Latest CVE Feed
-
7.8
HIGHCVE-2021-22817
A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All V... Read more
- EPSS Score: %0.04
- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22816
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a Denial of Service of the RTU when receiving a specially crafted request over Modbus, and the RTU is configured as a Modbus server. Affected Products: S... Read more
- EPSS Score: %0.37
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-22815
A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Managem... Read more
- EPSS Score: %0.25
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-22814
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power... Read more
- EPSS Score: %0.82
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-22813
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing ... Read more
- EPSS Score: %0.82
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-22812
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected... Read more
- EPSS Score: %0.82
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-22811
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Produ... Read more
- EPSS Score: %0.82
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-22810
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing ... Read more
- EPSS Score: %0.82
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-22809
A CWE-125:Out-of-Bounds Read vulnerability exists that could cause unintended data disclosure when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) an... Read more
Affected Products : guicon- EPSS Score: %0.23
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22808
A CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and pri... Read more
Affected Products : guicon- EPSS Score: %0.52
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22807
A CWE-787: Out-of-bounds Write vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) an... Read more
Affected Products : guicon- EPSS Score: %0.37
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22806
A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fe... Read more
Affected Products : spacelynk_firmware wiser_for_knx_firmware fellerlynk_firmware spacelynk wiser_for_knx fellerlynk- EPSS Score: %0.38
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-22805
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA ... Read more
Affected Products : interactive_graphical_scada_system_data_collector- EPSS Score: %0.23
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22804
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messag... Read more
Affected Products : interactive_graphical_scada_system_data_collector- EPSS Score: %0.49
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22803
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed mes... Read more
Affected Products : interactive_graphical_scada_system_data_collector- EPSS Score: %2.03
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22802
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive G... Read more
Affected Products : interactive_graphical_scada_system_data_collector- EPSS Score: %7.12
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22801
A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: ConneXium Network Manager Software (All Versions)... Read more
Affected Products : connexium_network_manager- EPSS Score: %0.84
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22800
A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a crafted packet is sent to the controller over network port 1105/TCP. Affected Product: Modicon M218 Logic Controller (V5.1.0.6 and prior)... Read more
- EPSS Score: %0.44
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
3.8
LOWCVE-2021-22799
A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric... Read more
Affected Products : software_update- EPSS Score: %0.05
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22798
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. Affected Product: Conext� ComBox (All Versions)... Read more
- EPSS Score: %0.29
- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024