xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘edate’ of the resource xhisalarm.htm, which may allow an unauthorized attacker to execute arbitrary...
6.1CVSS
6.4AI Score
0.001EPSS
xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level...
7.8CVSS
7.5AI Score
0.0004EPSS
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary...
6.1CVSS
6.4AI Score
0.001EPSS
Heap-based buffer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via packets that trigger an invalid free...
8.3AI Score
0.004EPSS
The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via unspecified...
7.8AI Score
0.003EPSS
The server in xArrow before 3.4.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified...
6.9AI Score
0.002EPSS
Integer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via a crafted packet that triggers an out-of-bounds read...
7.9AI Score
0.003EPSS