128 matches found
CVE-2025-27253
A CWE-15 "External Control of System or Configuration Setting" in GE Vernova UR IED family devices from version 7.0 up to 8.60 allows an attacker to provide input that establishes a TCP connection through a port forwarding. The lack of the IP address and port validation may allow the attacker to...
CVE-2025-27256
Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack on the network...
CVE-2025-27255
This CVE concerns GE Vernova EnerVista UR Setup. The vulnerability arises from hard-coded credentials used to encrypt the local user database, with the credential password retrievable by analyzing the application code. A local attacker could leverage this to escalate privileges on the affected sy...
CVE-2025-27255
Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code...
GE Vernova EnerVista UR 访问控制错误漏洞
GE Vernova EnerVista UR is a device configuration tool from GE Vernova USA that is compatible with all UR relay applications. An access control error vulnerability exists in the GE Vernova EnerVista UR that stems from a lack of critical function authentication, which could lead to authentication...
Maritime lawyers assemble!
Maritime cyber insurance has been playing catch-up with maritime cyber security for a while now. It was all pretty good until the availability of cheap VSAT meant that ships became constantly connected. Vessels were mostly not connected at sea, other than Fleet Broadband connections, rarely used...
What goes into testing a ship?
TL;DR Testing a ship involves identifying and mitigating cybersecurity risks using the "Identify, Prevent, Detect, Respond, Recover" framework. Guidelines include MSC.42898, BIMCO, IACS UR E26/E27, and ISO standards. New builds and existing vessels require proper documentation and network securit...
Pen testing cruise ships
New build ships contracted for build from 1st July 2024 must comply with IACS UR E26 & 27. What does this mean for assessing the cyber security of a cruise ship? What’s the risk profile? Cruise ships have a unique risk profile. This is due to the huge number of guests on board, highly complex...
ur-lr.or.jp Cross Site Scripting vulnerability OBB-3935179
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ur-alde.com Improper Access Control vulnerability OBB-3814271
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
chefgourmet.ch Cross Site Scripting vulnerability OBB-3786939
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ur-bar.de Cross Site Scripting vulnerability OBB-3743978
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-43260
Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting XSS vulnerability via the admin panel...
Milesight Cross-Site Scripting Vulnerability
Milesight is a complete Artificial Intelligence Video Surveillance solution from China's StarZone IOT Milesight. A cross-site scripting vulnerability exists in Ursalink Milesight UR5X, UR32L, UR32, UR35, UR41 , Industrial Cellular Routers prior to v35.3.0.7, which stems from the admin panel being...
ur-bane.com Cross Site Scripting vulnerability OBB-3673807
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ur-biowooeb.cirad.fr Cross Site Scripting vulnerability OBB-3490326
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ur-aida.cirad.fr Cross Site Scripting vulnerability OBB-3490318
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-24406
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Muneeb ur Rehman Simple PopUp plugin = 1.8.6 versions...
CVE-2023-24406 WordPress Simple Popup Images Plugin <= 1.8.6 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Muneeb ur Rehman Simple PopUp plugin = 1.8.6 versions...
CVE-2023-24406
The CVE-2023-24406 entry describes a Stored XSS in WordPress Simple Popup Images Plugin (admin+). Affected: Simple Popup plugin, versions