Latest CVE Feed
-
9.8
CRITICALCVE-2021-32990
FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.... Read more
Affected Products : winproladder- EPSS Score: %0.75
- Published: Jun. 29, 2021
- Modified: Nov. 21, 2024
-
9.3
CRITICALCVE-2021-32989
When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting.... Read more
Affected Products : laquis_scada- EPSS Score: %0.20
- Published: May. 25, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-32988
FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.... Read more
Affected Products : winproladder- EPSS Score: %0.75
- Published: Jun. 29, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-32987
Null pointer dereference in SuiteLink server while processing command 0x0b... Read more
Affected Products : suitelink- EPSS Score: %0.46
- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-32986
After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming... Read more
- EPSS Score: %0.19
- Published: Apr. 04, 2022
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-32985
AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid.... Read more
Affected Products : system_platform- EPSS Score: %0.08
- Published: Apr. 04, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-32984
All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker c... Read more
- EPSS Score: %0.27
- Published: Apr. 04, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-32983
A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword b... Read more
Affected Products : diaenergie- EPSS Score: %1.98
- Published: Aug. 30, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-32982
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange.... Read more
- EPSS Score: %0.11
- Published: Apr. 04, 2022
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-32981
AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize sp... Read more
Affected Products : system_platform- EPSS Score: %0.24
- Published: Apr. 04, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-32980
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active.... Read more
- EPSS Score: %0.27
- Published: Apr. 04, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-32979
Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a... Read more
Affected Products : suitelink- EPSS Score: %0.46
- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-32978
The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x ... Read more
- EPSS Score: %0.21
- Published: Apr. 04, 2022
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-32977
AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies, the cryptographic signature for data.... Read more
Affected Products : system_platform- EPSS Score: %0.09
- Published: Apr. 04, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-32976
Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code.... Read more
- EPSS Score: %1.36
- Published: Apr. 01, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-32975
Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute code in the context of the current process... Read more
Affected Products : cscape- EPSS Score: %0.41
- Published: Aug. 25, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-32974
Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands.... Read more
- EPSS Score: %0.82
- Published: Apr. 01, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-32972
Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible i... Read more
Affected Products : fpwin_pro- EPSS Score: %0.15
- Published: Jul. 09, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-32971
Null pointer dereference in SuiteLink server while processing command 0x07... Read more
Affected Products : suitelink- EPSS Score: %0.46
- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-32970
Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions.... Read more
- EPSS Score: %0.74
- Published: Apr. 01, 2022
- Modified: Nov. 21, 2024