Latest CVE Feed
-
6.1
MEDIUMCVE-2021-33001
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code.... Read more
Affected Products : xarrow- Published: May. 16, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-33000
Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior).... Read more
Affected Products : webaccess\/hmi_designer- Published: Jun. 24, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-32999
Improper handling of exceptional conditions in SuiteLink server while processing command 0x01... Read more
Affected Products : suitelink- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024
-
8.2
HIGHCVE-2021-32997
The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and ... Read more
Affected Products : bentley_nevada_3500_system_1_6.x_\(3060\/00\)_firmware bentley_nevada_3500_system_1_\(3072\/xx\)_firmware bentley_nevada_3500_system_1_\(3071\/xx\)_firmware bentley_nevada_3500\/22m_\(288055-01\)_firmware bentley_nevada_3500_rack_configuration_\(129133-01\)_firmware bentley_nevada_3500_system_1_6.x_\(3060\/00\) bentley_nevada_3500_system_1_\(3072\/xx\) bentley_nevada_3500_system_1_\(3071\/xx\) bentley_nevada_3500\/22m_\(288055-01\) bentley_nevada_3500_rack_configuration_\(129133-01\)- Published: May. 25, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-32995
Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute code in the context of the current proces... Read more
Affected Products : cscape- Published: Aug. 25, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-32994
Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets... Read more
Affected Products : opc_ua_c\+\+_software_development_kit- Published: Apr. 04, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-32993
IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.... Read more
Affected Products : intellibridge_ec40_firmware intellibridge_ec80_firmware intellibridge_ec40 intellibridge_ec80- Published: Dec. 27, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-32992
FATEK Automation WinProladder Versions 3.30 and prior do not properly restrict operations within the bounds of a memory buffer, which may allow an attacker to execute arbitrary code.... Read more
Affected Products : winproladder- Published: Jun. 29, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-32991
Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally.... Read more
Affected Products : diaenergie- Published: Aug. 30, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-32990
FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.... Read more
Affected Products : winproladder- Published: Jun. 29, 2021
- Modified: Nov. 21, 2024
-
9.3
CRITICALCVE-2021-32989
When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting.... Read more
Affected Products : laquis_scada- Published: May. 25, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-32988
FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.... Read more
Affected Products : winproladder- Published: Jun. 29, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-32987
Null pointer dereference in SuiteLink server while processing command 0x0b... Read more
Affected Products : suitelink- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-32986
After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming... Read more
- Published: Apr. 04, 2022
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-32985
AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid.... Read more
Affected Products : system_platform- Published: Apr. 04, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-32984
All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker c... Read more
- Published: Apr. 04, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-32983
A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword b... Read more
Affected Products : diaenergie- Published: Aug. 30, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-32982
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange.... Read more
- Published: Apr. 04, 2022
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-32981
AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize sp... Read more
Affected Products : system_platform- Published: Apr. 04, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-32980
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active.... Read more
- Published: Apr. 04, 2022
- Modified: Nov. 21, 2024