Skip to main content
CVE-2017-5146 HIGH POC THREAT Act Now

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 64.6%.

Information Disclosure Vmu C Em Firmware Vmu C Pv Firmware
NVD
CVSS 3.0
7.5
EPSS
64.6%
Threat
4.9
CVE-2016-9332 HIGH POC THREAT Act Now

An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 29.7%.

Denial Of Service Softcms
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
29.7%
CVE-2016-9349 HIGH POC THREAT Act Now

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 23.7%.

Information Disclosure Susiaccess
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
23.7%
CVE-2016-8377 HIGH POC This Week

An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Plc Winproladder Firmware
NVD Exploit-DB
CVSS 3.1
8.0
EPSS
8.7%
CVE-2016-5809 HIGH POC This Week

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Schneider Electric Ion5000 Ion7300 Ion7500 +3
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.9%
CVE-2016-9351 HIGH POC This Week

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Path Traversal File Upload Susiaccess
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
3.7%
CVE-2016-5803 HIGH This Week

An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Unified Infrastructure Management
NVD
CVSS 3.0
8.6
EPSS
5.4%
CVE-2017-5143 HIGH This Week

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Honeywell Xl Web Ii Controller
NVD
CVSS 3.0
8.6
EPSS
3.2%
CVE-2016-3616 HIGH This Week

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service RCE Libjpeg Turbo Enterprise Linux +2
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2017-5149 HIGH This Week

An issue was discovered in St. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Null Pointer Dereference Denial Of Service Merlin Home Firmware
NVD
CVSS 3.1
8.9
EPSS
0.3%
CVE-2016-5796 HIGH This Week

An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Automation Fv Designer Automation Pm Designer
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2016-8369 HIGH This Week

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenesys Bas Bridge
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-9365 HIGH This Week

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2016-8368 HIGH This Week

An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Qj71E71 100 Firmware Qj71E71 B5 Firmware Qj71E71 B2 Firmware
NVD
CVSS 3.1
8.6
EPSS
0.9%
CVE-2016-5782 HIGH This Week

An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Lgate Firmware
NVD
CVSS 3.0
8.6
EPSS
0.9%
CVE-2017-5167 HIGH This Week

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Universal Multifunctional Electric Power Quality Meter Firmware
NVD
CVSS 3.0
8.6
EPSS
0.4%
CVE-2016-8361 HIGH This Week

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenesys Bas Bridge
NVD
CVSS 3.0
8.6
EPSS
0.4%
CVE-2016-8358 HIGH This Week

An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cadd Solis Medication Safety Software
NVD
CVSS 3.0
8.5
EPSS
0.1%
CVE-2017-5168 HIGH PATCH This Week

An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal RCE Smart Security Manager
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2016-8360 HIGH This Week

An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service RCE Softcms
NVD
CVSS 3.0
8.1
EPSS
1.0%
CVE-2016-8356 HIGH This Week

An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Webdatorcentral
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-8372 HIGH This Week

An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Iologik E1200 Series Firmware Iologik E2200 Series Firmware
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2016-8379 HIGH This Week

An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Iologik E1200 Series Firmware Iologik E2200 Series Firmware
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2016-9364 HIGH This Week

An issue was discovered in Fidelix FX-20 series controllers, versions prior to 11.50.19. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Fx 2030A Firmware Fx 2030A Basic Firmware
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2016-5805 HIGH This Week

An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Ispsoft Pmsoft +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-5798 HIGH This Week

An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Automation Fv Designer Automation Pm Designer
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2016-5802 HIGH This Week

An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to 2.10.10. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ispsoft Pmsoft Wplsoft
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-2568 HIGH This Week

pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Polkit Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-8566 HIGH This Week

An issue was discovered in Siemens SICAM PAS before 8.00. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Siemens Authentication Bypass Sicam Pas Pqs
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-5153 HIGH This Week

An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Pi Coresight Pi Web Api
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-9356 HIGH This Week

An issue was discovered in Moxa DACenter Versions 1.4 and older. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dacenter
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-9353 HIGH This Week

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Susiaccess
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-3995 HIGH PATCH This Week

The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may be optimized out by the compiler, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Crypto
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2016-7987 HIGH This Week

An issue was discovered in Siemens ETA4 firmware (all versions prior to Revision 08) of the SM-2558 extension module for: SICAM AK, SICAM TM 1703, SICAM BC 1703, and SICAM AK 3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens Information Disclosure Eta4 Firmware Eta2 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-5165 HIGH This Week

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Universal Multifunctional Electric Power Quality Meter Firmware
NVD
CVSS 3.0
7.6
EPSS
0.1%
CVE-2016-9363 HIGH This Week

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11,. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE
NVD VulDB
CVSS 3.1
7.3
EPSS
1.6%
CVE-2016-4547 HIGH This Week

Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Samsung Samsung Mobile
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-9367 HIGH This Week

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2016-8374 HIGH This Week

An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Schneider Electric Magelis Gtu Universal Panel Firmware Magelis Gto Advanced Optimum Panel Firmware +6
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2016-5786 HIGH This Week

An issue was discovered in OmniMetrix OmniView, Version 1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Omniview
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-5801 HIGH This Week

An issue was discovered in OmniMetrix OmniView, Version 1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Omniview
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-10026 HIGH This Week

ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ikiwiki
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-9344 HIGH This Week

An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Miineport E1 Firmware Miineport E2 Firmware Miineport E3 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-5169 HIGH PATCH This Week

An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

RCE Redis CSRF Apache Smart Security Manager
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2016-8370 HIGH This Week

An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qj71E71 100 Firmware Qj71E71 B5 Firmware Qj71E71 B2 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2016-8346 HIGH This Week

An issue was discovered in Moxa EDR-810 Industrial Secure Router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Edr 810 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-6129 HIGH PATCH This Week

The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2017-5155 HIGH This Week

An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Wonderware Historian
NVD
CVSS 3.0
7.3
EPSS
0.6%
CVE-2016-8495 HIGH This Week

An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Fortinet Information Disclosure Fortimanager Firmware
NVD
CVSS 3.0
7.4
EPSS
0.1%
CVE-2017-5151 HIGH This Week

An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Video Insight Web Client
NVD
CVSS 3.1
7.3
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy