Skip to main content

CWE-477

Use of Obsolete Function

16 CVEs Avg CVSS 8.4 MITRE
8
CRITICAL
5
HIGH
2
MEDIUM
1
LOW
0
POC
0
KEV

Monthly

CVE-2026-1693 MEDIUM This Month

PcVue versions 12.0.0 through 16.3.3 use the deprecated OAuth Resource Owner Password Credentials flow in their web services, enabling remote attackers to steal user credentials without authentication or user interaction. The vulnerability affects WebVue, WebScheduler, TouchVue, and Snapvue components and carries a high severity rating with no patch currently available.

Information Disclosure Pcvue
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-49217 CRITICAL PATCH Act Now

Pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer caused by insecure deserialization. Attackers can exploit this vulnerability over the network without authentication to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability impact). This is a critical, actively exploitable vulnerability affecting Trend Micro Endpoint Encryption deployments; similar to CVE-2025-49213 but in a different vulnerable method, indicating a pattern of insecure deserialization issues in the same product.

Deserialization RCE Trend Micro Authentication Bypass Trend Micro Endpoint Encryption
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2025-49216 CRITICAL PATCH Act Now

Critical authentication bypass vulnerability in Trend Micro Endpoint Encryption PolicyServer that allows unauthenticated remote attackers to gain administrative access and modify product configurations without valid credentials. The vulnerability has a CVSS 9.8 score indicating severe impact (confidentiality, integrity, and availability compromised), and represents a complete authentication control failure requiring immediate patching.

Authentication Bypass Trend Micro Privilege Escalation Trend Micro Endpoint Encryption
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-49214 HIGH PATCH This Week

Post-authentication insecure deserialization vulnerability in Trend Micro Endpoint Encryption PolicyServer that allows remote code execution with high impact on confidentiality, integrity, and availability. While the CVSS score of 8.8 is significant, exploitation requires prior low-privileged code execution on the target system, substantially reducing real-world attack surface compared to unauthenticated network exploits. The vulnerability affects Trend Micro Endpoint Encryption installations and should be prioritized based on organizational exposure to this specific product line and internal threat modeling of low-privileged account compromise scenarios.

Deserialization RCE Trend Micro Privilege Escalation Trend Micro Endpoint Encryption
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2025-49213 CRITICAL PATCH Act Now

Critical pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer caused by insecure deserialization. An unauthenticated attacker can exploit this vulnerability over the network with no user interaction required to achieve complete system compromise (confidentiality, integrity, and availability impact). This vulnerability is actively being tracked and should be prioritized for immediate patching as it requires no privileges or complex attack conditions.

Deserialization RCE Trend Micro Authentication Bypass Trend Micro Endpoint Encryption
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2025-49212 CRITICAL PATCH Act Now

Pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer caused by insecure deserialization in an unnamed method. An unauthenticated attacker on the network can exploit this over the network without user interaction to achieve complete system compromise (confidentiality, integrity, and availability impact). This vulnerability is actively monitored and represents a critical threat requiring immediate patching.

Deserialization RCE Trend Micro Authentication Bypass Trend Micro Endpoint Encryption
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2025-49220 CRITICAL PATCH Act Now

Critical pre-authentication remote code execution vulnerability in Trend Micro Apex Central versions below 8.0.7007, caused by insecure deserialization in a specific method. The vulnerability allows unauthenticated remote attackers to execute arbitrary code with complete system compromise (confidentiality, integrity, and availability impact). With a CVSS score of 9.8 and network-based attack vector requiring no user interaction, this represents an immediately exploitable critical threat to exposed Apex Central installations.

Deserialization RCE Apex Central
NVD
CVSS 3.1
9.8
EPSS
7.0%
CVE-2025-49219 CRITICAL PATCH Act Now

Pre-authentication remote code execution vulnerability stemming from insecure deserialization in Trend Micro Apex Central versions below 8.0.7007. An unauthenticated attacker can exploit this vulnerability over the network with low complexity to achieve complete system compromise (confidentiality, integrity, and availability). This vulnerability is actively tracked by CISA as a known exploited vulnerability (KEV) with high CVSS 9.8 severity and carries significant real-world risk due to its network-accessible, authentication-bypass nature.

Deserialization RCE Trend Micro Authentication Bypass Apex Central
NVD
CVSS 3.1
9.8
EPSS
6.5%
CVE-2023-28829 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions),. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Simatic Net Pc Software Simatic Pcs 7 Simatic Wincc +1
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23451 CRITICAL Act Now

The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ue410 En3 Firmware Ue410 En1 Firmware Ue410 En3S04 Firmware Ue410 En4 Firmware +6
NVD
CVSS 3.1
9.8
EPSS
0.6%
EPSS 0% CVSS 5.3
MEDIUM This Month

PcVue versions 12.0.0 through 16.3.3 use the deprecated OAuth Resource Owner Password Credentials flow in their web services, enabling remote attackers to steal user credentials without authentication or user interaction. The vulnerability affects WebVue, WebScheduler, TouchVue, and Snapvue components and carries a high severity rating with no patch currently available.

Information Disclosure Pcvue
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer caused by insecure deserialization. Attackers can exploit this vulnerability over the network without authentication to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability impact). This is a critical, actively exploitable vulnerability affecting Trend Micro Endpoint Encryption deployments; similar to CVE-2025-49213 but in a different vulnerable method, indicating a pattern of insecure deserialization issues in the same product.

Deserialization RCE Trend Micro +2
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Critical authentication bypass vulnerability in Trend Micro Endpoint Encryption PolicyServer that allows unauthenticated remote attackers to gain administrative access and modify product configurations without valid credentials. The vulnerability has a CVSS 9.8 score indicating severe impact (confidentiality, integrity, and availability compromised), and represents a complete authentication control failure requiring immediate patching.

Authentication Bypass Trend Micro Privilege Escalation +1
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Post-authentication insecure deserialization vulnerability in Trend Micro Endpoint Encryption PolicyServer that allows remote code execution with high impact on confidentiality, integrity, and availability. While the CVSS score of 8.8 is significant, exploitation requires prior low-privileged code execution on the target system, substantially reducing real-world attack surface compared to unauthenticated network exploits. The vulnerability affects Trend Micro Endpoint Encryption installations and should be prioritized based on organizational exposure to this specific product line and internal threat modeling of low-privileged account compromise scenarios.

Deserialization RCE Trend Micro +2
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

Critical pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer caused by insecure deserialization. An unauthenticated attacker can exploit this vulnerability over the network with no user interaction required to achieve complete system compromise (confidentiality, integrity, and availability impact). This vulnerability is actively being tracked and should be prioritized for immediate patching as it requires no privileges or complex attack conditions.

Deserialization RCE Trend Micro +2
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

Pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer caused by insecure deserialization in an unnamed method. An unauthenticated attacker on the network can exploit this over the network without user interaction to achieve complete system compromise (confidentiality, integrity, and availability impact). This vulnerability is actively monitored and represents a critical threat requiring immediate patching.

Deserialization RCE Trend Micro +2
NVD
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

Critical pre-authentication remote code execution vulnerability in Trend Micro Apex Central versions below 8.0.7007, caused by insecure deserialization in a specific method. The vulnerability allows unauthenticated remote attackers to execute arbitrary code with complete system compromise (confidentiality, integrity, and availability impact). With a CVSS score of 9.8 and network-based attack vector requiring no user interaction, this represents an immediately exploitable critical threat to exposed Apex Central installations.

Deserialization RCE Apex Central
NVD
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

Pre-authentication remote code execution vulnerability stemming from insecure deserialization in Trend Micro Apex Central versions below 8.0.7007. An unauthenticated attacker can exploit this vulnerability over the network with low complexity to achieve complete system compromise (confidentiality, integrity, and availability). This vulnerability is actively tracked by CISA as a known exploited vulnerability (KEV) with high CVSS 9.8 severity and carries significant real-world risk due to its network-accessible, authentication-bypass nature.

Deserialization RCE Trend Micro +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions),. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Simatic Net Pc Software +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ue410 En3 Firmware Ue410 En1 Firmware +8
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy