The server in xArrow before 3.4.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors.
6.8AI Score
0.002EPSS
Heap-based buffer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via packets that trigger an invalid free operation.
8.4AI Score
0.012EPSS
Integer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via a crafted packet that triggers an out-of-bounds read operation.
8AI Score
0.006EPSS
The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via unspecified vectors.
7.8AI Score
0.006EPSS
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter βbdateβ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code.
6.1CVSS
6.2AI Score
0.001EPSS
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter βedateβ of the resource xhisalarm.htm, which may allow an unauthorized attacker to execute arbitrary code.
6.1CVSS
6.2AI Score
0.001EPSS
xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges.
7.8CVSS
7.5AI Score
0.0004EPSS