Latest CVE Feed
-
7.5
HIGHCVE-2021-34589
In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface.... Read more
Affected Products : cc612_firmware cc613_firmware icc15xx_firmware icc16xx_firmware icc613_firmware cc612 cc613 icc15xx icc16xx- EPSS Score: %0.30
- Published: Apr. 27, 2022
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2021-34588
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .... Read more
- EPSS Score: %0.26
- Published: Apr. 27, 2022
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-34587
In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable.... Read more
- EPSS Score: %0.29
- Published: Apr. 27, 2022
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2021-34582
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated certificate file.... Read more
- EPSS Score: %0.09
- Published: Nov. 10, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-34581
Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device.... Read more
- EPSS Score: %1.58
- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-34580
In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.... Read more
- EPSS Score: %0.27
- Published: Oct. 27, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-34579
In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network ac... Read more
Affected Products : fl_mguard_dm- EPSS Score: %0.10
- Published: Nov. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-34578
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.... Read more
- EPSS Score: %0.34
- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-34577
In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device.... Read more
- EPSS Score: %0.05
- Published: Nov. 09, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-34576
In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third parties.... Read more
- EPSS Score: %0.17
- Published: Sep. 16, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-34575
In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends.... Read more
- EPSS Score: %0.39
- Published: Aug. 02, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-34574
In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting a... Read more
- EPSS Score: %0.24
- Published: Aug. 02, 2021
- Modified: Nov. 21, 2024
-
6.2
MEDIUMCVE-2021-34573
In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and "no flow" are not reconized or misinterpreted. This may lead to wrong values and missing events.... Read more
Affected Products : ewm- EPSS Score: %0.12
- Published: Sep. 16, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-34572
Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode 5 devices. Instead timestamps of the sensor are replaced by the time of the readout even if the data is a replay of earlier data.... Read more
Affected Products : ewm- EPSS Score: %0.03
- Published: Sep. 16, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-34571
Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM.... Read more
Affected Products : ewm- EPSS Score: %0.04
- Published: Sep. 16, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-34570
Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests.... Read more
Affected Products : axc_f_2152_firmware axc_f_2152_starterkit_firmware plcnext_technology_starterkit_firmware rfc_4072s_firmware axc_f_3152_firmware axc_f_1152_firmware axc_f_1152 axc_f_2152 axc_f_3152 rfc_4072s +2 more products- EPSS Score: %0.45
- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-34569
In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory.... Read more
- EPSS Score: %0.08
- Published: Nov. 09, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-34568
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service.... Read more
- EPSS Score: %0.34
- Published: Nov. 09, 2022
- Modified: Nov. 21, 2024
-
8.2
HIGHCVE-2021-34567
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read.... Read more
- EPSS Score: %0.80
- Published: Nov. 09, 2022
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-34566
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS.... Read more
- EPSS Score: %0.26
- Published: Nov. 09, 2022
- Modified: Nov. 21, 2024