Hirschmann HiOS Switches Classic Buffer Overflow (CVE-2019-12260)
This vulnerability could lead to a buffer overflow of up to a full TCP receive-window (by default, 10k-64k depending on version). The buffer overflow happens in the task calling recv()/recvfrom()/recvmsg(). Applications that pass a buffer equal to or larger than a full TCP-window are not...
9.8CVSS
9.9AI Score
0.289EPSS
Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v.3.2 allows a local attacker to execute arbitrary code via the vpn_client_ip variable of the config_vpn_pptp function in rc...
7.3AI Score
0.0004EPSS
Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v.3.2 allows a local attacker to execute arbitrary code via the vpn_client_ip variable of the config_vpn_pptp function in rc...
7.5AI Score
0.0004EPSS
Mitsubishi Electric Multiple Products (Update G)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: Multiple products Vulnerability: Predictable Exact Value from Previous Values 2. RISK EVALUATION Successful exploitation of this vulnerability could be used to...
9.8CVSS
9.7AI Score
0.006EPSS
Microsoft Exchange Public Folders Information Leak
Microsoft Exchange Public Folders can be set to allow anonymous connections (set by default). If this is not changed it is possible for an attacker to gain critical information about the users (such as full email address, phone number, etc) that are present in the Exchange...
6.3AI Score
0.015EPSS
DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...
4.8CVSS
5.3AI Score
0.0005EPSS
7.1AI Score
0.0004EPSS
Fuji Electric Tellus Lite V-Simulator
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Tellus Lite V-Simulator Vulnerabilities: Out-of-Bound Write, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a local attacker...
7.8CVSS
8AI Score
0.001EPSS
Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a through...
7.6CVSS
7.6AI Score
0.0004EPSS
Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v.3.2 allows a local attacker to execute arbitrary code via the vpn_client_ip variable of the config_vpn_pptp function in rc...
7.5AI Score
0.0004EPSS
Hirschmann HiOS Switches Integer Underflow (CVE-2019-12255)
An attacker can either hijack an existing TCP-session and inject bad TCP-segments or establish a new TCP-session on any TCP-port listened to by the target. This vulnerability could lead to a buffer overflow of up to a full TCP receive-window (by default, 10k-64k depending on version). The buffer...
9.8CVSS
10AI Score
0.937EPSS
OpenCart Cross-Site Request Forgery (CSRF)
Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to...
3.5CVSS
6.9AI Score
0.001EPSS
Modicon Modbus/TCP UnityPro Programming Function Code Access
A Modicon PLC Modbus TCP interface is listening on TCP port 502 and is accessible via the Schneider Electric UnityPro function code 90. An attacker that is able to gain network access to this device can reprogram PLC logic or otherwise impact the integrity of the...
4AI Score
Tamarack IEC 61850 Server Detection
Tamarack Consulting supplies software and consulting services to vendors implementing standards-based communications in the electric utility industry. Although Windows demo versions of the stack are available from distributors such as Netted Automation, this software is primarily used in embedded.....
4.1AI Score
Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a...
9.1CVSS
7.4AI Score
0.003EPSS
OpenCart Cross-Site Request Forgery (CSRF)
Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to...
3.5CVSS
6.9AI Score
0.001EPSS
CVE-2023-2062 Information Disclosure vulnerability in EtherNet/IP Configuration tools
Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...
6.2CVSS
6.8AI Score
0.001EPSS
OpenSSL 1.1.1 < 1.1.1d Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.1.1d. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.1d advisory. In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker,...
5.3CVSS
5.8AI Score
0.015EPSS
Ashlar-Vellum Cobalt CO File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...
7.8CVSS
8.2AI Score
0.001EPSS
StruxureWare SCADA Expert ClearSCADA Remote Security Bypass
The remote web server is a version of StruxureWare SCADA Expert ClearSCADA (formerly Schneider Electric ClearSCADA) prior to version 2010 R3.2 / 2014 R1.1, or a version of 2013 R1 to 2013 R2.1. It is, therefore, affected by an authentication bypass vulnerability due to the default guest account...
2.8AI Score
6.7AI Score
0.0004EPSS
Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...
6.2CVSS
6.6AI Score
0.001EPSS
RHEL 8 : grafana-pcp (RHSA-2024:1644)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1644 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace...
7.5CVSS
7.9AI Score
0.0005EPSS
(RHSA-2024:2566) Important: pcp security, bug fix, and enhancement update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
7.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306] general...
6.7AI Score
0.0004EPSS
ColdFusion on IIS cfm/dbm Diagnostic Error Path Disclosure
It was possible to make the remote web server disclose the physical path to its web root by requesting a MS-DOS device ending in .dbm (as in...
6.5AI Score
0.018EPSS
StruxureWare SCADA Expert ClearSCADA < 2013 R2 Remote DoS
The remote web server is a version of StruxureWare SCADA Expert ClearSCADA (formerly Schneider Electric ClearSCADA) prior to 2013 R2. It is, therefore, affected by a remote denial of service vulnerability due to a flaw in DNP3Driver.exe. An attacker can potentially exploit this vulnerability by...
2.9AI Score
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically traverses the list of configured rules and queries their activity from the device. As part of this...
6.7AI Score
0.0004EPSS
DNN (DotNetNuke) < 3.0.12 Multiple XSS
The remote host is running DNN, a portal written in ASP. The remote installation of DNN, according to its version number, contains several input validation flaws leading to the execution of attacker supplied HTML and script...
6.7AI Score
0.008EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically traverses the list of configured rules and queries their activity from the device. As part of this...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306] general protection...
6.5AI Score
0.0004EPSS
An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by...
7.8CVSS
7.8AI Score
0.0004EPSS
An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by...
7.8CVSS
7.8AI Score
0.0004EPSS
There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as...
7.2AI Score
0.0004EPSS
The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. NOTE: the vendor reportedly disputes this issue because it "could not be duplicated" and "an attacker could not remotely exploit this observed behavior to...
6.6AI Score
0.001EPSS
A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code...
9.8CVSS
9.6AI Score
0.005EPSS
A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker...
7.5CVSS
7.4AI Score
0.004EPSS
Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302,...
5.4CVSS
5.3AI Score
0.001EPSS
A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer...
7.5CVSS
7.5AI Score
0.001EPSS
Collabora Online is a collaborative online office suite based on LibreOffice technology. This vulnerability report describes a reflected XSS vulnerability with full CSP bypass in Nextcloud installations using the recommended bundle. The vulnerability can be exploited to perform a trivial account...
6.1CVSS
6AI Score
0.001EPSS
CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause....
6.5CVSS
6.3AI Score
0.001EPSS
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision...
9.8CVSS
9.4AI Score
0.004EPSS
Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication...
9.8CVSS
9.4AI Score
0.003EPSS
An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass...
9.8CVSS
9.3AI Score
0.002EPSS
(RHSA-2024:2213) Moderate: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
6.9AI Score
0.0004EPSS
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result....
5.4CVSS
5.4AI Score
0.001EPSS
A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be...
7.5CVSS
7.6AI Score
0.001EPSS
7-Technologies IGSS < 10.0.0 ODBC Buffer Overflow RCE
The 7-Technologies / Schneider-Electric Interactive Graphical SCADA System (IGSS) application installed on the remote Windows host is a version prior to 10.0.0. It is, therefore, affected by a stack-based buffer overflow condition in the ODBC service due to improper sanitization of user-supplied...
4.2AI Score
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2566 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...
8.8CVSS
8.9AI Score
0.0004EPSS
Mitsubishi Electric MELSEC-Q/L Series (Update B)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC-Q/L Series Vulnerabilities: Incorrect Pointer Scaling, Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these vulnerabilities...
9.8CVSS
10AI Score
0.0004EPSS