A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal....
8.8CVSS
7.2AI Score
0.001EPSS
Exploit for Incorrect Authorization in Atlassian Confluence Data Center
CVE-2023-22518 Improper Authorization Vulnerability in...
9.8CVSS
7.2AI Score
0.962EPSS
Exploit for PHP External Variable Modification in Juniper Junos
Automation for Juniper CVE:2023-36845 by Asbawy -> Modified...
9.8CVSS
7.2AI Score
0.967EPSS
Advantech WebAccess Web Administration Interface Detection
The remote host is running a web interface for Advantech WebAccess, a web-based SCADA HMI...
2AI Score
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s).....
6.9AI Score
0.0004EPSS
CVE-2024-30078 Detection and Command Execution Script This...
8.8CVSS
8.2AI Score
0.001EPSS
Fedora 39 : R (2024-07b7b83a4f)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-07b7b83a4f advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including...
8.8CVSS
8AI Score
0.0004EPSS
r-broker.ru Cross Site Scripting vulnerability OBB-3918433
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction...
6.3CVSS
6.2AI Score
0.001EPSS
Inductive Automation Ignition Detection
Inductive Automation Ignition, a web based SCADA HMI solution, was detected on the remote...
1.1AI Score
Fedora 38 : R (2024-bc590cb3f1)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bc590cb3f1 advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including...
8.8CVSS
7.4AI Score
0.0004EPSS
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado
Summary When Tornado receives a request with two Transfer-Encoding: chunked headers, it ignores them both. This enables request smuggling when Tornado is deployed behind a proxy server that emits such requests. Pound does this. PoC Install Tornado. Start a simple Tornado server that echoes each...
7AI Score
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado
Summary When Tornado receives a request with two Transfer-Encoding: chunked headers, it ignores them both. This enables request smuggling when Tornado is deployed behind a proxy server that emits such requests. Pound does this. PoC Install Tornado. Start a simple Tornado server that echoes each...
7AI Score
CVE-2024-30078 Detection and Command Execution Script This...
8.8CVSS
10AI Score
0.001EPSS
Rockwell Automation ControlLogix Communications Modules Multiple Vulnerabilities
Rockwell Automation ControlLogix Communications Modules are affected by multiple vulnerabilities, as follows: A remote code execution vulnerability via crafted CIP messages. (CVE-2023-3595) A denial of service vulnerability via crafted CIP messages. (CVE-2023-3596) Note that Nessus has not...
9.8CVSS
7.7AI Score
0.001EPSS
Rockwell Automation RSLinx Classic <= 4.00.01 Multiple Vulnerabilities
The remote host has a version of RSLinx Classic installed that is v4.00.01 or prior. It is, therefore, affected by multiple...
2.5AI Score
8.8CVSS
7.3AI Score
0.008EPSS
CVE-2024-0220 B&R products use insufficient communication encryption
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive...
8.3CVSS
8.7AI Score
0.0004EPSS
5.5CVSS
6.8AI Score
0.0004EPSS
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: consul, frp, flux-image-reflector-controller, external-secrets-operator, kube-state-metrics, gomplate, aws-load-balancer-controller, newrelic-infrastructure-agent, influxd, thanos-operator, nfs-subdir-external-provisioner, opentofu, gatekeeper, nri-prometheus,...
7.5AI Score
HP Client Automation radexecd.exe Remote Command Execution
The HP Client Automation service on the remote port is affected by a command execution vulnerability. The vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Client Automation. Authentication is not required to exploit the vulnerability. The flaw...
7.2AI Score
0.813EPSS
Exploit for OS Command Injection in Dolibarr Dolibarr Erp/Crm
CVE-2023-30253 Exploit Dolibarr...
8.8CVSS
7.4AI Score
0.008EPSS
Exploit for OS Command Injection in Dolibarr Dolibarr Erp/Crm
CVE-2023-30253 Exploit Dolibarr...
8.8CVSS
7.4AI Score
0.008EPSS
Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control...
7.8CVSS
7.6AI Score
0.009EPSS
Vulnerabilities for packages: consul, frp, flux-image-reflector-controller, external-secrets-operator, kube-state-metrics, gomplate, aws-load-balancer-controller, newrelic-infrastructure-agent, influxd, thanos-operator, nfs-subdir-external-provisioner, opentofu, gatekeeper, nri-prometheus,...
6.1CVSS
7.3AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when accessed, they default to the root inode's...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when accessed, they default to the root inode's...
6.8AI Score
0.0004EPSS
Inductive Automation Ignition 8.x < 8.0.10 Multiple Vulnerabilities
The version of Inductive Automation Ignition running on the remote host is affected by multiple vulnerabilities : A denial of service (DoS) vulnerability exists due to an unprotected logging route when the Perspective Module is running. An unauthenticated, remote attacker can exploit...
7.5CVSS
2.3AI Score
0.845EPSS
Rockwell Automation RSLinx Classic < 4.11.00 Local Privilege Escalation
The remote host has a version of RSLinx Classic installed that is prior to 4.11.00. It is, therefore, affected by a local privilege escalation vulnerability where an authenticated attacker could modify a registry key, thiw could lead to the execution of malicious code usying system privileges when....
3.8AI Score
Rockwell Automation RSLinx Classic < 4.00.01 Local Privilege Escalation
The remote host has a version of RSLinx Classic installed that is prior to 4.00.01. It is, therefore, affected by a local privilege escalation vulnerability due to an unquoted path for a Windows service. A local attacker can gain elevated privileges by inserting an executable file in the path of...
4.4AI Score
Exploit for Injection in Gitlab
CVE-2022-2992 Authenticated Remote Command Execution in...
9.9CVSS
9.8AI Score
0.028EPSS
[SECURITY] Fedora 40 Update: qt5-qtserialbus-5.15.14-1.fc40
Qt Serial Bus (API) provides classes and functions to access the various industrial serial buses and protocols, such as CAN, ModBus, and...
6.5AI Score
0.0004EPSS
Rockwell Automation RSLinx Classic Detection
The remote host has a version of Rockwell Automation RSLinx Classic installed, software commonly used for managing industrial automation control...
3.4AI Score
Micro Focus Network Automation Detection
Micro Focus Network Automation (formerly HP Network Automation), a web-based application for automating IT processes, is running on the remote...
1.2AI Score
Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local...
5.3CVSS
5.5AI Score
0.0004EPSS
Siemens Automation License Manager Detection
The remote host has Siemens Automation License Manager installed. Siemens Automation License Manager is used for authorizing and licensing Siemens SIMATIC Industry...
2.2AI Score
Rockwell Automation ControlLogix Service Detection
The remote host is a Rockwell Automation 1756 ControlLogix...
7AI Score
Inductive Automation Ignition Multiple Vulnerabilities
The version of Inductive Automation Ignition listening on the remote host is affected by multiple vulnerabilities : A cross-site scripting vulnerability exists in Java Web Start when adding any symbols to web requests for starting Java applets. A remote attacker can exploit this to...
0.5AI Score
0.006EPSS
Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that...
8.4AI Score
0.052EPSS
9.8CVSS
7AI Score
0.001EPSS
Exploit for Code Injection in Openplcproject Openplc V3 Firmware
CVE-2021-31630 Modified the PoC...
8.8CVSS
6.6AI Score
0.006EPSS
R Programming Language 1.4.0 < 4.4.0 Insecure Deserialization
The version of the R Programming Language running on the remote host is 1.4.0 or later, before 4.4.0. It is, therefore, affected by an insecure deserialization vulnerability. Deserialization of untrusted data can occur, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R.....
8.8CVSS
7.9AI Score
0.0004EPSS
CVE-2024-28764 IBM WebSphere Automation CSV injection
IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: ...
6.5CVSS
6.9AI Score
0.0004EPSS
Siemens Automation License Manager 5.x < 5.3.4.4 Multiple Vulnerabilities
The remote host has a version of Siemens Automation License Manager installed that is affected by the following vulnerabilities : A user-input validation error exists that allows a directory traversal attack. This could allow, among other actions, code execution. User interaction is ...
8.8CVSS
4.2AI Score
0.01EPSS
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: consul, frp, flux-image-reflector-controller, external-secrets-operator, kube-state-metrics, gomplate, aws-load-balancer-controller, newrelic-infrastructure-agent, influxd, thanos-operator, nfs-subdir-external-provisioner, opentofu, gatekeeper, nri-prometheus,...
7.5AI Score
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: consul, nri-mssql, crossplane, frp, cert-manager, flux-image-reflector-controller, external-secrets-operator, kube-state-metrics, step, gomplate, kubernetes-event-exporter, trivy, influxd, nfs-subdir-external-provisioner, opentofu, prometheus-nats-exporter,...
7.5AI Score
Siemens Automation License Manager 6.x < 6.0.1 Directory Traversal
The version of Siemens Automation License Manager installed on the remote host is version 6.x prior to 6.0.1 and thus, is affected by a user-input validation error that allows a directory traversal attack. This could allow, among other actions, code execution. User interaction is required for this....
4.9AI Score
WebCTRL OEM <= 6.5 - Cross-Site Scripting
WebCTRL OEM 6.5 and prior is susceptible to a cross-site scripting vulnerability because the login portal does not sanitize the operatorlocale GET...
6.1CVSS
6AI Score
0.014EPSS
Exploit for OS Command Injection in Php
CVE-2024-4577 Argument injection vulnerability in PHP...
9.8CVSS
7.2AI Score
0.932EPSS
Rockwell Automation RSLinx Classic <= 2.57.00.14 DoS (CVE-2020-13573)
The remote host has a version of RSLinx Classic installed that is prior or equal to 2.57.00.14. It is, therefore, potentially affected by a denial of service vulnerability in the Ethernet/IP server implementation. A remote, unauthenticated attacker could cause the device to crash by sending a...
7.5CVSS
3.6AI Score
0.019EPSS