Latest CVE Feed
-
7.5
HIGHCVE-2021-34575
In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends.... Read more
- EPSS Score: %0.39
- Published: Aug. 02, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-34574
In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting a... Read more
- EPSS Score: %0.24
- Published: Aug. 02, 2021
- Modified: Nov. 21, 2024
-
6.2
MEDIUMCVE-2021-34573
In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and "no flow" are not reconized or misinterpreted. This may lead to wrong values and missing events.... Read more
Affected Products : ewm- EPSS Score: %0.12
- Published: Sep. 16, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-34572
Enbra EWM 1.7.29 does not check for or detect replay attacks sent by wireless M-Bus Security mode 5 devices. Instead timestamps of the sensor are replaced by the time of the readout even if the data is a replay of earlier data.... Read more
Affected Products : ewm- EPSS Score: %0.03
- Published: Sep. 16, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-34571
Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM.... Read more
Affected Products : ewm- EPSS Score: %0.04
- Published: Sep. 16, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-34570
Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests.... Read more
Affected Products : axc_f_2152_firmware axc_f_2152_starterkit_firmware plcnext_technology_starterkit_firmware rfc_4072s_firmware axc_f_3152_firmware axc_f_1152_firmware axc_f_1152 axc_f_2152 axc_f_3152 rfc_4072s +2 more products- EPSS Score: %0.45
- Published: Sep. 27, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-34569
In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory.... Read more
- EPSS Score: %0.08
- Published: Nov. 09, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-34568
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service.... Read more
- EPSS Score: %0.34
- Published: Nov. 09, 2022
- Modified: Nov. 21, 2024
-
8.2
HIGHCVE-2021-34567
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read.... Read more
- EPSS Score: %0.80
- Published: Nov. 09, 2022
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-34566
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS.... Read more
- EPSS Score: %0.26
- Published: Nov. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-34565
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.... Read more
- EPSS Score: %0.35
- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-34564
Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9.... Read more
- EPSS Score: %0.02
- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
3.3
LOWCVE-2021-34563
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.... Read more
- EPSS Score: %0.10
- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-34562
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response.... Read more
- EPSS Score: %0.30
- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-34561
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be i... Read more
- EPSS Score: %0.09
- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-34560
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least on... Read more
- EPSS Score: %0.11
- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-34559
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings.... Read more
- EPSS Score: %0.31
- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-34558
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.... Read more
Affected Products : fedora go timesten_in-memory_database trident storagegrid cloud_insights_telegraf- EPSS Score: %1.48
- Published: Jul. 15, 2021
- Modified: Nov. 21, 2024
-
4.6
MEDIUMCVE-2021-34557
XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attac... Read more
- EPSS Score: %0.05
- Published: Jun. 10, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-34556
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locati... Read more
- EPSS Score: %0.00
- Published: Aug. 02, 2021
- Modified: Nov. 21, 2024