Latest CVE Feed
-
7.2
HIGHCVE-2021-22708
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_parking_ev.2_firmware evlink_smart_wallbox_evb1a_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- EPSS Score: %0.24
- Published: Jul. 21, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-22707
A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prio... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_parking_ev.2_firmware evlink_smart_wallbox_evb1a_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- EPSS Score: %90.00
- Published: Jul. 21, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-22706
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_parking_ev.2_firmware evlink_smart_wallbox_evb1a_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- EPSS Score: %0.28
- Published: Jul. 21, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22705
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly with a driver installed by Vijeo Designer or EcoStruxure... Read more
- EPSS Score: %0.06
- Published: May. 26, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-22704
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine E... Read more
- EPSS Score: %0.60
- Published: Sep. 02, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22703
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user crede... Read more
Affected Products : powerlogic_ion7400_firmware powerlogic_ion7650_firmware powerlogic_ion8600_firmware powerlogic_ion8650_firmware powerlogic_ion8800_firmware powerlogic_ion9000_firmware powerlogic_pm8000_firmware powerlogic_ion8300_firmware powerlogic_ion8400_firmware powerlogic_ion8500_firmware +10 more products- EPSS Score: %0.16
- Published: Feb. 19, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22702
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure... Read more
Affected Products : powerlogic_ion7400_firmware powerlogic_ion7650_firmware powerlogic_ion8600_firmware powerlogic_ion8650_firmware powerlogic_ion8800_firmware powerlogic_ion9000_firmware powerlogic_pm8000_firmware powerlogic_ion8300_firmware powerlogic_ion8400_firmware powerlogic_ion8500_firmware +14 more products- EPSS Score: %0.14
- Published: Feb. 19, 2021
- Modified: Nov. 21, 2024
-
4.5
MEDIUMCVE-2021-22701
A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the... Read more
Affected Products : powerlogic_ion7400_firmware powerlogic_ion7650_firmware powerlogic_ion8600_firmware powerlogic_ion8650_firmware powerlogic_ion8800_firmware powerlogic_ion9000_firmware powerlogic_pm8000_firmware powerlogic_ion8300_firmware powerlogic_ion8400_firmware powerlogic_ion8500_firmware +11 more products- EPSS Score: %0.15
- Published: Feb. 19, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22699
Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the controller over HTTP.... Read more
- EPSS Score: %0.55
- Published: May. 26, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22698
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to occur which could result in remote code execution when ... Read more
Affected Products : ecostruxure_power_build_-_rapsody- EPSS Score: %1.38
- Published: Jan. 26, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22697
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a use-after-free condition which could result in remote code execution when a malicious ... Read more
Affected Products : ecostruxure_power_build_-_rapsody- EPSS Score: %0.71
- Published: Jan. 26, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22696
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" paramete... Read more
- EPSS Score: %0.49
- Published: Apr. 02, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22685
An attacker may be able to use minify route with a relative path to view any file on the Cassia Networks Access Controller prior to 2.0.1.... Read more
Affected Products : access_controller- EPSS Score: %0.11
- Published: Oct. 14, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22684
Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in functions_calloc and mm_zalloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash... Read more
Affected Products : tizenrt- EPSS Score: %0.34
- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22683
Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.... Read more
Affected Products : fvdesigner- EPSS Score: %0.18
- Published: Mar. 03, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22682
Cscape (All versions prior to 9.90 SP4) is configured by default to be installed for all users, which allows full permissions, including read/write access. This may allow unprivileged users to modify the binaries and configuration files and lead to local ... Read more
Affected Products : cscape- EPSS Score: %0.03
- Published: Apr. 23, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22681
Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 55... Read more
- EPSS Score: %0.14
- Published: Mar. 03, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22680
NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and _partition functions. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote ... Read more
Affected Products : mqx- EPSS Score: %1.84
- Published: May. 03, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22679
The affected product is vulnerable to an integer overflow while processing HTTP headers, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versio... Read more
Affected Products : cc3100_software_development_kit cc3200_software_development_kit simplelink_cc13x0_software_development_kit simplelink_cc13x2_software_development_kit simplelink_cc26xx_software_development_kit simplelink_cc32xx_software_development_kit simplelink_msp432e4_software_development_kit- EPSS Score: %0.70
- Published: May. 07, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22678
Cscape (All versions prior to 9.90 SP4) lacks proper validation of user-supplied data when parsing project files. This could lead to memory corruption. An attacker could leverage this vulnerability to execute code in the context of the current process.... Read more
Affected Products : cscape- EPSS Score: %0.23
- Published: Apr. 23, 2021
- Modified: Nov. 21, 2024