B&R Industrial Automation Security Vulnerabilities
7.3AI Score
Siemens SIMATIC TIA Portal Detection
The remote host is running Siemens SIMATIC TIA (Totally Integrated Automation) Portal. This software is commonly used for engineering SIMATIC S7 programmable logic...
3.2AI Score
Improper buffer restrictions in some Intel(R) QAT Library software before version 22.07.1 may allow a privileged user to potentially enable information disclosure via local...
2.3CVSS
6.4AI Score
0.0004EPSS
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when...
6.5CVSS
6.4AI Score
0.001EPSS
In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of...
9.8CVSS
7.1AI Score
0.001EPSS
StruxureWare SCADA Expert ClearSCADA Detection
StruxureWare SCADA Expert ClearSCADA (formerly Schneider Electric ClearSCADA), a suite of tools targeting factory and process automation solutions, is installed on the remote Windows...
2.7AI Score
7.4AI Score
A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions),...
6.5CVSS
6.6AI Score
0.0004EPSS
Loxone Smart Home Miniserver Web Server Version Detection
The remote device is a Loxone Smart Home Miniserver, a home automation solution. Nessus was able to extract the version from the web sever's...
2.5AI Score
An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClient_setCommandTerminationHandler in client/client_control.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the client_example_control...
7.5CVSS
7.6AI Score
0.001EPSS
Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local...
5.5CVSS
6.6AI Score
0.0004EPSS
Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local...
5.5CVSS
6.4AI Score
0.0004EPSS
An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClient_setCommandTerminationHandler in client/client_control.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the client_example_control...
6.9AI Score
0.001EPSS
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs /files/get/?name=... and /files/download/?name=... are used to provide....
5.3CVSS
7.2AI Score
0.001EPSS
File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self...
9.8CVSS
8.1AI Score
0.012EPSS
Siemens SIMATIC WinCC (TIA Portal) Detection
Siemens SIMATIC WinCC Totally Integrated Automation Portal (TIA Portal) is installed on the remote Windows host. This software is commonly used for engineering SIMATIC S7 programmable logic...
3.9AI Score
Microsoft SQL Server Configuration Enumerator
This module will perform a series of configuration audits and security checks against a Microsoft SQL Server database. For this module to work, valid administrative user credentials must be...
7.9AI Score
XWiki < 4.10.15 - Email Disclosure
The Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email* using XWiki's regular search...
5.3CVSS
6.8AI Score
0.007EPSS
Exploit for Injection in Atlassian Confluence Data Center
Atlassian Confluence CVE-2023-22527 Scanner 🛡️ Overview 🌟...
9.8CVSS
9.2AI Score
0.973EPSS
FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at...
6.1CVSS
6.1AI Score
0.001EPSS
Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS
A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with...
7.4AI Score
0.0004EPSS
Siemens SIMATIC STEP 7 (TIA Portal) Detection
Siemens SIMATIC STEP 7 Totally Integrated Automation Portal (TIA Portal) is installed on the remote Windows host. This software is commonly used for engineering SIMATIC S7 programmable logic...
3.6AI Score
Exploit for Deserialization of Untrusted Data in Salesagility Suitecrm
CVE-2022-23940 PoC for...
8.8CVSS
0.9AI Score
0.003EPSS
Improper access control in the Intel(R) HAXM software before version 7.7.1 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.1AI Score
0.0004EPSS
An input validation vulnerability exists in the Rockwell Automation 5015-AENFTXT that causes the secondary adapter to result in a major nonrecoverable fault (MNRF) when malicious input is entered. If exploited, the availability of the device will be impacted, and a manual restart is required....
7.5CVSS
6.6AI Score
0.0004EPSS
Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...
6.5CVSS
6.2AI Score
0.001EPSS
Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is required to...
7.5CVSS
7.7AI Score
0.0005EPSS
An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClient_setCommandTerminationHandler in client/client_control.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the client_example_control...
7.6AI Score
0.001EPSS
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled...
7.5CVSS
7.1AI Score
0.003EPSS
Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable information disclosure via local...
5.5CVSS
6.3AI Score
0.0004EPSS
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local...
6.5CVSS
8.3AI Score
0.0004EPSS
Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local...
6.7CVSS
7.6AI Score
0.0004EPSS
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local...
6.4CVSS
6.3AI Score
0.0004EPSS
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local...
6.4CVSS
6.1AI Score
0.0004EPSS
Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local...
5.5CVSS
6.8AI Score
0.0004EPSS
Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this...
6.5CVSS
6.4AI Score
0.0005EPSS
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.3AI Score
0.0004EPSS
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to...
2.7CVSS
0.0004EPSS
Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local...
6.1CVSS
6.6AI Score
0.001EPSS
Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that...
7.8CVSS
8AI Score
0.001EPSS
Exploit for Command Injection in Tp-Link Tapo C200 Firmware
TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE)...
9.8CVSS
9.9AI Score
0.251EPSS
Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local...
7.3CVSS
7.1AI Score
0.0004EPSS
Improper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded before 04/29/2022 may allow an unauthenticated user to potentially enable escalation of privilege via network...
9.8CVSS
7.4AI Score
0.002EPSS
Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X (SMAX) versions 2020.05,...
6.5CVSS
6.7AI Score
0.0004EPSS
Exploit for Code Injection in Apache Commons Text
CVE-2022-42889-POC A simple demo application that shows how...
9.8CVSS
0.3AI Score
0.972EPSS
Exploit for Embedded Malicious Code in Tukaani Xz
CVE-2024-3094-info CVE-2024-3094 PoC Exploration...
10CVSS
9.9AI Score
0.133EPSS
Buffer overflow in some Intel(R) QAT drivers for Windows - HW Version 1.0 before version 1.10 may allow an authenticated user to potentially enable escalation of privilege via local...
7.9CVSS
7.4AI Score
0.0004EPSS
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to...
2.7CVSS
3.8AI Score
0.0004EPSS
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL.....
7.5CVSS
6.5AI Score
0.0004EPSS