Lucene search
+L

90 matches found

ATTACKERKB
ATTACKERKB
added 2021/12/06 6:15 p.m.3 views

CVE-2021-43936

The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution...

10CVSS7.6AI score0.35804EPSS
Exploits5References3Affected Software1
OSV
OSV
added 2021/12/06 6:15 p.m.5 views

CVE-2021-43931

The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error...

9.8CVSS5.8AI score0.01392EPSS
Exploits0References1
NVD
NVD
added 2021/12/06 6:15 p.m.29 views

CVE-2021-43931

The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error...

9.8CVSS0.01392EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/12/06 6:15 p.m.2 views

CVE-2021-43931

The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error...

9.8CVSS7.2AI score0.01392EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/12/06 6:15 p.m.13 views

Authentication flaw

The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error...

7.5CVSS9.5AI score0.01392EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/06 6:15 p.m.10 views

Code injection

The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution...

10CVSS9.7AI score0.35804EPSS
Exploits5References2Affected Software1
CVE
CVE
added 2021/12/06 5:40 p.m.54 views

CVE-2021-43931

The affected product is Distributed Data Systems WebHMI (SCADA) prior to version 4.1. The issue is a vulnerability titled Authentication Bypass by Primary Weakness (CWE-305): the authentication algorithm is sound, but the implemented mechanism can be bypassed due to a separate weakness that is pr...

9.8CVSS9.6AI score0.01392EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/06 5:40 p.m.29 views

CVE-2021-43931 Distributed Data Systems WebHM

The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error...

9.8CVSS9.7AI score0.01392EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/12/06 5:39 p.m.35 views

CVE-2021-43936 Distributed Data Systems WebHM

The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution...

10CVSS10AI score0.35804EPSS
Exploits5References2
CVE
CVE
added 2021/12/06 5:39 p.m.152 views

CVE-2021-43936

The CVE-2021-43936 issue affects WebHMI firmware versions prior to 4.1, enabling an Unrestricted Upload of File with Dangerous Type that can lead to arbitrary code execution. ExploitDB documents a WebHMI 4.0 RCE path requiring authentication, where an uploaded PHP payload and a reverse-shell work...

10CVSS9.7AI score0.35804EPSS
Exploits5References2Affected Software1
CISA
CISA
added 2021/12/06 12:0 a.m.14 views

CISA Releases Security Advisory on WebHMI Vulnerabilities

CISA has released an Industrial Controls Systems ICS advisory detailing vulnerabilities in Distributed Data Systems WebHMI products. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review ICS advisory...

7AI score
Exploits0References1
CNVD
CNVD
added 2021/12/04 12:0 a.m.25 views

Distributed Data Systems WebHmi Authorization Issues Vulnerability

Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used for monitoring and controlling any automation system on the local network as well as over the Internet from computers and mobile devices. Distributed Data Systems WebHmi...

9.8CVSS9.5AI score0.01392EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/04 12:0 a.m.36 views

Distributed Data Systems WebHMI File Upload Vulnerability

Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used for monitoring and controlling any automation system on the local network as well as over the Internet from computers and mobile devices. A file upload vulnerability...

10CVSS9.5AI score0.35804EPSS
Exploits5References1
CNNVD
CNNVD
added 2021/12/02 12:0 a.m.22 views

Distributed Data Systems WebHmi 授权问题漏洞

Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used for monitoring and controlling any automation system on the local network as well as over the Internet from computers and mobile devices. Distributed Data Systems WebHmi...

9.8CVSS5.7AI score0.01392EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/12/02 12:0 a.m.28 views

Distributed Data Systems WebHmi 代码问题漏洞

Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used for monitoring and controlling any automation system on the local network as well as over the Internet from computers and mobile devices. A file upload vulnerability...

10CVSS6.5AI score0.35804EPSS
Exploits5References9
ICS
ICS
added 2021/12/02 12:0 a.m.54 views

Distributed Data Systems WebHMI

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Distributed Data Systems Equipment: WebHMI Vulnerabilities: Authentication Bypass by Primary Weakness, Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of...

10CVSS10AI score0.35804EPSS
Exploits5References5
OSV
OSV
added 2019/05/22 6:29 p.m.4 views

CVE-2019-11536

Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka CYB/2019/19561. The...

9.8CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added 2019/05/22 5:46 p.m.13 views

CVE-2019-11536

Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka CYB/2019/19561. The...

9.4AI score0.01902EPSS
Exploits0References2
Prion
Prion
added 2019/03/26 8:29 p.m.11 views

Command injection

An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component...

9CVSS8.9AI score0.03463EPSS
Exploits0References2
NVD
NVD
added 2019/03/26 8:29 p.m.17 views

CVE-2019-9743

An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component...

9CVSS9AI score0.03463EPSS
Exploits0References2
Rows per page
Query Builder