Lucene search

K

B&R Industrial Automation Security Vulnerabilities

veracode
veracode

Information Exposure

Intel(R) Atom(R) Processors are vulnerable to information exposure through microarchitectural state after transient execution. The vulnerability is due to certain register files, which, when accessed by an authenticated user, may potentially enable information disclosure via local...

6.5CVSS

6AI Score

0.0004EPSS

2024-03-16 08:18 AM
10
nessus
nessus

HP Client Automation radexecd.exe Remote Command Execution

The HP Client Automation service on the remote port is affected by a command execution vulnerability. The vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Client Automation. Authentication is not required to exploit the vulnerability. The flaw...

7.2AI Score

0.813EPSS

2011-09-12 12:00 AM
43
nessus
nessus

Rockwell Automation RSLinx Classic <= 2.57.00.14 DoS (CVE-2020-13573)

The remote host has a version of RSLinx Classic installed that is prior or equal to 2.57.00.14. It is, therefore, potentially affected by a denial of service vulnerability in the Ethernet/IP server implementation. A remote, unauthenticated attacker could cause the device to crash by sending a...

7.5CVSS

3.6AI Score

0.019EPSS

2021-01-22 12:00 AM
23
cvelist
cvelist

CVE-2024-0220 B&R products use insufficient communication encryption

B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive...

8.3CVSS

8.7AI Score

0.0004EPSS

2024-02-22 10:15 AM
1
fedora
fedora

[SECURITY] Fedora 40 Update: qt5-qtserialbus-5.15.14-1.fc40

Qt Serial Bus (API) provides classes and functions to access the various industrial serial buses and protocols, such as CAN, ModBus, and...

6.5AI Score

0.0004EPSS

2024-06-05 01:41 AM
1
cvelist
cvelist

CVE-2024-6188 Parsec Automation TrackSYS pagedefinition direct request

A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as problematic. This issue affects some unknown processing of the file /TS/export/pagedefinition. The manipulation of the argument ID leads to direct request. The attack may be initiated remotely. The exploit has been...

5.3CVSS

0.0004EPSS

2024-06-20 01:31 PM
2
githubexploit
githubexploit

Exploit for OS Command Injection in Php

CVE-2024-4577 Argument injection vulnerability in PHP...

9.8CVSS

7.2AI Score

0.967EPSS

2024-06-15 02:49 AM
126
debiancve
debiancve

CVE-2024-36963

In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when accessed, they default to the root inode's...

6.8AI Score

0.0004EPSS

2024-06-03 08:15 AM
5
githubexploit
githubexploit

Exploit for SQL Injection in Layerslider

CVE-2024-2879 Description LayerSlider 7.9.11 - 7.10.0 -...

9.8CVSS

7.8AI Score

0.004EPSS

2024-04-08 06:50 PM
252
ubuntucve
ubuntucve

CVE-2024-36963

In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when accessed, they default to the root inode's...

6.8AI Score

0.0004EPSS

2024-06-03 12:00 AM
2
githubexploit
githubexploit

Exploit for Off-by-one Error in F5 Nginx

CVE-2021-23017-PoC ``` pip install -r requirements.txt...

7.7CVSS

8.1AI Score

0.517EPSS

2022-06-30 04:39 AM
989
cvelist
cvelist

CVE-2024-28830 Automation user secrets written to audit log

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions &lt;2.3.0p7, &lt;2.2.0p28, &lt;2.1.0p45 and &lt;=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to...

2.7CVSS

0.0004EPSS

2024-06-26 07:56 AM
1
nessus
nessus

Inductive Automation Ignition Detection

Inductive Automation Ignition, a web based SCADA HMI solution, was detected on the remote...

1.1AI Score

2015-06-02 12:00 AM
9
nessus
nessus

Siemens Automation License Manager 5.x < 5.3.4.4 Multiple Vulnerabilities

The remote host has a version of Siemens Automation License Manager installed that is affected by the following vulnerabilities : A user-input validation error exists that allows a directory traversal attack. This could allow, among other actions, code execution. User interaction is ...

8.8CVSS

4.2AI Score

0.01EPSS

2018-08-27 12:00 AM
12
nessus
nessus

Siemens Automation License Manager 6.x < 6.0.1 Directory Traversal

The version of Siemens Automation License Manager installed on the remote host is version 6.x prior to 6.0.1 and thus, is affected by a user-input validation error that allows a directory traversal attack. This could allow, among other actions, code execution. User interaction is required for this....

4.9AI Score

2018-08-27 12:00 AM
9
alpinelinux
alpinelinux

CVE-2023-43490

Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local...

5.3CVSS

5.5AI Score

0.0004EPSS

2024-03-14 05:15 PM
8
wolfi
wolfi

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, gobuster, nats, trillian, flannel-cni-plugin, bazelisk, aws-efs-csi-driver, thanos, gosu, kubernetes-csi-external-provisioner, capslock, k8sgpt, cni-plugins, dask-gateway, datadog-agent, helm-push,...

6AI Score

0.0004EPSS

2024-06-26 09:08 AM
19
githubexploit
githubexploit

Exploit for CVE-2024-31819

CVE-2024-31819 An issue in WWBN AVideo v.12.4 through v.14.2...

8AI Score

0.003EPSS

2024-06-09 08:48 AM
81
nessus
nessus

Rockwell Automation ThinManager ThinServer Improper Input Validation (CVE-2024-5990)

The version of Rockwell Automation ThinManager ThinServer installed on the remote host is 11.1.x prior to 11.1.8, 11.2.x prior to 11.2.9, 12.0.x prior to 12.0.7, 12.1.x prior to 12.1.8, 13.0.x prior to 13.0.4, 13.1.x prior to 13.1.2. It is therefore, affected by an improper input validation...

7.2AI Score

0.0004EPSS

2024-06-25 12:00 AM
githubexploit
githubexploit

Exploit for Out-of-bounds Write in Fortinet Fortiproxy

CVE-2024-21762 out-of-bounds write in Fortinet FortiOS ...

9.8CVSS

8.7AI Score

0.018EPSS

2024-03-13 09:17 AM
82
osv
osv

CVE-2022-3976

A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal....

8.8CVSS

7.2AI Score

0.001EPSS

2022-11-13 02:15 PM
2
githubexploit
githubexploit

Exploit for Path Traversal in Aiohttp

[ CVE-2024-23334 :; 남의 exploit 리뷰 ] Review an exploit...

7.5CVSS

7.6AI Score

0.052EPSS

2024-02-28 10:30 PM
211
atlassian
atlassian

Tomcat should not disclose its own version to unauthenticated users

h3. Problem Definition When accessing URLs that aren't under the application context and are not defined in Tomcat, Tomcat returns a 404 along with its own version. h4. +Steps to reproduce problem+ * In a Jira instance with a context called jira for instance, browse http:///non_existent_uri. Make.....

0.6AI Score

2022-02-08 11:13 AM
8
cvelist
cvelist

CVE-2024-28764 IBM WebSphere Automation CSV injection

IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: ...

6.5CVSS

6.9AI Score

0.0004EPSS

2024-05-01 04:35 PM
ibm
ibm

Security Bulletin: Vulnerabilities in axios affect IBM Voice Gateway

Summary Security Vulnerabilities in axios affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details ** IBM X-Force ID: 294242 DESCRIPTION: **Node.js Axios module is vulnerable to a denial of service, caused by a prototype pollution in the formDataToJSON function. By.....

8.1AI Score

2024-06-11 08:00 PM
5
nessus
nessus

Fedora 39 : R (2024-07b7b83a4f)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-07b7b83a4f advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including...

8.8CVSS

8AI Score

0.0004EPSS

2024-05-09 12:00 AM
8
githubexploit
githubexploit

Exploit for Code Injection in Openplcproject Openplc V3 Firmware

CVE-2021-31630 Modified the PoC...

8.8CVSS

6.6AI Score

0.006EPSS

2024-06-04 12:44 AM
156
nuclei
nuclei

WebCTRL OEM <= 6.5 - Cross-Site Scripting

WebCTRL OEM 6.5 and prior is susceptible to a cross-site scripting vulnerability because the login portal does not sanitize the operatorlocale GET...

6.1CVSS

6AI Score

0.018EPSS

2021-10-30 10:04 AM
1
githubexploit
githubexploit

Exploit for Incorrect Authorization in Vmware Spring Security

CVE 2022-22978: *Authorization Bypass in...

9.8CVSS

0.4AI Score

0.009EPSS

2022-06-04 04:57 PM
273
ibm
ibm

Security Bulletin: Vulnerability in Java affects Tivoli System Automation for Multiplatforms shipped with IBM® Db2® LUW. (CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850)

Summary Security vulnerabilities have been identified in Java that affect Tivoli System Automation for Multiplatforms (TSAMP) shipped as a component of IBM Db2. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions TSAMP...

7.5CVSS

6.8AI Score

0.001EPSS

2024-06-05 03:47 PM
3
nuclei
nuclei

VMware - Local File Inclusion

VMware Workspace ONE Access, Identity Manager, and Realize Automation are vulnerable to local file inclusion because they contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without....

9.8CVSS

9.3AI Score

0.641EPSS

2022-08-10 12:24 PM
11
nessus
nessus

Fedora 38 : R (2024-bc590cb3f1)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bc590cb3f1 advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including...

8.8CVSS

7.4AI Score

0.0004EPSS

2024-05-09 12:00 AM
5
nessus
nessus

VISAM Automation Base (VBASE) Web-Remote Path Traversal (CVE-2020-7008)

The VISAM Automation Base (VBASE) Web-Remote service running on the remote host is affected by a path traversal vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to read arbitrary files on the remote...

7.5CVSS

4.2AI Score

0.002EPSS

2022-03-01 12:00 AM
9
githubexploit
githubexploit

Exploit for Path Traversal in Aiohttp

CVE-2024-23334-PoC A proof of concept of the path traversal...

7.5CVSS

6.9AI Score

0.052EPSS

2024-03-18 08:39 PM
119
nessus
nessus

Siemens Automation License Manager 5.x < 6.0.9 DoS (SSA-158827)

The version of Siemens Automation License Manager installed on the remote host is version 5.x prior to 6.0.9. It is, therefore, affected by a denial of service vulnerability. An attacker could exploit this by sending specially crafted packets to port 4410/tcp of an affected system. Note that...

3.8AI Score

2021-08-12 12:00 AM
12
fedora
fedora

[SECURITY] Fedora 40 Update: qt6-qtserialbus-6.7.1-1.fc40

Qt Serial Bus (API) provides classes and functions to access the various industrial serial buses and protocols, such as CAN, ModBus, and...

6.2AI Score

0.0004EPSS

2024-05-29 03:37 AM
4
githubexploit
githubexploit

Exploit for HTTP Request Smuggling in Apache Http Server

CVE 2023 25690 - Proof of Concept Published: 7 March 2023...

9.8CVSS

8.1AI Score

0.007EPSS

2023-05-22 03:06 AM
7670
osv
osv

CVE-2023-23205

An issue was discovered in lib60870 v2.3.2. There is a memory leak in...

5.5CVSS

6.8AI Score

0.0004EPSS

2023-02-24 04:15 PM
4
githubexploit
githubexploit

Exploit for CVE-2024-28890

Exploit Script This repository contains a Python script...

7.5AI Score

0.0004EPSS

2024-06-13 10:41 AM
58
githubexploit
githubexploit

Exploit for CVE-2023-4596

Exploit Script This repository contains a Python script...

9.8CVSS

7.4AI Score

0.106EPSS

2024-06-13 10:41 AM
50
nuclei
nuclei

Cisco ASA - Local File Inclusion

Cisco Adaptive Security Appliances (ASA) web interfaces could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an...

7.5CVSS

7.9AI Score

0.974EPSS

2020-04-22 06:42 AM
31
wolfi
wolfi

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, falcoctl, nats, trillian, osv-scanner, step-ca, kaniko, aws-efs-csi-driver, thanos, kubernetes-csi-external-provisioner, capslock, k8sgpt, datadog-agent, kots, kubeadm-bootstrap-controller, spicedb, temporal-server,...

7.5AI Score

2024-06-26 09:08 AM
180
wolfi
wolfi

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, gobuster, nats, trillian, flannel-cni-plugin, bazelisk, aws-efs-csi-driver, thanos, gosu, kubernetes-csi-external-provisioner, capslock, k8sgpt, cni-plugins, dask-gateway, datadog-agent, helm-push,...

7.8AI Score

0.0004EPSS

2024-06-26 09:08 AM
191
githubexploit
githubexploit

Exploit for CVE-2024-29269

CVE-2024-29269 An issue discovered in Telesquare TLR-2005Ksh...

7AI Score

0.001EPSS

2024-06-08 10:06 PM
78
githubexploit

8.6CVSS

6.3AI Score

0.945EPSS

2024-05-30 04:23 PM
71
vulnrichment
vulnrichment

CVE-2023-39474 Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability

Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target.....

8CVSS

7.7AI Score

0.001EPSS

2024-05-03 02:10 AM
nessus
nessus

Micro Focus Network Automation Detection

Micro Focus Network Automation (formerly HP Network Automation), a web-based application for automating IT processes, is running on the remote...

1.2AI Score

2016-03-25 12:00 AM
8
vulnrichment
vulnrichment

CVE-2022-38710 IBM Robotic Process Automation information disclosure

IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID:...

6AI Score

0.001EPSS

2022-11-03 12:00 AM
1
cvelist
cvelist

CVE-2021-22280 DLL Hijacking Vulnerability in Automation Studio

Improper DLL loading algorithms in B&R Automation Studio versions &gt;=4.0 and &lt;4.12 may allow an authenticated local attacker to execute code in the context of the...

7.2CVSS

7.2AI Score

0.0004EPSS

2024-05-14 07:36 PM
cvelist
cvelist

CVE-2023-39474 Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability

Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target.....

8CVSS

8.4AI Score

0.001EPSS

2024-05-03 02:10 AM
Total number of security vulnerabilities126717