31 matches found
EUVD-2022-34378
Malicious code in bioql PyPI...
EUVD-2022-34394
Malicious code in bioql PyPI...
CVE-2022-2106
Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files...
CVE-2022-2088
An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0...
CVE-2022-2140
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters...
CVE-2022-2106
Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files...
CVE-2022-2088
An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0...
CVE-2022-2088
An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0...
CVE-2022-2140
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters...
CVE-2022-2140
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters...
Authentication flaw
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters...
Design/Logic Flaw
An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0...
Path traversal
Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files...
CVE-2022-2106
Elcomplus SmartICS Web HMI v2.3.4.0 exposes a relative path traversal due to insufficient filename validation. An authenticated administrator can specify arbitrary files, enabling potential exposure of sensitive data. Mitigation: upgrade to SmartICS 2.4 (patch released) and apply network/access c...
CVE-2022-2106 Elcomplus SmartICS Path Traversal
Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files...
CVE-2022-2106 Elcomplus SmartICS Path Traversal
Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files...
CVE-2022-2140 Elcomplus SmartICS Cross-site Scripting
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters...
CVE-2022-2140
CVE-2022-2140 affects Elcomplus SmartICS Web-based HMI (v2.3.4.0). The vulnerability arises because input is not neutralized, enabling an authenticated user to inject arbitrary code into specific parameters. CVSSv3.1 base score in advisories is 8.8 (HIGH) with NETWORK attack vector, LOW complexit...
CVE-2022-2140 Elcomplus SmartICS Cross-site Scripting
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters...
CVE-2022-2088
CVE-2022-2088 affects Elcomplus SmartICS v2.3.4.0. The root cause is an improper access control vulnerability that allows an authenticated user with admin privileges to terminate any process on the system running SmartICS. This is documented in multiple sources including the CISA ICS advisory (IC...