Skip to main content
CVE-2017-7921 CRITICAL POC KEV PATCH THREAT Act Now

An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Authentication Bypass Hikvision
NVD
CVSS 3.1
9.8
EPSS
94.2%
Threat
7.8
CVE-2017-7925 CRITICAL POC PATCH THREAT Act Now

A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.4%.

Information Disclosure Dahua Dh Ipc Hdbw23A0Rn Zs Firmware Dh Ipc Hdbw13A0Sn Firmware Dh Ipc Hdw1Xxx Firmware +12
NVD
CVSS 3.0
9.8
EPSS
80.4%
Threat
5.9
CVE-2017-7927 HIGH POC PATCH This Week

A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX,. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Dahua Dh Ipc Hdbw23A0Rn Zs Firmware Dh Ipc Hdbw13A0Sn Firmware Dh Ipc Hdw1Xxx Firmware +12
NVD
CVSS 3.0
7.3
EPSS
1.7%
CVE-2017-7909 CRITICAL Act Now

A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mesr901 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2017-7911 HIGH This Week

A Code Injection issue was discovered in CyberVision Kaa IoT Platform, Version 0.7.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Kaa Iot Platform
NVD
CVSS 3.0
8.8
EPSS
6.6%
CVE-2017-6031 HIGH This Week

A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Atvise Scada
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2017-7923 HIGH PATCH This Week

A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Hikvision Ds 2Cd2032 I Firmware Ds 2Cd2112 I Firmware Ds 2Cd2132 I Firmware +55
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-7929 HIGH This Week

An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Webaccess
NVD
CVSS 3.0
7.1
EPSS
0.8%
CVE-2017-6024 MEDIUM This Month

A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Rockwell Compactlogix 5380 Firmware Controllogix 5580 Firmware
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2017-8391 MEDIUM This Month

The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Client Automation
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-6029 MEDIUM This Month

A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Atvise Scada
NVD
CVSS 3.0
5.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy