17 matches found
EUVD-2023-23786
Malicious code in bioql PyPI...
CVE-2023-1552
ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configurati...
CVE-2023-1552
ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configurati...
Deserialization of untrusted data
ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configurati...
CVE-2023-1552
Summary: CVE-2023-1552 concerns GE Gas Power ToolBoxST before 7.10, with a deserialization vulnerability that lets an attacker execute code in a Toolbox user’s context by deserializing an untrusted configuration file. Affected software: ToolboxST versions prior to 7.10 (ToolboxST is a control-sys...
CVE-2023-1552 ToolboxST Deserialization of Untrusted Configuration Data
ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configurati...
CVE-2023-1552 ToolboxST Deserialization of Untrusted Configuration Data
ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configurati...
PT-2023-17069 · Ge Gas Power · Controlst +1
Name of the Vulnerable Software and Affected Versions: ToolboxST versions prior to 7.10 Description: The issue is related to a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a...
GE Gas Power ToolBoxST 代码问题漏洞
GE Gas Power ToolBoxST is a control system toolbox from General Electric GE for process, SIL, excitation and power conversion. A security vulnerability exists in GE Gas Power ToolBoxST versions prior to 7.10, which stems from the presence of a deserialization vulnerability that can be exploited b...
CVE-2021-44477
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity XXE vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input...
CVE-2021-44477
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity XXE vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input...
Xxe
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity XXE vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input...
CVE-2021-44477 GE Gas Power ToolBoxST Improper Restriction of XML External Entity Reference
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity XXE vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input...
CVE-2021-44477 GE Gas Power ToolBoxST Improper Restriction of XML External Entity Reference
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity XXE vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input...
CVE-2021-44477
CVE-2021-44477 affects GE Gas Power ToolBoxST OS running versions prior to 07.09.07C. It is an XML External Entity (XXE) vulnerability in the XML parser when processing project/template XML, using DTD parameter entities, potentially allowing disclosure of arbitrary data on the affected node via a...
GE Gas Power ToolBoxST 代码问题漏洞
GE Gas Power ToolBoxST is a control system toolbox from General Electric GE for process, SIL, excitation, and power conversion. A code issue vulnerability exists in GE Gas Power ToolBoxST version v04.07.05C, which can be exploited by an attacker to disclose and retrieve arbitrary data on an...
GE Gas Power ToolBoxST
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: GE Gas Power Equipment: ToolBoxST Vulnerabilities: Improper Restriction of XML External Entity Reference, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result...