Skip to main content
CVE-2016-2278 HIGH POC THREAT Act Now

Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.0%.

Schneider Electric Authentication Bypass Struxureware Building Operations Automation Server As Firmware Struxureware Building Operations Automation Server As P Firmware
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
14.0%
CVE-2016-2279 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rockwell
NVD Exploit-DB VulDB
CVSS 3.1
6.1
EPSS
2.1%
CVE-2016-0704 MEDIUM This Month

An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Information Disclosure Oracle
NVD
CVSS 3.0
5.9
EPSS
6.0%
CVE-2016-0703 MEDIUM This Month

The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Information Disclosure Oracle
NVD
CVSS 3.0
5.9
EPSS
4.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy