Latest CVE Feed
-
9.8
CRITICALCVE-2021-22803
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed mes... Read more
Affected Products : interactive_graphical_scada_system_data_collector- EPSS Score: %2.03
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22802
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive G... Read more
Affected Products : interactive_graphical_scada_system_data_collector- EPSS Score: %7.12
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22801
A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: ConneXium Network Manager Software (All Versions)... Read more
Affected Products : connexium_network_manager- EPSS Score: %0.84
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22800
A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a crafted packet is sent to the controller over network port 1105/TCP. Affected Product: Modicon M218 Logic Controller (V5.1.0.6 and prior)... Read more
- EPSS Score: %0.44
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
3.8
LOWCVE-2021-22799
A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric... Read more
Affected Products : software_update- EPSS Score: %0.05
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22798
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. Affected Product: Conext� ComBox (All Versions)... Read more
- EPSS Score: %0.29
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
9.3
HIGHCVE-2021-22797
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when ... Read more
- EPSS Score: %0.45
- Published: Apr. 13, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22796
A CWE-287: Improper Authentication vulnerability exists that could allow remote code execution when a malicious file is uploaded. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior)... Read more
Affected Products : c-gate_server- EPSS Score: %0.63
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22795
A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and ... Read more
Affected Products : struxureware_data_center_expert- EPSS Score: %3.19
- Published: Apr. 13, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22794
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)... Read more
Affected Products : struxureware_data_center_expert- EPSS Score: %3.73
- Published: Apr. 13, 2022
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-22793
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exist in AccuSine PCS+ / PFV+ (Versions prior to V1.6.7) and AccuSine PCSn (Versions prior to V2.2.4) that could allow an authenticated attacker to access the device via F... Read more
- EPSS Score: %0.54
- Published: Sep. 02, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22792
A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* ... Read more
- EPSS Score: %0.46
- Published: Sep. 02, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-22791
A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and B... Read more
- EPSS Score: %0.44
- Published: Sep. 02, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-22790
A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BM... Read more
- EPSS Score: %0.44
- Published: Sep. 02, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-22789
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file ... Read more
- EPSS Score: %0.44
- Published: Sep. 02, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22788
A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon ... Read more
- EPSS Score: %1.46
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22787
A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior ... Read more
- EPSS Score: %0.43
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22786
A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) ... Read more
Affected Products : modicon_m580_bmep584040_firmware modicon_m580_bmep582040_firmware modicon_m580_bmep586040_firmware modicon_m580_bmep585040_firmware modicon_m580_bmep582020_firmware modicon_m580_bmep581020_firmware modicon_m580_bmep584020_firmware modicon_m580_bmep583040_firmware modicon_m580_bmep583020_firmware modicon_m580_bmep582040s_firmware +72 more products- EPSS Score: %0.18
- Published: Feb. 01, 2023
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22785
A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP... Read more
- EPSS Score: %0.32
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2021-22784
A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1.15.8 and prior that could allow an attacker to use a crafted webpage to obtain remote access to the system.... Read more
Affected Products : c-bus_toolkit- EPSS Score: %0.23
- Published: Jul. 21, 2021
- Modified: Nov. 21, 2024