Lucene search

Ak-Em100 Firmware Security Vulnerabilities

cve

CVE-2023-22582

The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting.

9CVSS

6.3AI Score

0.001EPSS

2023-06-11 02:15 PM

cve

CVE-2023-22583

The Danfoss AK-EM100 web forms allow for SQL injection in the login forms.

10CVSS

9.8AI Score

0.002EPSS

2023-06-11 02:15 PM

cve

CVE-2023-22584

The Danfoss AK-EM100 stores login credentials in cleartext.

7.5CVSS

7.5AI Score

0.003EPSS

2023-06-11 02:15 PM

cve

CVE-2023-22585

The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting in the title parameter.

9CVSS

6.1AI Score

0.001EPSS

2023-06-11 02:15 PM

cve

CVE-2023-22586

The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter.

7.5CVSS

7.5AI Score

0.003EPSS

2023-06-11 02:15 PM

cve

CVE-2023-25911

The Danfoss AK-EM100 web applications allow for OS command injection through the web application parameters.

9.9CVSS

9.7AI Score

0.002EPSS

2023-06-11 02:15 PM

cve

CVE-2023-25912

The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values.

5.3CVSS

5.1AI Score

0.001EPSS

2023-06-11 02:15 PM