Lucene search

K

B&R Industrial Automation Security Vulnerabilities

nessus
nessus

Rockwell Automation RSLinx Classic <= 2.57.00.14 DoS (CVE-2020-13573)

The remote host has a version of RSLinx Classic installed that is prior or equal to 2.57.00.14. It is, therefore, potentially affected by a denial of service vulnerability in the Ethernet/IP server implementation. A remote, unauthenticated attacker could cause the device to crash by sending a...

7.5CVSS

3.6AI Score

0.019EPSS

2021-01-22 12:00 AM
23
nuclei
nuclei

VMware - Local File Inclusion

VMware Workspace ONE Access, Identity Manager, and Realize Automation are vulnerable to local file inclusion because they contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without....

9.8CVSS

9.3AI Score

0.641EPSS

2022-08-10 12:24 PM
9
fedora
fedora

[SECURITY] Fedora 40 Update: qt6-qtserialbus-6.7.1-1.fc40

Qt Serial Bus (API) provides classes and functions to access the various industrial serial buses and protocols, such as CAN, ModBus, and...

6.2AI Score

0.0004EPSS

2024-05-29 03:37 AM
4
osv
osv

CVE-2023-28746

Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-03-14 05:15 PM
24
nuclei
nuclei

Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution

Micro Focus Operations Bridge Manager in versions 2020.05 and below is vulnerable to remote code execution via UCMDB. The vulnerability allows remote attackers to execute arbitrary code on affected installations of Data Center Automation. An attack requires network access and authentication as a...

8.8CVSS

9AI Score

0.837EPSS

2021-02-26 12:19 PM
4
alpinelinux
alpinelinux

CVE-2023-28746

Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-03-14 05:15 PM
6
wolfi
wolfi

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: consul, nri-mssql, crossplane, frp, cert-manager, flux-image-reflector-controller, external-secrets-operator, kube-state-metrics, step, gomplate, kubernetes-event-exporter, trivy, influxd, nfs-subdir-external-provisioner, opentofu, prometheus-nats-exporter,...

5.9CVSS

7.1AI Score

0.962EPSS

2024-06-17 09:08 AM
131
nessus
nessus

VMware vRealize Automation Web UI Detection

The remote web server is running the web UI for VMware vRealize Automation, a cloud automation virtual appliance. Note: To obtain accurate version and build information provide HTTP basic authentication...

2.5AI Score

2016-04-27 12:00 AM
10
ibm
ibm

Security Bulletin: Vulnerabilities in axios affect IBM Voice Gateway

Summary Security Vulnerabilities in axios affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details ** IBM X-Force ID: 294242 DESCRIPTION: **Node.js Axios module is vulnerable to a denial of service, caused by a prototype pollution in the formDataToJSON function. By.....

8.1AI Score

2024-06-11 08:00 PM
1
ibm
ibm

Security Bulletin: Denial of service vulnerability in Johnzon affects IBM Business Automation Workflow - CVE-2023-33008

Summary IBM Business Automation Workflow is vulnerable to a denial of service attack. Vulnerability Details ** CVEID: CVE-2023-33008 DESCRIPTION: **Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in BigDecimal. By sending a specially crafted JSON...

5.3CVSS

6.7AI Score

0.002EPSS

2024-04-04 01:25 PM
10
nessus
nessus

Siemens Automation License Manager Multiple Vulnerabilities

The remote host has a version of Siemens Automation License Manager installed that is affected by the following vulnerabilities : There are multiple buffer overflows that can be exploited to execute arbitrary code by sending a message to the Automation License Manager TCP service...

2.2AI Score

0.02EPSS

2013-01-09 12:00 AM
16
ibm
ibm

Security Bulletin: Vulnerability in Java affects Tivoli System Automation for Multiplatforms shipped with IBM® Db2® LUW. (CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850)

Summary Security vulnerabilities have been identified in Java that affect Tivoli System Automation for Multiplatforms (TSAMP) shipped as a component of IBM Db2. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions TSAMP...

7.5CVSS

6.8AI Score

0.001EPSS

2024-06-05 03:47 PM
2
cvelist
cvelist

CVE-2024-28775 IBM WebSphere Automation cross-site scripting

IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

4.4CVSS

4.7AI Score

0.0004EPSS

2024-05-01 12:55 PM
githubexploit

8.6CVSS

6.3AI Score

0.945EPSS

2024-05-30 04:23 PM
70
ibm
ibm

Security Bulletin: Insecure XML parsing vulnerability affect IBM Business Automation Workflow - CVE-2014-0107, CVE-2022-34169

Summary IBM Business Automation Workflow reintroduced an outdated version of the Xalan library. Vulnerability Details ** CVEID: CVE-2014-0107 DESCRIPTION: **Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An...

7.5CVSS

10AI Score

0.005EPSS

2024-04-04 09:35 AM
16
vulnrichment
vulnrichment

CVE-2021-22280 DLL Hijacking Vulnerability in Automation Studio

Improper DLL loading algorithms in B&R Automation Studio versions &gt;=4.0 and &lt;4.12 may allow an authenticated local attacker to execute code in the context of the...

7.2CVSS

7AI Score

0.0004EPSS

2024-05-14 07:36 PM
mageia
mageia

Updated microcode packages fix security vulnerabilities

The updated package fixes security vulnerabilities: Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access. (CVE-2023-45733) Sequence of processor instructions leads to unexpected...

7.9CVSS

6.3AI Score

0.0004EPSS

2024-06-03 09:30 PM
5
githubexploit
githubexploit

Exploit for Race Condition in Apple Ipados

desc_race "desc_race" (CVE-2021-30955) exploit for iOS 15.0 -...

7.3AI Score

2022-03-15 01:30 PM
249
githubexploit

8.6CVSS

6.3AI Score

0.945EPSS

2024-06-01 12:02 PM
118
nuclei
nuclei

Cisco ASA - Local File Inclusion

Cisco Adaptive Security Appliances (ASA) web interfaces could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an...

7.5CVSS

7.9AI Score

0.974EPSS

2020-04-22 06:42 AM
30
githubexploit
githubexploit

Exploit for Off-by-one Error in F5 Nginx

CVE-2021-23017-PoC ``` pip install -r requirements.txt...

7.7CVSS

8.1AI Score

0.52EPSS

2022-06-30 04:39 AM
984
nessus
nessus

Siemens Automation License Manager 5.x < 6.0.9 DoS (SSA-158827)

The version of Siemens Automation License Manager installed on the remote host is version 5.x prior to 6.0.9. It is, therefore, affected by a denial of service vulnerability. An attacker could exploit this by sending specially crafted packets to port 4410/tcp of an affected system. Note that...

3.8AI Score

2021-08-12 12:00 AM
12
cvelist

6.5CVSS

8.8AI Score

0.002EPSS

2023-07-11 05:02 PM
githubexploit
githubexploit

Exploit for OS Command Injection in Cisco Ios Xe

CVE-2023-20273 CVE-2023-20273 Exploit PoC Usage ```...

7.2CVSS

6.9AI Score

0.026EPSS

2023-12-09 07:25 AM
20
vulnrichment
vulnrichment

CVE-2022-38710 IBM Robotic Process Automation information disclosure

IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID:...

6AI Score

0.001EPSS

2022-11-03 12:00 AM
1
cvelist
cvelist

CVE-2021-22280 DLL Hijacking Vulnerability in Automation Studio

Improper DLL loading algorithms in B&R Automation Studio versions &gt;=4.0 and &lt;4.12 may allow an authenticated local attacker to execute code in the context of the...

7.2CVSS

7.2AI Score

0.0004EPSS

2024-05-14 07:36 PM
osv
osv

CVE-2022-41804

Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local...

7.2CVSS

7.3AI Score

0.0004EPSS

2023-08-11 03:15 AM
22
cvelist
cvelist

CVE-2022-38710 IBM Robotic Process Automation information disclosure

IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID:...

5.1AI Score

0.001EPSS

2022-11-03 12:00 AM
githubexploit
githubexploit

Exploit for CVE-2024-28890

Exploit Script This repository contains a Python script...

7.5AI Score

0.0004EPSS

2024-06-13 10:41 AM
49
githubexploit
githubexploit

Exploit for CVE-2024-31819

CVE-2024-31819 An issue in WWBN AVideo v.12.4 through v.14.2...

8AI Score

0.003EPSS

2024-06-09 08:48 AM
75
cve
cve

CVE-2023-5189

A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being...

6.5CVSS

6.2AI Score

0.001EPSS

2023-11-14 11:15 PM
104
osv
osv

CVE-2023-22655

Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local...

6.1CVSS

6.8AI Score

0.001EPSS

2024-03-14 05:15 PM
1
githubexploit
githubexploit

Exploit for CVE-2023-4596

Exploit Script This repository contains a Python script...

9.8CVSS

7.4AI Score

0.085EPSS

2024-06-13 10:41 AM
41
githubexploit
githubexploit

Exploit for Improper Validation of Specified Quantity in Input in Linux Linux Kernel

RNDIS-CO Summary The RNDIS USB Gadget may be exploited...

6.9AI Score

2022-02-17 02:02 PM
389
openbugbounty
openbugbounty

n-e-r-v-o-u-s.com Cross Site Scripting vulnerability OBB-3857032

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-02-23 01:31 PM
2
nuclei
nuclei

Horde/Horde Groupware - Local File Inclusion

Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver...

6.7AI Score

0.04EPSS

2021-07-27 05:32 AM
4
cve
cve

CVE-2023-4237

A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and...

7.8CVSS

7.2AI Score

0.0004EPSS

2023-10-04 03:15 PM
86
wpvulndb
wpvulndb

WP Fusion Lite – Marketing Automation and CRM Integration for WordPress < 3.43.0 - Information Exposure

Description The WP Fusion Lite – Marketing Automation and CRM Integration for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.42.10 through publicly exposed log files. This makes it possible for unauthenticated attackers to...

6.5AI Score

0.0004EPSS

2024-05-03 12:00 AM
6
nuclei
nuclei

Home Assistant Supervisor - Authentication Bypass

Home Assistant Supervisor is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered.This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older.....

10CVSS

9.6AI Score

0.034EPSS

2023-06-01 03:11 AM
6
osv
osv

[Android Auto] App permissions reset after upgrade on device from R build to S build

In parse of RoleParser.java, there is a possible way for default apps to get permissions explicitly denied by the user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS

7.5AI Score

0.0004EPSS

2022-03-01 12:00 AM
7
f5
f5

K000139880: Intel CPU/BIOS vulnerabilities CVE-2023-28402, CVE-2023-27504, and CVE-2023-28383

Security Advisory Description CVE-2023-28402 Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-27504 Improper conditions check in some Intel(R) BIOS Guard firmware may allow a...

7.2CVSS

6.5AI Score

0.0004EPSS

2024-06-03 12:00 AM
5
osv
osv

CVE-2023-43490

Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local...

5.3CVSS

5.6AI Score

0.0004EPSS

2024-03-14 05:15 PM
3
nessus
nessus

Siemens SCALANCE S612 Firewall Detection

The remote device as a Siemens SCALANCE S612 Firewall, a security solution for industrial automation technology and industrial control system networks. The device can act as a bridge or a gateway depending on the...

2.4AI Score

2015-05-06 12:00 AM
15
nessus
nessus

Rockwell Automation MicroLogix 1400 PLC Default Credentials

The remote device appears to be a Rockwell Automation MicroLogix 1400 PLC that can be accessed using default HTTP credentials. An attacker can exploit this to gain administrative access to the affected...

3.9AI Score

2016-04-20 12:00 AM
13
osv
osv

CVE-2022-33196

Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local...

7.2CVSS

7AI Score

0.0004EPSS

2023-02-16 09:15 PM
11
githubexploit
githubexploit

Exploit for Out-of-bounds Write in Fortinet Fortiproxy

CVE-2024-21762 out-of-bounds write in Fortinet FortiOS ...

9.8CVSS

8.7AI Score

0.018EPSS

2024-03-13 09:17 AM
65
githubexploit
githubexploit

Exploit for HTTP Request Smuggling in Apache Http Server

CVE 2023 25690 - Proof of Concept Published: 7 March 2023...

9.8CVSS

8.1AI Score

0.007EPSS

2023-05-22 03:06 AM
7588
githubexploit

8.6CVSS

8.6AI Score

0.945EPSS

2024-06-10 01:29 AM
92
nessus
nessus

Rockwell Automation MicroLogix 1100 PLC Default Credentials

The remote device appears to be a Rockwell Automation MicroLogix 1100 PLC that can be accessed using default HTTP credentials. An attacker can utilize this to gain administrative access to the affected...

3.8AI Score

2015-07-07 12:00 AM
13
githubexploit
githubexploit

Exploit for PHP External Variable Modification in Juniper Junos

Automation for Juniper CVE:2023-36845 Overview is a bash...

9.8CVSS

7.3AI Score

0.967EPSS

2024-05-04 02:57 PM
148
Total number of security vulnerabilities126573