Skip to main content
CVE-2013-0928 CRITICAL POC THREAT Emergency

The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 78.7%.

Command Injection Alphastor
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
78.7%
Threat
5.7
CVE-2013-0657 CRITICAL POC PATCH THREAT Act Now

Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 61.4%.

Buffer Overflow Schneider Electric RCE Interactive Graphical Scada System
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
61.4%
Threat
5.3
CVE-2012-6068 CRITICAL Act Now

The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Codesys Runtime System
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2012-6069 CRITICAL Act Now

The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Codesys Runtime System
NVD
CVSS 3.1
10.0
EPSS
2.2%
CVE-2013-0929 HIGH Act Now

Format string vulnerability in the _vsnsprintf function in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary code via format string. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Epss exploitation probability 12.0% and no vendor patch available.

RCE Alphastor
NVD
CVSS 2.0
7.6
EPSS
12.0%
CVE-2013-0655 CRITICAL Act Now

The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Schneider Electric RCE Software Update Utility
NVD
CVSS 2.0
9.3
EPSS
1.5%
CVE-2013-0656 MEDIUM This Month

Buffer overflow in a third-party ActiveX component in Siemens SIMATIC RF-MANAGER 2008, and RF-MANAGER Basic 3.0 and earlier, allows remote attackers to execute arbitrary code via a crafted web site. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Siemens RCE Simatic Rf Manager Simatic Rf Manager 2008
NVD
CVSS 2.0
6.8
EPSS
2.1%
CVE-2012-2291 HIGH This Week

EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP Oracle Avamar Avamar Plugin
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2013-1108 MEDIUM This Month

Cisco WebEx Training Center allows remote authenticated users to remove hands-on lab-session reservations via a crafted URL, aka Bug ID CSCzu81064. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Webex Training Center
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-1110 MEDIUM This Month

Cisco WebEx Training Center allow remote authenticated users to bypass intended privilege restrictions and (1) enable or (2) disable training-center recordings via a crafted URL, aka Bug ID. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Webex Training Center
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy