17 matches found
CVE-2026-4760
From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account. Installations based on Panorama Suite 2022-SP1 22.50.005 are vulnerable unless update PS-2210-02-4079 or high...
EUVD-2026-15402
From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account. Installations based on Panorama Suite 2022-SP1 22.50.005 are vulnerable unless update PS-2210-02-4079 or high...
CVE-2026-4760
From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account. Installations based on Panorama Suite 2022-SP1 22.50.005 are vulnerable unless update PS-2210-02-4079 or high...
CVE-2026-4760 Potential unauthorized access to files on the Web HMI server host
From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account. Installations based on Panorama Suite 2022-SP1 22.50.005 are vulnerable unless update PS-2210-02-4079 or high...
CVE-2026-4760 Potential unauthorized access to files on the Web HMI server host
From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account. Installations based on Panorama Suite 2022-SP1 22.50.005 are vulnerable unless update PS-2210-02-4079 or high...
CVE-2026-4760
From CVE-2026-4760, Panorama Web HMI allows an attacker to gain read access to certain Web HMI server files if the attacker knows the file paths and the files are accessible to the Servin process execution account. Affected installations include Panorama Suite 2022-SP1 (22.50.005) unless PS-2210-...
PT-2026-27761
From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account. Installations based on Panorama Suite 2022-SP1 22.50.005 are vulnerable unless update PS-2210-02-4079 or high...
Codra Panorama Suite 安全漏洞
Codra Panorama Suite is an industrial process monitoring software platform developed by the French company Codra. There is a security vulnerability in Codra Panorama Suite, which allows attackers to potentially read files on the Web HMI server...
CVE-2026-3611
The CVE-2026-3611 entry describes unauthenticated access to the Honeywell IQ4x BMS controller web UI in factory-default configurations. Affected devices expose the full HMI via HTTP without requiring authentication when no user module is configured, leaving the system running under a System Guest...
📄 Honeywell Trend IQ4 Unauthenticated Add Admin
This Metasploit module exploits an insecure default configuration in Honeywell Trend IQ4 controllers. By default, these devices do not enforce authentication, allowing a remote user to enable the User Module and create a new administrative account. Note: This action permanently changes the device...
CVE-2024-4105
A vulnerability has been found in FAST/TOOLS and CI Server. The affected product's WEB HMI server's function to process HTTP requests has a security flaw Reflected XSS that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product UR...
CVE-2024-4105
A vulnerability has been found in FAST/TOOLS and CI Server. The affected product's WEB HMI server's function to process HTTP requests has a security flaw Reflected XSS that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product UR...
CVE-2022-34756
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. Affected Products: Easergy P5 V01.401.102 and prior...
CVE-2022-34756
The CVE-2022-34756 affects Schneider Electric Easergy P5 (v01.401.102 and prior) and is caused by a CWE-120 buffer copy without checking input size. This vulnerability can lead to remote code execution or a crash of the device’s HTTPs Web HMI stack. Documented impact is high with a CVSS base scor...
Schneider Electric Easergy P5 安全漏洞
The Schneider Electric Easergy P5 is a protective relay for demanding medium voltage applications from Schneider Electric, France. A security vulnerability exists in Schneider Electric Easergy P5 V01.401.102 and prior versions, which stems from a buffer copy vulnerability that does not check the...
CVE-2022-34756
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. Affected Products: Easergy P5 V01.401.102 and prior...
CVE-2016-10224
The CVE-2016-10224 entry concerns Sauter NovaWeb web HMI where a protection check relies on a cookie’s existence/values but does not verify that the cookie is valid for the associated user. Affected component: the web HMI protection mechanism. Root cause: inadequate validation of user-bound cooki...