CVE-2026-25951

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. Prior to 1.2.11, there is a flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences e.g., ....//, an...

Kabona AB WDC Open Redirect Vulnerability (CNVD-2016-09845)

Kabona AB WDC is a web-based SCADA system from the Swedish company Kabona AB. An open redirection vulnerability exists in Kabona AB WDC versions prior to 3.4.0. An attacker can exploit this vulnerability to redirect users to a malicious page...

Kabona AB WDC Open Redirect Vulnerability

Kabona AB WDC is a web-based SCADA system from the Swedish company Kabona AB. An open redirection vulnerability exists in Kabona AB WDC versions prior to 3.4.0. An attacker can exploit this vulnerability to redirect users to a malicious page...

Advantech WebAccess Vulnerabilities

OVERVIEW Ilya Karpov of Positive Technologies, Ivan Sanchez, Andrea Micalizzi, Ariele Caltabiano, Fritz Sands, Steven Seeley, and an anonymous researcher have identified multiple vulnerabilities in Advantech WebAccess application. Many of these vulnerabilities were reported through the Zero Day...

ESC 8832 Unauthorized Access Vulnerability

ESC 8832 is a Web-based SCADA system from ESC Corporation. A security vulnerability exists in ESC 8832 version 3.02 and earlier. A remote attacker can exploit this vulnerability to gain unauthorized access by performing a brute force attack on the parameters...

Meteocontrol WEB'log Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-133-01 Meteocontrol WEB'log Vulnerabilities that was published May 12, 2016, on the NCCIC/ICS‑CERT web site. Independent researcher Karn Ganeshen has identified one authentication and two information exposure...

IBC Solar ServeMaster Source Code Vulnerability

ServeMaster TLP+ and Danfoss TLX Pro+ are web-based SCADA systems. A source code vulnerability exists in IBC Solar ServeMaster. An attacker could exploit this vulnerability to obtain source code for executable scripts...

IBC Solar ServeMaster Source Code Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified three vulnerabilities in IBC Solar products. The vulnerabilities are disclosure of applications source code, plain text passwords, and cross site scripting. IBC Solar has not produced a patch to mitigate these vulnerabilities. These...

Schneider Electric ETG3000 FactoryCast HMI Gateway Unauthorized Access Vulnerability

The Schneider Electric ETG3000 FactoryCast HMI Gateway is a Web-based SCADA system. An unauthorized access vulnerability exists in the Schneider Electric ETG3000 FactoryCast HMI Gateway, which could be exploited by an attacker to gain unauthorized access to sensitive information, such as...

Schneider Electric SCADA Expert ClearSCADA Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-259-01 Schneider Electric SCADA Expert ClearSCADA Vulnerabilities that was published September 16, 2014, on the NCCIC/ICS-CERT web site. Independent researcher Aditya Sood has identified a weak hashing algorithm...