-2017-9644)

An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation ALC ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5....

7CVSS7.7AI score0.01411EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2023/04/06 12:0 a.m.21 views

Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU Improper Restriction of XML External Entity Reference (CVE-2016-5795)

An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...

7.5CVSS7.5AI score0.02239EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/04/06 12:0 a.m.20 views

Automated Logic Corporation WebCTRL, i-VU, SiteScan Improper Limitation of a Pathname to a Restricted Directory (CVE-2017-9640)

A Path Traversal issue was discovered in Automated Logic Corporation ALC ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An...

6.5CVSS6.8AI score0.0845EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2023/04/06 12:0 a.m.27 views

Automated Logic Corporation WebCTRL, i-VU, SiteScan Unquoted Search Path or Element (CVE-2017-9644)

An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation ALC ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5....

7CVSS7.7AI score0.01411EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2023/04/06 12:0 a.m.23 views

Automated Logic Corporation WebCTRL, i-VU, SiteScan Improper Limitation of a Pathname to a Restricted Directory (CVE-2017-9640)

A Path Traversal issue was discovered in Automated Logic Corporation ALC ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An...

6.5CVSS6.8AI score0.0845EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2023/04/06 12:0 a.m.37 views

Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU Improper Restriction of XML External Entity Reference (CVE-2016-5795)

An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...

7.5CVSS7.5AI score0.02239EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/04/06 12:0 a.m.30 views

Vertiv Liebert SiteScan Web Improper Restriction of XML External Entity Reference (CVE-2016-8348)

An XML External Entity XXE issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or...

9.8CVSS8.8AI score0.03521EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/04/06 12:0 a.m.27 views

Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU Improper Restriction of XML External Entity Reference (CVE-2016-5795)

An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...

7.5CVSS7.5AI score0.02239EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2017/10/05 12:0 a.m.7 views

The vulnerability of Liebert SiteScan, a web-based system for controlling critical equipment, stems from an improper limitation on XML links to external objects. This allows a violator to access confidential information.

The vulnerability of the Liebert SiteScan web-based critical equipment monitoring system lies in improper restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information by using specially crafted XML requests...

5CVSS7.8AI score0.03521EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2017/08/31 9:29 p.m.22 views

CVE-2016-5795

An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...

7.5CVSS7.4AI score0.02239EPSS
Exploits0References2
Prion
Prion
added 2017/08/31 9:29 p.m.15 views

Design/Logic Flaw

An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...

7.5CVSS8AI score0.02239EPSS
Exploits0References2Affected Software3
OSV
OSV
added 2017/08/31 9:29 p.m.5 views

CVE-2016-5795

An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...

7.3CVSS6AI score0.02239EPSS
Exploits0References2
Rows per page
Query Builder