39 matches found
CVE-2023-37362 Weintek Weincloud Improper Authentication
Weintek Weincloud v0.13.6 could allow an attacker to abuse the registration functionality to login with testing credentials to the official website...
CVE-2023-32657
CVE-2023-32657 affects Weintek Weincloud v0.13.6 (Account API) and prior, described as Improper Restriction of Excessive Authentication Attempts. The provided documents state an attacker could efficiently develop brute-force attacks on credentials by exploiting authentication hints in error messa...
CVE-2023-32657 Weintek Weincloud Improper Restriction of Excessive Authentication Attempts
Weintek Weincloud v0.13.6 could allow an attacker to efficiently develop a brute force attack on credentials with authentication hints from error message responses...
CVE-2023-32657 Weintek Weincloud Improper Restriction of Excessive Authentication Attempts
Weintek Weincloud v0.13.6 could allow an attacker to efficiently develop a brute force attack on credentials with authentication hints from error message responses...
CVE-2023-34429 Weintek Weincloud Improper Handling of Structural Elements
Weintek Weincloud v0.13.6 could allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token...
CVE-2023-34429 Weintek Weincloud Improper Handling of Structural Elements
Weintek Weincloud v0.13.6 could allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token...
CVE-2023-34429
CVE-2023-34429 affects Weintek Weincloud v0.13.6, where processing of a forged JWT token can cause a denial-of-service. The connected ICS/nvd entries corroborate the DoS impact and indicate remediation: Weincloud account API updated to v0.13.8 (no action required by users beyond this update). No ...
CVE-2023-35134
CVE-2023-35134 affects Weintek Weincloud v0.13.6, where an attacker could reset an account’s password using only the JWT token. The ICS advisory notes an authenticated/remote exposure with the account API; CISA recommends upgrading to the fixed account API version (v0.13.8) and applying standard ...
CVE-2023-35134 Weintek Weincloud Weak Password Recovery Mechanism for Forgotten Password
Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding account’s JWT token only...
CVE-2023-35134 Weintek Weincloud Weak Password Recovery Mechanism for Forgotten Password
Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding account’s JWT token only...
Weintek Weincloud 安全漏洞
Weintek Weincloud is a cloud-based monitoring platform from Weintek, Inc. A security vulnerability exists in Weintek Weincloud version v0.13.6, which originates from an attacker who can effectively brute-force an attack on credentials by exploiting an authentication prompt in an error message...
Weintek Weincloud 授权问题漏洞
Weintek Weincloud is a cloud-based monitoring platform from Weintek, Inc. An authorization issue vulnerability exists in Weintek Weincloud version v0.13.6, which stems from a vulnerability that could allow an attacker to reset passwords using only the JWT token of the corresponding account...
Weintek Weincloud 安全漏洞
Weintek Weincloud is a cloud-based monitoring platform from Weintek, Inc. A security vulnerability exists in Weintek Weincloud version v0.13.6, which stems from a vulnerability that could allow an attacker to cause a denial of service by sending a forged JWT token...
PT-2023-25159 · Weintek · Weintek Weincloud
Name of the Vulnerable Software and Affected Versions: Weintek Weincloud version 0.13.6 Description: The issue allows an attacker to reset a password using the corresponding account's JWT token only. No information is provided about the estimated number of potentially affected devices worldwide o...
Weintek Weincloud 授权问题漏洞
Weintek Weincloud is a cloud-based monitoring platform from Weintek, Inc. An authorization issue vulnerability exists in Weintek Weincloud version v0.13.6, which stems from a vulnerability that could allow an attacker to abuse the registration feature and log in to the official website using test...
PT-2023-25932 · Weintek · Weintek Weincloud
Name of the Vulnerable Software and Affected Versions: Weintek Weincloud version 0.13.6 Description: The issue allows an attacker to abuse the registration functionality to login with testing credentials to the official website. Recommendations: For Weintek Weincloud version 0.13.6, consider...
CISA Releases Seven Industrial Control Systems Advisories
CISA released seven Industrial Control Systems ICS advisories on July 18, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-199-01 Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A ICSA-23-199-02...
Weintek Weincloud
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Weintek Equipment: Weincloud Vulnerabilities: Weak Password Recovery Mechanism for Forgotten Password, Improper Authentication, Improper Restriction of Excessive Authentication Attempts, Improper...
PT-2023-5704 · Weintek · Weintek Weincloud
Name of the Vulnerable Software and Affected Versions: Weintek Weincloud version 0.13.6 Description: The issue is related to the incorrect handling of construction elements in the Weincloud cloud platform for managing industrial devices. An attacker could exploit this by sending a forged JWT toke...