CVE-2023-52496

Removed by vendor...

NSSLGlobal Technologies SatLink VSAT Modem Unit Cross-Site Scripting Vulnerability

The NSSLGlobal Technologies SatLink VSAT Modem Unit VMU is a VSAT Very Small Aperture Terminal modem from NSSLGlobal Technologies. A cross-site scripting vulnerability exists in the web interface in NSSLGlobal Technologies SatLink VMU versions prior to 18.1.0. The vulnerability stems from a lack ...

CVE-2019-15652

The web interface for NSSLGlobal SatLink VSAT Modem Unit VMU devices before 18.1.0 doesn't properly sanitize input for error messages, leading to the ability to inject client-side code...

CVE-2019-15652

The CVE-2019-15652 entry concerns the web interface of NSSLGlobal SatLink VSAT Modem Unit (VMU). A vulnerability in the VMU web UI prior to version 18.1.0 arises from inadequate sanitization of input in error messages, enabling injection of client-side code (XSS) via crafted input. Documents cons...

CVE-2017-5145

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY CSRF vulnerability can allow execution of unauthorized actions on the device such as configuration parameter...

CVE-2017-5146

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text...

CVE-2017-5144

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions without authentication...

Authentication flaw

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions without authentication...

Cross site request forgery (csrf)

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY CSRF vulnerability can allow execution of unauthorized actions on the device such as configuration parameter...

Code injection

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text...

CVE-2017-5146

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text...

CVE-2017-5145

The CVE-2017-5145 entry describes a CROSS-SITE REQUEST FORGERY (CSRF) vulnerability in Carlo Gavazzi VMU-C EM (firmware before A11_U05) and VMU-C PV (firmware before A17). Successful exploitation can allow unauthorized configuration changes and saving of modified configurations. Public guidance i...

CVE-2017-5144

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions without authentication...

CVE-2017-5146

CVE-2017-5146 affects Carlo Gavazzi VMU-C EM (before firmware A11_U05) and VMU-C PV (before firmware A17). The issue is that sensitive information is stored in clear text on these devices, constituting an information disclosure vulnerability. Public sources describe the affected products and firm...

CVE-2017-5144

The CVE-2017-5144 issue affects Carlo Gavazzi VMU-C EM (pre-A11_U05) and VMU-C PV (pre-A17) where an access control flaw allows access to most application functions without authentication. According to the ICS-CERT advisory, the root cause is an access-control weakness (CWE-284) enabling remote, ...

Cross-Site Request Forgery Vulnerability in Carlo Gavazzi Automation VMU-C EM and VMU-C PV

Carlo Gavazzi Automation VMU-C EM and VMU-C PV are control modules in the automation products of the Italian company Carlo Gavazzi Automation. A cross-site request forgery vulnerability exists in the Carlo Gavazzi Automation VMU-C EM and VMU-C PV. A remote attacker can exploit the vulnerability b...

Carlo Gavazzi Automation VMU-C EM and VMU-C PV have unauthorized access vulnerabilities

Carlo Gavazzi Automation VMU-C EM and VMU-C PV are control modules in the automation products of the Italian company Carlo Gavazzi Automation. An unauthorized access vulnerability exists in the Carlo Gavazzi Automation VMU-C EM and VMU-C PV. An unauthenticated attacker could exploit the...

Carlo Gavazzi Automation VMU-C EM and VMU-C PV suffer from information disclosure vulnerabilities

Carlo Gavazzi Automation VMU-C EM and VMU-C PV are control modules in the automation products of the Italian company Carlo Gavazzi Automation. The Carlo Gavazzi Automation VMU-C EM and VMU-C PV store sensitive information in clear text, allowing remote attackers to exploit the vulnerability to re...

Carlo Gavazzi VMU-C EM and VMU-C PV

CVSS V3 10 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Carlo Gavazzi Equipment: VMU-C EM, VMU-C PV Vulnerabilities: Access Control Flaws, CSRF, Sensitive Information Stored In Clear Text AFFECTED PRODUCTS Carlo Gavazzi reports that the vulnerabilities affect the following...