90 matches found
CVE-2021-43936
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution...
CVE-2021-43931
The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error...
CVE-2021-43931
The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error...
CVE-2021-43931
The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error...
Authentication flaw
The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error...
Code injection
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution...
CVE-2021-43931
The affected product is Distributed Data Systems WebHMI (SCADA) prior to version 4.1. The issue is a vulnerability titled Authentication Bypass by Primary Weakness (CWE-305): the authentication algorithm is sound, but the implemented mechanism can be bypassed due to a separate weakness that is pr...
CVE-2021-43931 Distributed Data Systems WebHM
The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error...
CVE-2021-43936 Distributed Data Systems WebHM
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution...
CVE-2021-43936
The CVE-2021-43936 issue affects WebHMI firmware versions prior to 4.1, enabling an Unrestricted Upload of File with Dangerous Type that can lead to arbitrary code execution. ExploitDB documents a WebHMI 4.0 RCE path requiring authentication, where an uploaded PHP payload and a reverse-shell work...
CISA Releases Security Advisory on WebHMI Vulnerabilities
CISA has released an Industrial Controls Systems ICS advisory detailing vulnerabilities in Distributed Data Systems WebHMI products. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review ICS advisory...
Distributed Data Systems WebHmi Authorization Issues Vulnerability
Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used for monitoring and controlling any automation system on the local network as well as over the Internet from computers and mobile devices. Distributed Data Systems WebHmi...
Distributed Data Systems WebHMI File Upload Vulnerability
Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used for monitoring and controlling any automation system on the local network as well as over the Internet from computers and mobile devices. A file upload vulnerability...
Distributed Data Systems WebHmi 授权问题漏洞
Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used for monitoring and controlling any automation system on the local network as well as over the Internet from computers and mobile devices. Distributed Data Systems WebHmi...
Distributed Data Systems WebHmi 代码问题漏洞
Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used for monitoring and controlling any automation system on the local network as well as over the Internet from computers and mobile devices. A file upload vulnerability...
Distributed Data Systems WebHMI
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Distributed Data Systems Equipment: WebHMI Vulnerabilities: Authentication Bypass by Primary Weakness, Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of...
CVE-2019-11536
Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka CYB/2019/19561. The...
CVE-2019-11536
Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka CYB/2019/19561. The...
Command injection
An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component...
CVE-2019-9743
An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component...