Lucene search
K

19 matches found

NVD
NVD
added 2024/06/25 4:15 p.m.23 views

CVE-2024-5990

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device...

8.7CVSS0.02254EPSS
Exploits0References1
NVD
NVD
added 2024/06/25 4:15 p.m.18 views

CVE-2024-5988

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™...

9.8CVSS0.02654EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/05/06 2:0 p.m.21 views

Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution

More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet that's vulnerable to a critical unpatched security flaw in the HTTP/HTTPS proxy tool. The issue, tracked as CVE-2023-49606, carries a CVSS score of 9.8 out of a maximum of 10, per Cisco Talos, which...

9.8CVSS8.4AI score0.63076EPSS
Exploits2
NVD
NVD
added 2024/03/31 2:15 a.m.26 views

CVE-2023-41724

A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network...

9.6CVSS9.5AI score0.12844EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/31 1:45 a.m.36 views

CVE-2023-41724

A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network...

9.6CVSS9.2AI score0.12844EPSS
Exploits0References1
Prion
Prion
added 2023/11/15 12:15 a.m.16 views

Security feature bypass

A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potentia...

7.5CVSS7.2AI score0.02278EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/14 11:18 p.m.17 views

CVE-2023-39335

A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potentia...

9.6AI score0.02278EPSS
Exploits0References1
Prion
Prion
added 2023/10/13 1:15 p.m.24 views

Information disclosure

FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. If the size is larg...

6.4CVSS8.8AI score0.09603EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/10/13 12:57 p.m.43 views

CVE-2023-29464 Rockwell Automation FactoryTalk Linx Vulnerable to Denial-of-Service and Information Disclosure

FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. If the size is larg...

8.2CVSS9.1AI score0.09603EPSS
Exploits0References1
Prion
Prion
added 2019/07/11 8:15 p.m.11 views

Design/Logic Flaw

In Rockwell Automation PanelView 5510 all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later, a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may boot-up the terminal and...

10CVSS9.6AI score0.04597EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/06/07 4:29 p.m.29 views

CVE-2019-12774

A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044update05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description...

6.1CVSS7.2AI score0.00821EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/06/07 3:6 p.m.44 views

CVE-2019-12774

A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044update05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description...

6.4AI score0.00821EPSS
Exploits1References1
CVE
CVE
added 2019/06/07 3:6 p.m.62 views

CVE-2019-12774

CVE-2019-12774 is a stored XSS vulnerability in ENTTEC Datagate Mk2 Web Configuration (70044_update_05032019-482). The issue allows an unauthenticated attacker to inject code via fields such as Profile Description in the Profile Editor. Affected product line includes Datagate Mk2 (and related dev...

6.1CVSS6.3AI score0.00821EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/05/29 4:29 p.m.12 views

Hardcoded credentials

The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service...

7.5CVSS9.6AI score0.02126EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/05/29 3:3 p.m.12 views

CVE-2019-12440

The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service...

9.7AI score0.02126EPSS
Exploits0References3
NVD
NVD
added 2019/03/15 4:29 p.m.9 views

CVE-2018-19391

Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field...

6.1CVSS6.4AI score0.00726EPSS
Exploits1References2
Prion
Prion
added 2019/03/15 4:29 p.m.12 views

Cross site scripting

Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field...

4.3CVSS6.4AI score0.00726EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2019/03/15 4:0 p.m.12 views

CVE-2018-19391

Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field...

6.5AI score0.00726EPSS
Exploits1References2
Prion
Prion
added 2018/09/20 7:29 p.m.17 views

Code injection

Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually restart the software t...

5CVSS7.8AI score0.04495EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder