An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.
A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.4%.
A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX,. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A Code Injection issue was discovered in CyberVision Kaa IoT Platform, Version 0.7.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.