19 matches found
CVE-2024-5990
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device...
CVE-2024-5988
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™...
Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution
More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet that's vulnerable to a critical unpatched security flaw in the HTTP/HTTPS proxy tool. The issue, tracked as CVE-2023-49606, carries a CVSS score of 9.8 out of a maximum of 10, per Cisco Talos, which...
CVE-2023-41724
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network...
CVE-2023-41724
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network...
Security feature bypass
A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potentia...
CVE-2023-39335
A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potentia...
Information disclosure
FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. If the size is larg...
CVE-2023-29464 Rockwell Automation FactoryTalk Linx Vulnerable to Denial-of-Service and Information Disclosure
FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. If the size is larg...
Design/Logic Flaw
In Rockwell Automation PanelView 5510 all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later, a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may boot-up the terminal and...
CVE-2019-12774
A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044update05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description...
CVE-2019-12774
A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044update05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description...
CVE-2019-12774
CVE-2019-12774 is a stored XSS vulnerability in ENTTEC Datagate Mk2 Web Configuration (70044_update_05032019-482). The issue allows an unauthenticated attacker to inject code via fields such as Profile Description in the Profile Editor. Affected product line includes Datagate Mk2 (and related dev...
Hardcoded credentials
The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service...
CVE-2019-12440
The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service...
CVE-2018-19391
Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field...
Cross site scripting
Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field...
CVE-2018-19391
Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field...
Code injection
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually restart the software t...