Latest CVE Feed
-
7.5
HIGHCVE-2016-8370
An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC.... Read more
Affected Products : qj71e71-100_firmware qj71e71-b5_firmware qj71e71-b2_firmware qj71e71-100 qj71e71-b5 qj71e71-b2- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2016-8369
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request (CROSS-SITE REQUEST FORGERY).... Read more
Affected Products : jenesys_bas_bridge- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
8.6
HIGHCVE-2016-8368
An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, ... Read more
Affected Products : qj71e71-100_firmware qj71e71-b5_firmware qj71e71-b2_firmware qj71e71-100 qj71e71-b5 qj71e71-b2- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2016-8367
An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versio... Read more
Affected Products : magelis_gtu_universal_panel_firmware magelis_gto_advanced_optimum_panel_firmware magelis_sto5_small_panel_firmware magelis_stu_small_panel_firmware magelis_xbt_gh_advanced_hand-held_panel_firmware magelis_xbt_gk_advanced_touchscreen_panel_with_keyboard_firmware magelis_xbt_gt_advanced_touchscreen_panel_firmware magelis_xbt_gtw_advanced_open_touchscreen_panel_firmware magelis_gtu_universal_panel magelis_gto_advanced_optimum_panel +6 more products- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2016-8364
An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. Object memory can read a network packet that is larger than the space that is available, a Heap-based Buffer Overflow.... Read more
Affected Products : s7-softplc- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
10.0
CRITICALCVE-2016-8363
An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Ser... Read more
Affected Products : awk-3131a_firmware oncellg3470a-lte_firmware awk-4131a_firmware awk-3191_firmware awk-5232_firmware awk-6232_firmware awk-1121_firmware awk-1127_firmware wac-1001_v2_firmware wac-2004_firmware +18 more products- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2016-8362
An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Ser... Read more
Affected Products : awk-3131a_firmware oncellg3470a-lte_firmware awk-4131a_firmware awk-3191_firmware awk-5232_firmware awk-6232_firmware awk-1121_firmware awk-1127_firmware wac-1001_v2_firmware wac-2004_firmware +18 more products- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
8.6
HIGHCVE-2016-8361
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication.... Read more
Affected Products : jenesys_bas_bridge- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
8.1
HIGHCVE-2016-8360
An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an attacker to modify memory locations and possibly cause a d... Read more
Affected Products : softcms- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2016-8359
An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version... Read more
Affected Products : iologik_e1200_series_firmware iologik_e2200_series_firmware iologik_e1210 iologik_e1211 iologik_e1212 iologik_e1213 iologik_e1214 iologik_e1240 iologik_e1241 iologik_e1242 +9 more products- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
7.1
HIGHCVE-2016-8357
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This would allow an attacker with read-only access to make ch... Read more
Affected Products : jenesys_bas_bridge- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
8.2
HIGHCVE-2016-8356
An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. The web server URL inputs are not sanitized correctly, which may allow cross-site scripting vulnerabilities.... Read more
Affected Products : webdatorcentral- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
7.0
HIGHCVE-2016-8354
An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulat... Read more
Affected Products : unity_pro- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
6.4
MEDIUMCVE-2016-8353
An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions.... Read more
Affected Products : pi_web_api_2015_r2- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
10.0
CRITICALCVE-2016-8352
An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be tri... Read more
Affected Products : connexium_firmware tcsefec23f3f20 tcsefec23f3f21 tcsefec23fcf20 tcsefec23fcf21 tcsefec2cf3f20- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
6.8
MEDIUMCVE-2016-8350
An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version... Read more
Affected Products : iologik_e1200_series_firmware iologik_e2200_series_firmware iologik_e1210 iologik_e1211 iologik_e1212 iologik_e1213 iologik_e1214 iologik_e1240 iologik_e1241 iologik_e1242 +9 more products- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2016-8348
An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or... Read more
Affected Products : liebert_sitescan_web- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2016-8347
An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. WDC does not limit authentication attempts that may allow a brute force attack method.... Read more
Affected Products : webdatorcentral- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2016-8346
An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION).... Read more
- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2016-8344
An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does n... Read more
Affected Products : experion_process_knowledge_system- Published: Feb. 13, 2017
- Modified: Apr. 20, 2025