Skip to main content
CVE-2017-6026 CRITICAL POC THREAT Emergency

A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.6%.

Schneider Electric Information Disclosure Modicon M251 Firmware Modicon M241 Firmware
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
18.6%
CVE-2017-10699 CRITICAL CISA Emergency

avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service RCE Vlc Media Player
NVD
CVSS 3.0
9.8
EPSS
0.7%
Threat
4.0
CVE-2017-6044 CRITICAL Act Now

An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass File Upload Airlink Raven Xe Firmware Airlink Raven Xt Firmware
NVD
CVSS 3.0
9.8
EPSS
7.7%
CVE-2017-7899 CRITICAL PATCH Act Now

An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions;. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Rockwell Information Disclosure 1763 L16Awa Series A 1763 L16Awa Series B 1763 L16Bbb Series A +17
NVD
CVSS 3.0
9.8
EPSS
3.5%
CVE-2017-7898 CRITICAL PATCH Act Now

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Rockwell Information Disclosure
NVD VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2017-6041 CRITICAL Act Now

An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload A320 Firmware A325 Firmware A371 Firmware A520 Master Firmware +18
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-9358 CRITICAL Act Now

A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass A320 Firmware A325 Firmware A371 Firmware A520 Master Firmware +18
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-6022 CRITICAL Act Now

A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Performa Kla Journal Service
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-10670 CRITICAL Act Now

An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET), exploitable by sending a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Osci Transport Library
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-6028 CRITICAL Act Now

An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Modicon M241 Firmware Modicon M251 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2017-7903 CRITICAL PATCH Act Now

A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions;. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Brute Force Rockwell Information Disclosure
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2017-7905 CRITICAL PATCH Act Now

A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Multilin Sr 750 Feeder Protection Relay Firmware Multilin Sr 760 Feeder Protection Relay Firmware Multilin Sr 469 Motor Protection Relay Firmware Multilin Sr 489 Generator Protection Relay Firmware +6
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-6034 CRITICAL Act Now

An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2017-7902 CRITICAL PATCH Act Now

A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Rockwell Information Disclosure 1763 L16Awa Series A 1763 L16Awa Series B 1763 L16Bbb Series A +17
NVD
CVSS 3.0
9.8
EPSS
0.0%
CVE-2017-2292 CRITICAL Act Now

Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Mcollective
NVD
CVSS 3.0
9.0
EPSS
1.8%
CVE-2017-6042 HIGH This Week

A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Airlink Raven Xe Firmware Airlink Raven Xt Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-7901 HIGH PATCH This Week

A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Rockwell 1763 L16Awa Series A 1763 L16Awa Series B 1763 L16Bbb Series A +17
NVD
CVSS 3.0
8.6
EPSS
0.1%
CVE-2017-6017 HIGH This Week

A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Schneider Electric Bmxnoc0401 Firmware Bmxnoe0100 Firmware Bmxnoe0110 Firmware +12
NVD
CVSS 3.0
7.5
EPSS
5.2%
CVE-2017-6046 HIGH This Week

An Insufficiently Protected Credentials issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Airlink Raven Xe Firmware Airlink Raven Xt Firmware
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-6038 HIGH This Week

A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Gecko Lite Managed Switch Firmware
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2017-10709 MEDIUM This Month

The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.0
6.8
EPSS
0.0%
CVE-2017-6030 MEDIUM This Month

A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure
NVD VulDB GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2017-8443 MEDIUM This Month

In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Kibana
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-2298 MEDIUM PATCH This Month

The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mcollective Sshkey Security
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2017-6036 MEDIUM This Month

A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gecko Lite Managed Switch Firmware
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-10669 MEDIUM This Month

Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Osci Transport Library
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-6018 MEDIUM This Month

An open redirect issue was discovered in B. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Station Firmware
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-10668 MEDIUM This Month

A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Oracle Osci Transport Library
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-10674 MEDIUM This Month

Antiy Antivirus Engine 5.0.0.06281654 allows local users to cause a denial of service (BSOD) via a long third argument in a DeviceIoControl call. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Antivirus Engine
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2015-9102 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Photo Station
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2015-9105 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Video Station
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-9103 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Note Station
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-9104 MEDIUM This Month

Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Audio Station
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-6040 MEDIUM This Month

An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Lite Managed Switch Firmware
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-6032 MEDIUM This Month

A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Modbus Firmware
NVD
CVSS 3.0
5.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy