Latest CVE Feed
-
9.8
CRITICALCVE-2022-22526
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing authentication allows for full access via API.... Read more
- Published: Sep. 28, 2022
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2022-22525
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function... Read more
- Published: Sep. 28, 2022
- Modified: Nov. 21, 2024
-
9.4
CRITICALCVE-2022-22524
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .... Read more
- Published: Sep. 28, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2022-22523
An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled.... Read more
- Published: Sep. 28, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22522
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device.... Read more
- Published: Sep. 28, 2022
- Modified: Nov. 21, 2024
-
7.3
HIGHCVE-2022-22521
In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these b... Read more
Affected Products : benchmark_programming_tool- Published: Apr. 27, 2022
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2022-22520
A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.... Read more
- Published: Sep. 14, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2022-22519
A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.... Read more
- Published: Apr. 07, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2022-22518
A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy.... Read more
- Published: Apr. 07, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2022-22517
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.... Read more
Affected Products : gateway development_system edge_gateway hmi_sl plchandler control_for_beaglebone_sl control_for_empc-a\/imx6_sl control_for_iot2000_sl control_for_linux_sl control_for_pfc100_sl +16 more products- Published: Apr. 07, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2022-22516
The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space.... Read more
- Published: Apr. 07, 2022
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2022-22515
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.... Read more
- Published: Apr. 07, 2022
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2022-22514
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor ... Read more
Affected Products : gateway development_system edge_gateway hmi_sl control_for_beaglebone_sl control_for_empc-a\/imx6_sl control_for_iot2000_sl control_for_linux_sl control_for_pfc100_sl control_for_pfc200_sl +15 more products- Published: Apr. 07, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2022-22513
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.... Read more
Affected Products : gateway development_system edge_gateway hmi_sl control_for_beaglebone_sl control_for_empc-a\/imx6_sl control_for_iot2000_sl control_for_linux_sl control_for_pfc100_sl control_for_pfc200_sl +15 more products- Published: Apr. 07, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22512
Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network.... Read more
Affected Products : element_backup_firmware element_s1_firmware element_s2_firmware element_s3_firmware element_s4_firmware one_l_firmware one_xl_firmware pulse_firmware element_backup element_s1 +6 more products- Published: Mar. 23, 2023
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2022-22511
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has bee... Read more
- Published: Mar. 09, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2022-22510
Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP.... Read more
Affected Products : profinet- Published: Feb. 02, 2022
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2022-22509
In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full access to the device configuration.... Read more
- Published: Feb. 02, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2022-22508
Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type.... Read more
- Published: May. 15, 2023
- Modified: Nov. 21, 2024
-
4.6
MEDIUMCVE-2022-22506
IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. IBM X-Force ID: 227293.... Read more
Affected Products : robotic_process_automation- Published: Feb. 12, 2024
- Modified: Nov. 21, 2024