20 matches found
EUVD-2021-19722
Malware in sbrugna...
EUVD-2021-19746
Malware in sbrugna...
EUVD-2021-19742
Malware in sbrugna...
CVE-2021-33025
xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges...
CVE-2021-33001
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code...
CVE-2021-33001
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code...
CVE-2021-33025
xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges...
Cross site scripting
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code...
Cross site scripting
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘edate’ of the resource xhisalarm.htm, which may allow an unauthorized attacker to execute arbitrary code...
Code injection
xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges...
CVE-2021-33025 xArrow SCADA Path Traversal
xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges...
CVE-2021-33025 xArrow SCADA Path Traversal
xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges...
CVE-2021-33021 xArrow SCADA Cross-site Scripting
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘edate’ of the resource xhisalarm.htm, which may allow an unauthorized attacker to execute arbitrary code...
CVE-2021-33021 xArrow SCADA Cross-site Scripting
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘edate’ of the resource xhisalarm.htm, which may allow an unauthorized attacker to execute arbitrary code...
CVE-2021-33001 xArrow SCADA Cross-site Scripting
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code...
CVE-2021-33001 xArrow SCADA Cross-site Scripting
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code...
CVE-2021-33001
The CVE-2021-33001 entry affects xArrow SCADA, version 7.2 and prior, where cross-site scripting can occur via the bdate parameter in xhisvalue.htm. The incident is documented in multiple sources (NVD entry for CVE-2021-33001 and CISA ICS advisory ICSA-21-229-03) confirming affected product, vuln...
xArrow SCADA 跨站脚本漏洞
xArrow SCADA is an installer for industrial control products from xArrow in China. A cross-site scripting vulnerability exists in xArrow SCADA. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execut...
xArrow SCADA 输入验证错误漏洞
xArrow SCADA is an installer for industrial control products from xArrow in China. An input validation error vulnerability exists in xArrow SCADA version 7.2 and prior versions, which arises from allowing unauthenticated registry entries to run with application-level privileges...
xArrow SCADA
1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: xArrow Equipment: xArrow SCADA Vulnerabilities: Cross-site Scripting, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in remote code execution...