Lucene search

K

B&R Industrial Automation Security Vulnerabilities

ibm
ibm

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for March 2023.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF003. Vulnerability Details ** CVEID: CVE-2024-26308 DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error. By persuading a victim to open a...

8.1CVSS

7.1AI Score

0.001EPSS

2024-04-24 11:55 AM
10
cve
cve

CVE-2023-46285

A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All ver...

7.5CVSS

7.2AI Score

0.0005EPSS

2023-12-12 12:15 PM
46
cve
cve

CVE-2023-46282

A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All ver...

7.1CVSS

5.8AI Score

0.0005EPSS

2023-12-12 12:15 PM
41
cgr
cgr

GHSA-9763-4F94-GFCH vulnerabilities

Vulnerabilities for packages: tkn, zarf, flux-notification-controller, kubescape, boring-registry, apko, pulumi-language-yaml, scorecard, slsa-verifier, sops, flux-notification-controller-2.0, flux-source-controller-0.37, aactl, pulumi-language-dotnet, wolfictl, skaffold, cosign, pulumi, keda,...

7.3AI Score

2024-05-19 03:07 AM
70
cve
cve

CVE-2023-46283

A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All ver...

7.5CVSS

7.5AI Score

0.0005EPSS

2023-12-12 12:15 PM
38
openbugbounty
openbugbounty

r-nagata.co.jp Cross Site Scripting vulnerability OBB-3877772

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-03-18 11:30 PM
4
ibm
ibm

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.2 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.2 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2023-34055 DESCRIPTION: **VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when application uses Spring MVC...

9.8CVSS

10AI Score

0.012EPSS

2024-04-24 03:52 PM
13
cvelist
cvelist

CVE-2023-3242

Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation...

8.6CVSS

8.7AI Score

0.0005EPSS

2023-07-26 05:36 PM
ibm
ibm

Security Bulletin: IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager is vulnerable to a denial of service

Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2023-51775) Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions...

9.1AI Score

0.0004EPSS

2024-04-23 06:47 AM
5
nvd
nvd

CVE-2023-3242

Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation...

5.9CVSS

8.6AI Score

0.0005EPSS

2023-07-26 06:15 PM
1
cve
cve

CVE-2023-46284

A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All ver...

7.5CVSS

7.5AI Score

0.0005EPSS

2023-12-12 12:15 PM
44
osv
osv

CVE-2023-38999

A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service (DoS) via a crafted GET...

6.5CVSS

7.1AI Score

0.0005EPSS

2023-08-09 07:15 PM
1
osv
osv

CVE-2023-39005

Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before...

7.5CVSS

7.2AI Score

0.001EPSS

2023-08-09 07:15 PM
7
osv
osv

CVE-2023-27772

libiec61850 v1.5.1 was discovered to contain a segmentation violation via the function ControlObjectClient_setOrigin() at...

7.5CVSS

7.5AI Score

0.001EPSS

2023-04-13 06:15 PM
4
cve
cve

CVE-2023-46281

A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All ver...

8.8CVSS

7AI Score

0.001EPSS

2023-12-12 12:15 PM
42
osv
osv

CVE-2023-38997

A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP...

7.2CVSS

7.9AI Score

0.001EPSS

2023-08-09 07:15 PM
4
osv
osv

CVE-2023-27152

DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass...

9.8CVSS

7.1AI Score

0.001EPSS

2023-10-23 09:15 PM
4
osv
osv

CVE-2023-39000

A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to inject arbitrary JavaScript via the URL...

6.1CVSS

5.8AI Score

0.0005EPSS

2023-08-09 07:15 PM
6
osv
osv

CVE-2023-44276

OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby...

5.4CVSS

5.9AI Score

0.001EPSS

2023-09-28 05:15 AM
6
osv
osv

CVE-2023-39003

OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory...

7.5CVSS

7.5AI Score

0.001EPSS

2023-08-09 07:15 PM
3
osv
osv

CVE-2023-39001

A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration...

9.8CVSS

8.3AI Score

0.001EPSS

2023-08-09 07:15 PM
3
osv
osv

CVE-2023-38998

An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted...

6.1CVSS

6.8AI Score

0.0005EPSS

2023-08-09 07:15 PM
2
openvas
openvas

Fedora: Security Advisory for R (FEDORA-2024-07b7b83a4f)

The remote host is missing an update for...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-27 12:00 AM
openvas
openvas

Fedora: Security Advisory for R (FEDORA-2024-bc590cb3f1)

The remote host is missing an update for...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-27 12:00 AM
osv
osv

[ADT-3 R] RVC - CTS: StagefrightTest#testStagefright_bug_65483665 failure

In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for...

6.5CVSS

6.3AI Score

0.001EPSS

2021-02-01 12:00 AM
4
osv
osv

CVE-2023-44275

OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby...

5.4CVSS

5.9AI Score

0.001EPSS

2023-09-28 05:15 AM
1
osv
osv

CVE-2023-39004

Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege...

9.8CVSS

6.8AI Score

0.001EPSS

2023-08-09 07:15 PM
4
osv
osv

CVE-2023-39006

The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input...

5.4CVSS

7.2AI Score

0.0004EPSS

2023-08-09 07:15 PM
4
osv
osv

CVE-2023-39008

A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system...

9.8CVSS

8.2AI Score

0.001EPSS

2023-08-09 07:15 PM
1
osv
osv

CVE-2023-39007

/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in...

9.6CVSS

5.9AI Score

0.001EPSS

2023-08-09 07:15 PM
3
osv
osv

CVE-2023-39002

A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted...

6.1CVSS

5.9AI Score

0.001EPSS

2023-08-09 07:15 PM
2
cisco
cisco

Cisco Firepower Threat Defense Software Encrypted Archive File Policy Bypass Vulnerability

A vulnerability in the file policy feature that is used to inspect encrypted archive files of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured file policy to block an encrypted archive file. This vulnerability exists because of a.....

7.3AI Score

0.0004EPSS

2024-05-22 04:00 PM
5
openbugbounty
openbugbounty

r-fujita.jcp-ota.jp Cross Site Scripting vulnerability OBB-3869760

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-03-12 08:42 AM
5
openvas
openvas

Siemens SIMATIC S7 Device Detection Consolidation

Consolidation of Siemens SIMATIC S7 device...

7.3AI Score

2016-06-15 12:00 AM
21
cve
cve

CVE-2023-2765

A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This vulnerability affects unknown code of the file /E-mobile/App/System/File/downfile.php. The manipulation of the argument url leads to absolute path traversal. The attack can be initiated remotely. The exploit.....

7.5CVSS

7.6AI Score

0.006EPSS

2023-05-17 05:15 PM
15
cve
cve

CVE-2021-42306

An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential on an Azure AD Application or Service Principal (which is not recommended). This vulnerability allows a user or service in...

8.1CVSS

6.3AI Score

0.003EPSS

2021-11-24 01:15 AM
37
redhat
redhat

(RHSA-2024:3483) Moderate: Red Hat Ansible Automation Platform 2.4 Container Security and Bug Fix Update

Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that...

7.6AI Score

0.05EPSS

2024-05-30 01:12 AM
4
cve
cve

CVE-2023-2766

A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. The...

7.5CVSS

7.6AI Score

0.079EPSS

2023-05-17 05:15 PM
15
githubexploit
githubexploit

Exploit for OS Command Injection in Proscend M330-W Firmware

CVE-2022-36779 exploit code for Unauthenticated OS...

9.8CVSS

7.3AI Score

0.002EPSS

2024-06-03 10:25 PM
64
nuclei
nuclei

Honeywell PM43 Printers - Command Injection

Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g....

9.9CVSS

9.8AI Score

0.71EPSS

2023-10-15 01:57 PM
4
cisco
cisco

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software DNS Inspection Denial of Service Vulnerability

A vulnerability in the DNS inspection handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to a lack of...

1.5AI Score

0.001EPSS

2022-04-27 04:00 PM
70
nessus
nessus

HP Client Automation Default Credentials

The remote install of HP Client Automation has a default password ('secret') set. An attacker may connect to it to reconfigure the application and control remote...

7.5AI Score

2011-03-25 12:00 AM
22
nuclei
nuclei

Milesight Routers - Information Disclosure

A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router...

7.5CVSS

7.8AI Score

0.006EPSS

2023-10-02 08:21 AM
10
wpvulndb
wpvulndb

Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce < 5.7.18 - Missing Authorization

Description The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content function in all versions up to, and including,....

4.3CVSS

9AI Score

0.001EPSS

2024-05-22 12:00 AM
openbugbounty
openbugbounty

r-b-a.ru Cross Site Scripting vulnerability OBB-3906108

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-04-05 02:49 PM
7
ibm
ibm

Security Bulletin: IBM Workload Automation is potentially affected by a vulnerability in OpenSSL that might cause Denial of Service

Summary IBM Workload Automation is potentially affected by multiple vulnerabilities in OpenSSL that could cause Denial of Service (CVE-2023-4807, CVE-2023-3817) Vulnerability Details ** CVEID: CVE-2023-4807 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a state corruption...

7.8CVSS

9.5AI Score

0.001EPSS

2024-06-07 11:06 AM
8
openbugbounty
openbugbounty

r-toyota.co.jp Cross Site Scripting vulnerability OBB-3916414

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-04-11 01:57 PM
2
cisco
cisco

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Authorization Bypass Vulnerability

A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an...

7.2AI Score

0.0004EPSS

2024-05-22 04:00 PM
5
cisco
cisco

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Inactive-to-Active ACL Bypass Vulnerability

A vulnerability in the activation of an access control list (ACL) on Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected...

7.2AI Score

0.0004EPSS

2024-05-22 04:00 PM
6
githubexploit
githubexploit

Exploit for Incorrect Authorization in Atlassian Confluence Data Center

CVE-2023-22518 Improper Authorization Vulnerability in...

9.8CVSS

7.2AI Score

0.962EPSS

2023-10-31 05:35 AM
24
Total number of security vulnerabilities126572