An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.
An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.7% and no vendor patch available.
An issue was discovered in Fidelix FX-20 series controllers, versions prior to 11.50.19. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to 2.10.10. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. Rated high severity (CVSS 7.8). No vendor patch available.
An issue was discovered in Siemens SICAM PAS before 8.00. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
An issue was discovered in Moxa DACenter Versions 1.4 and older. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may be optimized out by the compiler, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
An issue was discovered in Siemens ETA4 firmware (all versions prior to Revision 08) of the SM-2558 extension module for: SICAM AK, SICAM TM 1703, SICAM BC 1703, and SICAM AK 3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11,. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in OmniMetrix OmniView, Version 1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in OmniMetrix OmniView, Version 1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Moxa EDR-810 Industrial Secure Router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Sauter NovaWeb web HMI. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to Version 3.02.01. Rated high severity (CVSS 7.2). No vendor patch available.
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket. Rated high severity (CVSS 7.0).
An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Rated medium severity (CVSS 6.8). No vendor patch available.
An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian. Rated medium severity (CVSS 6.7). No vendor patch available.
libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allows remote attackers to inject arbitrary web script or HTML via the username. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.