Skip to main content
CVE-2017-5162 CRITICAL POC THREAT Emergency

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 60.1%.

Authentication Bypass Universal Multifunctional Electric Power Quality Meter Firmware
NVD
CVSS 3.0
9.8
EPSS
60.1%
Threat
5.3
CVE-2016-9361 CRITICAL POC THREAT Emergency

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.6%.

Authentication Bypass
NVD VulDB
CVSS 3.1
9.8
EPSS
49.6%
Threat
4.9
CVE-2016-9369 CRITICAL Act Now

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass
NVD VulDB
CVSS 3.1
9.8
EPSS
7.4%
CVE-2016-8352 CRITICAL Act Now

An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Schneider Electric Connexium Firmware
NVD
CVSS 3.0
10.0
EPSS
2.5%
CVE-2016-2788 CRITICAL Act Now

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Marionette Collective Puppet Enterprise
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2017-5144 CRITICAL Act Now

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vmu C Em Firmware Vmu C Pv Firmware
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2015-8768 CRITICAL PATCH Act Now

click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Ubuntu Privilege Escalation Click Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2016-7565 CRITICAL PATCH Act Now

install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass PHP Exponent Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2016-8363 CRITICAL Act Now

An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Oncellg3470A Lte Firmware Awk 4131A Firmware Awk 3191 Firmware Awk 5232 Firmware +10
NVD
CVSS 3.0
10.0
EPSS
0.3%
CVE-2015-8771 CRITICAL PATCH Act Now

The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Gosa Plugin
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-5145 CRITICAL Act Now

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Vmu C Em Firmware Vmu C Pv Firmware
NVD
CVSS 3.0
10.0
EPSS
0.2%
CVE-2016-9343 CRITICAL Act Now

An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Rockwell Softlogix 5800 Controller Firmware +15
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2016-8347 CRITICAL Act Now

An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Webdatorcentral
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2016-8355 CRITICAL Act Now

An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cadd Solis Medication Safety Software
NVD
CVSS 3.0
9.9
EPSS
0.4%
CVE-2016-5815 CRITICAL Act Now

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric Ion5000 Ion7300 Ion7500 +3
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2016-8859 CRITICAL Act Now

Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Musl
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-5159 CRITICAL Act Now

An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mguard Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2016-9333 CRITICAL Act Now

An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Softcms
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2016-8364 CRITICAL Act Now

An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow S7 Softplc
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-5154 CRITICAL Act Now

An issue was discovered in Advantech WebAccess Version 8.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Webaccess
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-8348 CRITICAL Act Now

An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XXE Liebert Sitescan Web
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-8378 CRITICAL Act Now

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenesys Bas Bridge
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-5166 CRITICAL Act Now

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Universal Multifunctional Electric Power Quality Meter Firmware
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-5140 CRITICAL Act Now

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Honeywell Information Disclosure Xl Web Ii Controller
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-5139 CRITICAL Act Now

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Honeywell Information Disclosure Xl Web Ii Controller
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-5818 CRITICAL PATCH Act Now

An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Schneider Electric Powerlogic Pm8Ecc Firmware
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-5100 CRITICAL PATCH Act Now

Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Froxlor
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-8341 CRITICAL Act Now

An issue was discovered in Ecava IntegraXor Version 5.0.413.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Integraxor
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-8567 CRITICAL Act Now

An issue was discovered in Siemens SICAM PAS before 8.00. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Sicam Pas Pqs
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2016-9366 CRITICAL Act Now

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2017-5152 CRITICAL Act Now

An issue was discovered in Advantech WebAccess Version 8.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Webaccess
NVD
CVSS 3.0
9.1
EPSS
1.0%
CVE-2016-9362 CRITICAL Act Now

An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pfc200 Firmware 750 Xxxx Series Firmware 758 Xxxx Series Firmware
NVD
CVSS 3.0
9.1
EPSS
0.4%
CVE-2017-5142 CRITICAL Act Now

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Honeywell Privilege Escalation Xl Web Ii Controller
NVD
CVSS 3.0
9.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy