18 matches found
EUVD-2023-23786
Malicious code in bioql PyPI...
CVE-2023-1552
ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configurati...
CVE-2023-1552
ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configurati...
Deserialization of untrusted data
ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configurati...
CVE-2023-1552 ToolboxST Deserialization of Untrusted Configuration Data
ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configurati...
CVE-2023-1552 ToolboxST Deserialization of Untrusted Configuration Data
ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configurati...
CVE-2023-1552
Summary: CVE-2023-1552 concerns GE Gas Power ToolBoxST before 7.10, with a deserialization vulnerability that lets an attacker execute code in a Toolbox user’s context by deserializing an untrusted configuration file. Affected software: ToolboxST versions prior to 7.10 (ToolboxST is a control-sys...
GE Gas Power ToolBoxST 代码问题漏洞
GE Gas Power ToolBoxST is a control system toolbox from General Electric GE for process, SIL, excitation and power conversion. A security vulnerability exists in GE Gas Power ToolBoxST versions prior to 7.10, which stems from the presence of a deserialization vulnerability that can be exploited b...
PT-2023-17069 · Ge Gas Power · Controlst +1
Name of the Vulnerable Software and Affected Versions: ToolboxST versions prior to 7.10 Description: The issue is related to a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a...
CVE-2021-44477
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity XXE vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input...
CVE-2021-44477
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity XXE vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input...
Xxe
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity XXE vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input...
CVE-2021-44477 GE Gas Power ToolBoxST Improper Restriction of XML External Entity Reference
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity XXE vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input...
CVE-2021-44477
CVE-2021-44477 affects GE Gas Power ToolBoxST OS running versions prior to 07.09.07C. It is an XML External Entity (XXE) vulnerability in the XML parser when processing project/template XML, using DTD parameter entities, potentially allowing disclosure of arbitrary data on the affected node via a...
CVE-2021-44477 GE Gas Power ToolBoxST Improper Restriction of XML External Entity Reference
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity XXE vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input...
The vulnerability of the software for configuring and diagnosing processes in ToolboxST arises from improper restrictions on XML references to external objects, which allows attackers to disclose sensitive information.
The vulnerability of the software for configuring and diagnosing processes in ToolboxST is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...
GE Gas Power ToolBoxST 代码问题漏洞
GE Gas Power ToolBoxST is a control system toolbox from General Electric GE for process, SIL, excitation, and power conversion. A code issue vulnerability exists in GE Gas Power ToolBoxST version v04.07.05C, which can be exploited by an attacker to disclose and retrieve arbitrary data on an...
GE Gas Power ToolBoxST
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: GE Gas Power Equipment: ToolBoxST Vulnerabilities: Improper Restriction of XML External Entity Reference, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result...