Hanwha Vision Camera Improper Neutralization of Input During Web Page Generation (CVE-2025-8075)

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user's browser. The...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-56781)

powerpc/prominit: missing powermac size-cells. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504722; scriptversion"1.2";...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2022-27779)

libcurl wrongly allows cookies to be set for Top Level Domains TLDs if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's cookie engine can bebuilt with or without Public Suffix Listawareness. If PSL support not provided, a more rudimentary check...

Siemens SIMATIC S7-1500 Improper Neutralization of Input During Web Page Generation (CVE-2016-3709)

Possible cross-site scripting vulnerability in libxml after commit 960f0e2. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504354;...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2021-43396)

DISPUTED In iconvdata/iso-2022-jp-3.c in the GNU C Library aka glibc 2.34, remote attackers can force iconv to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv use cases. NOTE: the vendor...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2023-28531)

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Allocation of Resources Without Limits or Throttling (CVE-2024-42082)

xdp: unused WARN in xdpregmemmodel. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503577; scriptversion"1.3";...

EUVD-2023-12569

Malicious code in bioql PyPI...

Wago CODESYS V2 Web-Server Stack-based Buffer Overflow (CVE-2021-30189)

CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503317; scriptversion"1.3...

Fedora 42 : vim (2025-9395406660)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-9395406660 advisory. The newest upstream commit Security fixes for CVE-2025-53906, CVE-2025-53905 Tenable has extracted the preceding description block directly from the...

CVE-2023-0524

As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue...

Geo Vision EoL Devices Improper Neutralization of Special Elements used in an OS Command (CVE-2024-11120)

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received relat...

Device Status Query Detected (High)

A status query has been sent to the device, which might indicate a reconnaissance activity. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503184...

Device Status Modification Detected (High)

Changes in the controller state can stop operations altogether or start an operation that should not have been started. These operations can be used by an attacker to disrupt normal operation, cause production losses, or create safety concerns. This plugin only works with Tenable.ot. Please visit...

Photon OS 5.0: Postgresql14 PHSA-2025-5.0-0490

An update of the postgresql14 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0490. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Siemens SIMATIC S7-1500 TM MFP Buffer Access with Incorrect Length Value (CVE-2024-42154)

In the Linux kernel, the following vulnerability has been resolved: tcpmetrics: validate source addr length I don't see anything checking that TCPMETRICSATTRSADDRIPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all neither does it for IPv6 but v6 is manual...

Linux Distros Unpatched Vulnerability : CVE-2021-39257

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain starting from ntfsattrpwrite, causing stack consumption in...

Linux Distros Unpatched Vulnerability : CVE-2015-3407

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files. CVE-2015-340...

Siemens SIMATIC S7-1500 TM MFP BIOS Double Free (CVE-2021-27645)

The nameserver caching daemon nscd in the GNU C Library aka glibc or libc6 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. This...

Siemens SIMATIC Devices Linux Kernel Use After Free (CVE-2022-1184)

A use-after-free flaw was found in fs/ext4/namei.c:dxinsertblock in the Linux kernel's filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot f...