The vulnerability of the server for computer control and monitoring of Emerson Dixell XWEB-500 allows a intruder to execute arbitrary code.

The vulnerability of the server for computer control and monitoring of Emerson Dixell XWEB-500 is related to the absence of authentication for a critical function. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

The vulnerability of the server for computer control and monitoring systems of Emerson Dixell XWEB-500 allows a intruder to disclose protected information.

The vulnerability of the server for computer control and monitoring of refrigeration equipment from Emerson Dixell XWEB-500 is related to the lack of protection for operational data. Exploiting this vulnerability can allow a remote attacker to disclose the protected information...

CVE-2021-45421

Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed or replaced...

CVE-2021-45420

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to...

Information disclosure

UNSUPPORTED WHEN ASSIGNED Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed ...

Design/Logic Flaw

UNSUPPORTED WHEN ASSIGNED Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication...

CVE-2021-45420

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to...

CVE-2021-45420

Emerson Dixell XWEB-500 devices are affected by an unauthenticated arbitrary file-write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. Exploitation allows writing arbitrary files to the target system, with potential denial of service and remote ...

CVE-2021-45421

Summary (CVE-2021-45421): Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A misconfiguration in the embedded web server allows an attacker to access files in remote directories. The affected device is described as no longer supported since 2018 and s...

CVE-2021-45421

Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed or replaced...

Emerson Xweb-500 授权问题漏洞

Emerson Xweb-500 is a data logging and remote monitoring system based on Web server technology from Emerson Electric Company USA. An authorization issue vulnerability exists in Emerson Xweb-500 that arises from the Emerson Dixell XWEB-500 product being affected by /cgi-bin/logoextraupload.cgi,...

Emerson Dixell XWEB-500 信息泄露漏洞

The Emerson Xweb-500 is a data logging and remote monitoring system based on Web server technology from Emerson Electric Company USA. An information disclosure vulnerability exists in the Emerson Dixell XWEB-500 that stems from the Emerson Dixell XWEB-500 product being affected by information...

PT-2022-7246 · Emerson · Emerson Dixell Xweb-500

Name of the Vulnerable Software and Affected Versions: Emerson Dixell XWEB-500 affected versions not specified Description: The issue is related to information disclosure via directory listing, allowing a potential attacker to access all files in remote directories. This is due to a...

Dixell XWEB 500 - Arbitrary File Write Vulnerability

Exploit Title: Dixell XWEB-500 - Arbitrary File Write Google Dork: inurl:"xweb500.cgi" Exploit Author: Roberto Palamaro Vendor Homepage: https://climate.emerson.com/it-it/shop/1/dixell-electronics-sku-xweb500-evo-it-it Version: XWEB-500 Tested on: Dixell XWEB-500 References:...

Dixell XWEB 500 Arbitrary File Write

Exploit Title: Dixell XWEB-500 - Arbitrary File Write Google Dork: inurl:"xweb500.cgi" Date: 03/01/2022 Exploit Author: Roberto Palamaro Vendor Homepage: https://climate.emerson.com/it-it/shop/1/dixell-electronics-sku-xweb500-evo-it-it Version: XWEB-500 Tested on: Dixell XWEB-500 References:...

Dixell XWEB 500 - Arbitrary File Write

Exploit Title: Dixell XWEB-500 - Arbitrary File Write Google Dork: inurl:"xweb500.cgi" Date: 03/01/2022 Exploit Author: Roberto Palamaro Vendor Homepage: https://climate.emerson.com/it-it/shop/1/dixell-electronics-sku-xweb500-evo-it-it Version: XWEB-500 Tested on: Dixell XWEB-500 References:...