Skip to main content
CVE-2013-0928 CRITICAL POC THREAT Emergency

The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 78.7%.

Command Injection Alphastor
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
78.7%
Threat
5.7
CVE-2013-0657 CRITICAL POC PATCH THREAT Act Now

Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 61.4%.

Buffer Overflow Schneider Electric RCE Interactive Graphical Scada System
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
61.4%
Threat
5.3
CVE-2012-6068 CRITICAL Act Now

The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Codesys Runtime System
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2012-6069 CRITICAL Act Now

The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Codesys Runtime System
NVD
CVSS 3.1
10.0
EPSS
2.2%
CVE-2013-0655 CRITICAL Act Now

The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Schneider Electric RCE Software Update Utility
NVD
CVSS 2.0
9.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy