10 matches found
CVE-2024-41798
A vulnerability has been identified in SENTRON 7KM PAC3200 All versions. Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface could easily bypass this protection by brute-force attacks or by...
CVE-2024-41798
A vulnerability has been identified in SENTRON 7KM PAC3200 All versions. Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface could easily bypass this protection by brute-force attacks or by...
Siemens SENTRON PAC3200 Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
CVE-2023-27983
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data...
Authentication flaw
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data...
CVE-2023-27983
CVE-2023-27983 is a Missing Authentication for Critical Function (CWE-306) vulnerability in Schneider Electric IGSS components. The issue resides in the Data Server TCP interface and could allow deletion of reports from the IGSS project report directory, leading to data loss. Affected products/ve...
CVE-2023-27983
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data...
CVE-2023-27980
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected...
Metasploit msfd Remote Code Execution Exploit
Metasploit's msfd-service makes it possible to get a msfconsole-like interface over a TCP socket. If this socket is accessible on a remote interface, an attacker can execute commands on the victim's machine. If msfd is running with higher privileges than the current local user, this module can al...
SUSE SLES12 Security Update : quagga (SUSE-SU-2017:2294-1)
This update provides Quagga 1.1.1, which brings several fixes and enhancements. Security issues fixed : - CVE-2017-5495: Telnet 'vty' interface DoS due to unbounded memory allocation. bsc1021669 - CVE-2016-1245: Stack overrun in IPv6 RA receive code. bsc1005258 Bug fixes : - Do not enable zebra's...