Latest CVE Feed
-
10.0
HIGHCVE-2021-32983
A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword b... Read more
Affected Products : diaenergie- Published: Aug. 30, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-32982
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange.... Read more
- Published: Apr. 04, 2022
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-32981
AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize sp... Read more
Affected Products : system_platform- Published: Apr. 04, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-32980
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active.... Read more
- Published: Apr. 04, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-32979
Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a... Read more
Affected Products : suitelink- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-32978
The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x ... Read more
- Published: Apr. 04, 2022
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-32977
AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies, the cryptographic signature for data.... Read more
Affected Products : system_platform- Published: Apr. 04, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-32976
Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code.... Read more
- Published: Apr. 01, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-32975
Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute code in the context of the current process... Read more
Affected Products : cscape- Published: Aug. 25, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-32974
Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands.... Read more
- Published: Apr. 01, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-32972
Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible i... Read more
Affected Products : fpwin_pro- Published: Jul. 09, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-32971
Null pointer dereference in SuiteLink server while processing command 0x07... Read more
Affected Products : suitelink- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-32970
Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions.... Read more
- Published: Apr. 01, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-32969
Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code.... Read more
Affected Products : diascreen- Published: May. 24, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-32968
Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition.... Read more
- Published: Apr. 01, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-32967
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges.... Read more
Affected Products : diaenergie- Published: Aug. 30, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-32966
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which ... Read more
Affected Products : interoperability_solution_xds- Published: May. 25, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-32965
Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code.... Read more
Affected Products : diascreen- Published: May. 24, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-32964
The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to a path traversal attack, which may allow an attacker to read arbitrary files from the file system.... Read more
Affected Products : webserver- Published: May. 24, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-32963
Null pointer dereference in SuiteLink server while processing commands 0x03/0x10... Read more
Affected Products : suitelink- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024