Lucene search

K

Control Security Vulnerabilities

cve
cve

CVE-2024-5000

An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer...

7.5CVSS

7.5AI Score

0.0004EPSS

2024-06-04 09:15 AM
13
cve
cve

CVE-2023-5751

A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong...

7.8CVSS

6.8AI Score

0.0004EPSS

2024-06-04 09:15 AM
1
cve
cve

CVE-2023-46280

A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions),...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-05-14 04:15 PM
33
cve
cve

CVE-2023-42121

Control Web Panel Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

9.8CVSS

9.8AI Score

0.001EPSS

2024-05-03 03:15 AM
34
cve
cve

CVE-2023-42123

Control Web Panel mysql_manager Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is required to exploit this vulnerability. The specific flaw exists within the.....

8.8CVSS

9.1AI Score

0.001EPSS

2024-05-03 03:15 AM
23
cve
cve

CVE-2023-42122

Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Control Web Panel. An attacker must first obtain the ability to execute low-privileged code on the target system in...

7.8CVSS

8AI Score

0.001EPSS

2024-05-03 03:15 AM
24
cve
cve

CVE-2023-42120

Control Web Panel dns_zone_editor Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is required to exploit this vulnerability. The specific flaw exists within...

8.8CVSS

9.1AI Score

0.001EPSS

2024-05-03 03:15 AM
21
cve
cve

CVE-2024-3206

The Different Menu in Different Pages – Control Menu Visibility (All in One) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax() function in all versions up to, and including, 2.3.2. This makes it possible for authenticated attackers, with...

4.3CVSS

6.3AI Score

0.0004EPSS

2024-05-02 05:15 PM
26
cve
cve

CVE-2024-0615

The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.0 via the API. This makes it possible for unauthenticated attackers to...

5.3CVSS

6.5AI Score

0.0005EPSS

2024-05-02 05:15 PM
38
cve
cve

CVE-2024-31926

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BracketSpace Advanced Cron Manager – debug & control allows Stored XSS.This issue affects Advanced Cron Manager – debug & control: from n/a through...

5.9CVSS

6.6AI Score

0.0004EPSS

2024-04-11 01:15 PM
25
cve
cve

CVE-2024-2223

An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux...

8.1CVSS

6.8AI Score

0.0004EPSS

2024-04-09 01:15 PM
26
cve
cve

CVE-2024-2224

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include the vulnerable...

8.1CVSS

7.7AI Score

0.0004EPSS

2024-04-09 01:15 PM
24
cve
cve

CVE-2024-1605

BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for...

6.6CVSS

6.9AI Score

0.0004EPSS

2024-03-18 10:15 AM
38
cve
cve

CVE-2024-1606

Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. This might lead to a successful phishing attack for example by tricking users into using a hyperlink pointing to a website controlled...

4.6CVSS

6.8AI Score

0.0004EPSS

2024-03-18 10:15 AM
37
cve
cve

CVE-2024-1604

Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique...

6.4CVSS

6.6AI Score

0.0004EPSS

2024-03-18 10:15 AM
32
cve
cve

CVE-2023-45793

A vulnerability has been identified in Siveillance Control (All versions >= V2.8 < V3.1.1). The affected product does not properly check the list of access groups that are assigned to an individual user. This could enable a locally logged on user to gain write privileges for objects where the...

5.5CVSS

5.4AI Score

0.0004EPSS

2024-03-12 11:15 AM
28
cve
cve

CVE-2024-1095

The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settings_export() function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers...

5.3CVSS

6.1AI Score

0.0004EPSS

2024-03-05 02:15 AM
28
cve
cve

CVE-2023-7242

Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds read during the process of analyzing a specific Ethercat packet. This could allow an attacker to crash the Zeek process and leak some information in...

8.2CVSS

8AI Score

0.0005EPSS

2024-03-01 09:15 PM
52
cve
cve

CVE-2023-7244

Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write in their primary analyses function for Ethercat communication packets. This could allow an attacker to cause arbitrary code...

9.8CVSS

9.4AI Score

0.001EPSS

2024-03-01 09:15 PM
48
cve
cve

CVE-2023-7243

Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write while analyzing specific Ethercat datagrams. This could allow an attacker to cause arbitrary code...

9.8CVSS

9.4AI Score

0.001EPSS

2024-03-01 09:15 PM
47
cve
cve

CVE-2024-0975

The WordPress Access Control plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.13 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Make Website Members Only" feature (when unset) and view...

5.3CVSS

6.2AI Score

0.0004EPSS

2024-02-28 09:15 AM
102
cve
cve

CVE-2023-6409

CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control...

7.7CVSS

7.5AI Score

0.0004EPSS

2024-02-14 05:15 PM
17
cve
cve

CVE-2023-6408

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle...

8.1CVSS

7.8AI Score

0.0004EPSS

2024-02-14 05:15 PM
17
cve
cve

CVE-2024-0568

CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering of device configuration over NFC...

8.8CVSS

8.5AI Score

0.0004EPSS

2024-02-14 05:15 PM
13
cve
cve

CVE-2023-27975

CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering...

7.1CVSS

6.7AI Score

0.0004EPSS

2024-02-14 05:15 PM
10
cve
cve

CVE-2023-48363

A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-02-13 09:15 AM
32
cve
cve

CVE-2023-48364

A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-02-13 09:15 AM
33
cve
cve

CVE-2024-25089

Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named...

9.8CVSS

9.7AI Score

0.003EPSS

2024-02-04 10:15 PM
22
cve
cve

CVE-2023-52187

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Thomas Maier Image Source Control Lite – Show Image Credits and Captions.This issue affects Image Source Control Lite – Show Image Credits and Captions: from n/a through...

7.5CVSS

7.6AI Score

0.001EPSS

2024-01-27 12:15 AM
19
cve
cve

CVE-2023-35020

IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: ...

5.4CVSS

5.2AI Score

0.001EPSS

2024-01-19 01:15 AM
16
cve
cve

CVE-2022-1760

The Core Control WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF...

4.3CVSS

4.6AI Score

0.0005EPSS

2024-01-16 04:15 PM
27
cve
cve

CVE-2024-21589

An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configuration information. A feature was introduced in version 3.1.0.....

7.5CVSS

7.5AI Score

0.001EPSS

2024-01-12 01:15 AM
16
cve
cve

CVE-2024-0310

A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-only mode, allowing an attacker to bypass the content-security-policy...

6.1CVSS

6.2AI Score

0.001EPSS

2024-01-10 11:15 AM
10
cve
cve

CVE-2022-3010

The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll...

7.5CVSS

7.5AI Score

0.001EPSS

2024-01-02 07:15 PM
12
cve
cve

CVE-2023-6314

Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project...

7.8CVSS

8AI Score

0.001EPSS

2023-12-19 01:15 AM
13
cve
cve

CVE-2023-6315

Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project...

7.8CVSS

7.7AI Score

0.001EPSS

2023-12-19 01:15 AM
8
cve
cve

CVE-2023-46156

Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal...

7.5CVSS

7.4AI Score

0.001EPSS

2023-12-12 12:15 PM
60
cve
cve

CVE-2023-6357

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the...

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-05 03:15 PM
18
cve
cve

CVE-2023-39257

Dell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder when product installation repair is performed, leading to privilege...

7.8CVSS

7.6AI Score

0.0004EPSS

2023-12-02 05:15 AM
15
cve
cve

CVE-2023-39256

Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder during product installation and upgrade, leading to privilege escalation on....

7.8CVSS

7.6AI Score

0.0004EPSS

2023-12-02 05:15 AM
15
cve
cve

CVE-2023-43089

Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of the policy file, leading to unauthorized access to...

4.4CVSS

4AI Score

0.0004EPSS

2023-12-01 02:15 AM
8
cve
cve

CVE-2023-5247

Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious code by having legitimate users open a specially crafted project file, which could result in...

7.8CVSS

7.7AI Score

0.001EPSS

2023-11-30 04:15 AM
13
cve
cve

CVE-2023-5607

An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI...

8.4CVSS

7.1AI Score

0.0005EPSS

2023-11-27 11:15 AM
10
cve
cve

CVE-2023-6105

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database...

5.5CVSS

5.2AI Score

0.0004EPSS

2023-11-15 09:15 PM
22
cve
cve

CVE-2023-29165

Unquoted search path or element in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local...

7.3CVSS

7.3AI Score

0.0004EPSS

2023-11-14 07:15 PM
30
cve
cve

CVE-2023-25952

Out-of-bounds write in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable denial of service via local...

6.1CVSS

5.3AI Score

0.0004EPSS

2023-11-14 07:15 PM
33
cve
cve

CVE-2023-27305

Incorrect default permissions in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local...

7.8CVSS

7.7AI Score

0.0004EPSS

2023-11-14 07:15 PM
35
cve
cve

CVE-2022-42879

NULL pointer dereference in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable denial of service via local...

6.1CVSS

5.3AI Score

0.0004EPSS

2023-11-14 07:15 PM
28
cve
cve

CVE-2023-6102

A vulnerability, which was classified as problematic, was found in Maiwei Safety Production Control Platform 4.1. Affected is an unknown function of the file /Content/Plugins/uploader/FileChoose.html?fileUrl=/Upload/File/Pics/&parent. The manipulation leads to unrestricted upload. It is possible...

9.8CVSS

9.4AI Score

0.002EPSS

2023-11-13 06:15 PM
19
cve
cve

CVE-2023-6100

A vulnerability classified as problematic was found in Maiwei Safety Production Control Platform 4.1. This vulnerability affects unknown code of the file /api/DataDictionary/GetItemList. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been...

5.3CVSS

5.2AI Score

0.001EPSS

2023-11-13 04:15 PM
32
Total number of security vulnerabilities1275