Latest CVE Feed
-
5.5
MEDIUMCVE-2021-22782
Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), an... Read more
- EPSS Score: %0.02
- Published: Jul. 14, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-22781
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), an... Read more
- EPSS Score: %0.05
- Published: Jul. 14, 2021
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2021-22780
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), an... Read more
- EPSS Score: %0.05
- Published: Jul. 14, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-22779
Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all vers... Read more
Affected Products : modicon_m580_bmep584040_firmware modicon_m580_bmep582040_firmware modicon_m580_bmep586040_firmware modicon_m580_bmep585040_firmware modicon_m580_bmep582020_firmware modicon_m580_bmep581020_firmware modicon_m580_bmep584020_firmware modicon_m580_bmep583040_firmware modicon_m580_bmep583020_firmware ecostruxure_control_expert +51 more products- EPSS Score: %0.10
- Published: Jul. 14, 2021
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2021-22778
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), an... Read more
- EPSS Score: %0.04
- Published: Jul. 14, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22777
A CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause code execution by opening a malicious project file.... Read more
Affected Products : sosafe_configurable- EPSS Score: %0.36
- Published: Jul. 21, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22775
A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP-Pro EX,V4.09.250 and prior, that could cause local code execution with elevated privileges when installing the software.... Read more
Affected Products : gp-pro_ex- EPSS Score: %0.07
- Published: Sep. 02, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22774
A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versio... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_parking_ev.2_firmware evlink_smart_wallbox_evb1a_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- EPSS Score: %0.14
- Published: Jul. 21, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-22773
A CWE-620: Unverified Password Change vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior t... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_parking_ev.2_firmware evlink_smart_wallbox_evb1a_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- EPSS Score: %0.15
- Published: Jul. 21, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22772
A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T200 ((Modbus) SC2-04MOD-07000100 and earlier), Easergy T200 ((IEC104) SC2-04IEC-07000100 and earlier), and Easergy T200 ((DNP3) SC2-04DNP-07000102 and earlier) that c... Read more
- EPSS Score: %0.21
- Published: Jul. 21, 2021
- Modified: Nov. 21, 2024
-
7.3
HIGHCVE-2021-22771
A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in Easergy T300 with firmware V2.7.1 and older that would allow arbitrary command execution.... Read more
- EPSS Score: %0.26
- Published: Jul. 21, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-22770
A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that information.... Read more
- EPSS Score: %0.33
- Published: Jul. 21, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-22769
A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted.... Read more
- EPSS Score: %0.23
- Published: Jun. 11, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22768
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is un... Read more
Affected Products : powerlogic_egx100_firmware powerlogic_egx300_firmware powerlogic_egx100 powerlogic_egx300- EPSS Score: %0.59
- Published: Jun. 11, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22767
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is un... Read more
Affected Products : powerlogic_egx100_firmware powerlogic_egx300_firmware powerlogic_egx100 powerlogic_egx300- EPSS Score: %0.59
- Published: Jun. 11, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22766
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP packet... Read more
Affected Products : powerlogic_egx100_firmware powerlogic_egx300_firmware powerlogic_egx100 powerlogic_egx300- EPSS Score: %1.08
- Published: Jun. 11, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22765
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet... Read more
Affected Products : powerlogic_egx100_firmware powerlogic_egx300_firmware powerlogic_egx100 powerlogic_egx300- EPSS Score: %0.45
- Published: Jun. 11, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22762
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in remote code execution, when a malicious CGF or WSP file is being parsed by IGSS Definition.... Read more
Affected Products : interactive_graphical_scada_system- EPSS Score: %0.61
- Published: Jun. 11, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22761
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code e+F15xecution due to missing length c... Read more
Affected Products : interactive_graphical_scada_system- EPSS Score: %0.22
- Published: Jun. 11, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22760
A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF ... Read more
Affected Products : interactive_graphical_scada_system- EPSS Score: %0.43
- Published: Jun. 11, 2021
- Modified: Nov. 21, 2024