B&R Industrial Automation Security Vulnerabilities

Propovoice CRM <= 1.7.6.2 - Unauthenticated Stored Cross-Site Scripting

Description The Propovoice CRM – Best CRM & Invoicing Plugin to Manage Leads, Clients and Billings automation plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.6.2 due to insufficient input sanitization and output escaping. This makes it...

Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft

CVE 30190 Amine TITROFINE | December 17, 2022 ...

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with...

Atlassian Jira Server/Data Center <8.5.8/8.6.0 - 8.11.1 - Information Disclosure

Atlassian Jira Server and Data Center before 8.5.8 and 8.6.0 through 8.11.1 are susceptible to information disclosure via the /secure/QueryComponent!Default.jspa endpoint. An attacker can view custom field names and custom SLA...

CVE-2024-2425 Rockwell Automation - Denial-of-service and Input Validation Vulnerabilities in PowerFlex® 527

A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, the web server will crash and need a manual restart to recover...

RHEL 8 : Red Hat Ansible Automation Platform 2.0.1 Security and Bug fix Release (Important) (RHSA-2021:3874)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3874 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can...

CVE-2023-43123

On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method...

CVE-2023-45674

Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot's web app that allows authenticated attackers to extract arbitrary data from its database (including the user table). This issue may lead to Information...

Exploit for Code Injection in Vmware Spring Framework

Spring4Shell-POC (CVE-2022-22965)...

Security Bulletin: Vulnerabilities in Node.js and packages affect IBM Voice Gateway

Summary Security Vulnerabilities in Node.js and packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2024-31206 DESCRIPTION: **Node.js dectalk-tts module could allow a remote attacker to obtain sensitive information, caused by the use of...

CVE-2023-32171 Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability

Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this...

CVE-2023-32171 Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability

Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this...

Exploit for Code Injection in Crushftp

CVE-2024-4040 A server side template injection vulnerability...

CVE-2024-37369 Rockwell Automation FactoryTalk® View SE Local Privilege Escalation Vulnerability via Local File Permissions

A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the...

Medium: microcode_ctl

Issue Overview: 2024-05-09: CVE-2022-33196 was added to this advisory. Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network...

Mitsubishi Electric Automation MC-WorX 8.x ActiveX Control Remote Code Execution

Mitsubishi Electric Automation MC-WorX version 8.x was detected on the remote Windows Host. It is, therefore, affected by a remote code execution vulnerability due a flaw in an included ActiveX control,...

CVE-2024-25125

Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms. Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally. This issue may lead to...

Exploit for Path Traversal in Grafana

CVE-2021-43798 – Grafana Exploit About This is a...

CVE-2024-37369 Rockwell Automation FactoryTalk® View SE Local Privilege Escalation Vulnerability via Local File Permissions

A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the...

Rockwell Automation Studio 5000 Logix Designer Improper Control of Generation of Code (CVE-2022-1159)

Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user. This plugin only works with Tenable.ot. Please visit...

Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft

CVE 30190 Amine TITROFINE | December 17, 2022 ...

CVE-2023-50222 Inductive Automation Ignition ResponseParser Notification Deserialization of Untrusted Data Remote Code Execution Vulnerability

Inductive Automation Ignition ResponseParser Notification Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit.....

CVE-2023-34264 Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that...

CVE-2023-34262 Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that...

Improper handling of JavaScript whitespace in html/template

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during...

CVE-2023-45733

Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...

Exploit for CVE-2022-21449

CVE-2022-21449-TLS-PoC CVE-2022-21449 ([also dubbed Psychic...

CVE-2024-29199

Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration...

CVE-2023-34262 Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that...

Exploit for Command Injection in Ivanti Connect Secure

🚨 CVE-2024-21887 Exploit Tool 🛠️ A robust tool for detecting...

CVE-2023-22655

Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local...

Exploit for Deserialization of Untrusted Data in Apache Log4J

POC for CVE-2021-44228 This python script was created while...

SuiteCRM Unauthenticated Graphql Introspection

Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and...

CVE-2023-38417

Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent...

CVE-2023-47855

Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...

CVE-2023-45745

Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...

CVE-2018-16153

An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some...

CVE-2023-46103

Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local...

CVE-2024-5659

Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device...

CVE-2023-45733

Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...

Hakuin - A Blazing Fast Blind SQL Injection Optimization And Automation Framework

Hakuin is a Blind SQL Injection (BSQLI) optimization and automation framework written in Python 3. It abstracts away the inference logic and allows users to easily and efficiently extract databases (DB) from vulnerable web applications. To speed up the process, Hakuin utilizes a variety of...

CVE-2023-44378

gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of a, for small values there exists a second decomposition for...

CVE-2023-37304

An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment...

CVE-2023-47210

Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft

PoC for the ThemeBleed CVE-2023-38146 exploit (Windows 11...

CVE-2023-34271 Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that...

CVE-2023-34269 Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell...

CVE-2023-45745

Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell...