An attacker using SQL injection may use arguments to construct queries without proper sanitization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 57.9%.
An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer on the stack to overflow the static stack buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
By providing an overly long string to the NodeName parameter, an attacker may be able to overflow the static stack buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
By providing an overly long string to the UserName parameter, an attacker may be able to overflow the static stack buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains validation to ensure an attacker cannot run arbitrary command lines. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a URL as a parameter and returns its contents to the caller in JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for DNP3 allows remote attackers to cause a denial of service (interface shutdown) via a crafted TCP packet. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.