Lucene search
K

39 matches found

Vulnrichment
Vulnrichment
added 2023/07/19 9:50 p.m.14 views

CVE-2023-37362 Weintek Weincloud Improper Authentication

Weintek Weincloud v0.13.6 could allow an attacker to abuse the registration functionality to login with testing credentials to the official website...

7.2CVSS8.7AI score0.00511EPSS
Exploits0References1
CVE
CVE
added 2023/07/19 9:47 p.m.51 views

CVE-2023-32657

CVE-2023-32657 affects Weintek Weincloud v0.13.6 (Account API) and prior, described as Improper Restriction of Excessive Authentication Attempts. The provided documents state an attacker could efficiently develop brute-force attacks on credentials by exploiting authentication hints in error messa...

7.5CVSS6.5AI score0.00434EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/19 9:47 p.m.12 views

CVE-2023-32657 Weintek Weincloud Improper Restriction of Excessive Authentication Attempts

Weintek Weincloud v0.13.6 could allow an attacker to efficiently develop a brute force attack on credentials with authentication hints from error message responses...

5.3CVSS7.1AI score0.00434EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/07/19 9:47 p.m.23 views

CVE-2023-32657 Weintek Weincloud Improper Restriction of Excessive Authentication Attempts

Weintek Weincloud v0.13.6 could allow an attacker to efficiently develop a brute force attack on credentials with authentication hints from error message responses...

5.3CVSS7.8AI score0.00434EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/07/19 9:45 p.m.20 views

CVE-2023-34429 Weintek Weincloud Improper Handling of Structural Elements

Weintek Weincloud v0.13.6 could allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token...

7.5CVSS7.6AI score0.00531EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/07/19 9:45 p.m.11 views

CVE-2023-34429 Weintek Weincloud Improper Handling of Structural Elements

Weintek Weincloud v0.13.6 could allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token...

7.5CVSS6.8AI score0.00531EPSS
Exploits0References1
CVE
CVE
added 2023/07/19 9:45 p.m.2496 views

CVE-2023-34429

CVE-2023-34429 affects Weintek Weincloud v0.13.6, where processing of a forged JWT token can cause a denial-of-service. The connected ICS/nvd entries corroborate the DoS impact and indicate remediation: Weincloud account API updated to v0.13.8 (no action required by users beyond this update). No ...

7.5CVSS7.6AI score0.00531EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/07/19 9:43 p.m.2513 views

CVE-2023-35134

CVE-2023-35134 affects Weintek Weincloud v0.13.6, where an attacker could reset an account’s password using only the JWT token. The ICS advisory notes an authenticated/remote exposure with the account API; CISA recommends upgrading to the fixed account API version (v0.13.8) and applying standard ...

7.4CVSS6.7AI score0.00376EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/19 9:43 p.m.17 views

CVE-2023-35134 Weintek Weincloud Weak Password Recovery Mechanism for Forgotten Password

Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding account’s JWT token only...

7.4CVSS7AI score0.00376EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/07/19 9:43 p.m.24 views

CVE-2023-35134 Weintek Weincloud Weak Password Recovery Mechanism for Forgotten Password

Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding account’s JWT token only...

7.4CVSS7.6AI score0.00376EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/07/19 12:0 a.m.5 views

Weintek Weincloud 安全漏洞

Weintek Weincloud is a cloud-based monitoring platform from Weintek, Inc. A security vulnerability exists in Weintek Weincloud version v0.13.6, which originates from an attacker who can effectively brute-force an attack on credentials by exploiting an authentication prompt in an error message...

7.5CVSS7.3AI score0.00434EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/07/19 12:0 a.m.6 views

Weintek Weincloud 授权问题漏洞

Weintek Weincloud is a cloud-based monitoring platform from Weintek, Inc. An authorization issue vulnerability exists in Weintek Weincloud version v0.13.6, which stems from a vulnerability that could allow an attacker to reset passwords using only the JWT token of the corresponding account...

7.4CVSS6AI score0.00376EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/07/19 12:0 a.m.4 views

Weintek Weincloud 安全漏洞

Weintek Weincloud is a cloud-based monitoring platform from Weintek, Inc. A security vulnerability exists in Weintek Weincloud version v0.13.6, which stems from a vulnerability that could allow an attacker to cause a denial of service by sending a forged JWT token...

7.5CVSS7.3AI score0.00531EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/19 12:0 a.m.6 views

PT-2023-25159 · Weintek · Weintek Weincloud

Name of the Vulnerable Software and Affected Versions: Weintek Weincloud version 0.13.6 Description: The issue allows an attacker to reset a password using the corresponding account's JWT token only. No information is provided about the estimated number of potentially affected devices worldwide o...

7.4CVSS5.8AI score0.00376EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/07/19 12:0 a.m.6 views

Weintek Weincloud 授权问题漏洞

Weintek Weincloud is a cloud-based monitoring platform from Weintek, Inc. An authorization issue vulnerability exists in Weintek Weincloud version v0.13.6, which stems from a vulnerability that could allow an attacker to abuse the registration feature and log in to the official website using test...

8.8CVSS8AI score0.00511EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/19 12:0 a.m.6 views

PT-2023-25932 · Weintek · Weintek Weincloud

Name of the Vulnerable Software and Affected Versions: Weintek Weincloud version 0.13.6 Description: The issue allows an attacker to abuse the registration functionality to login with testing credentials to the official website. Recommendations: For Weintek Weincloud version 0.13.6, consider...

8.8CVSS8.5AI score0.00511EPSS
Exploits0References5
CISA
CISA
added 2023/07/18 12:0 p.m.7 views

CISA Releases Seven Industrial Control Systems Advisories

CISA released seven Industrial Control Systems ICS advisories on July 18, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-199-01 Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A ICSA-23-199-02...

7AI score
Exploits0References7
ICS
ICS
added 2023/07/18 6:0 a.m.61 views

Weintek Weincloud

1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Weintek ​Equipment: Weincloud ​Vulnerabilities: Weak Password Recovery Mechanism for Forgotten Password, Improper Authentication, Improper Restriction of Excessive Authentication Attempts, Improper...

8.8CVSS7.7AI score0.00531EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/07/18 12:0 a.m.4 views

PT-2023-5704 · Weintek · Weintek Weincloud

Name of the Vulnerable Software and Affected Versions: Weintek Weincloud version 0.13.6 Description: The issue is related to the incorrect handling of construction elements in the Weincloud cloud platform for managing industrial devices. An attacker could exploit this by sending a forged JWT toke...

7.8CVSS7.3AI score0.00531EPSS
Exploits0References7
Rows per page
Query Builder