Skip to main content

Control Center

15 CVEs product

Monthly

CVE-2025-7884 LOW Monitor

Eluktronics Control Center 5.23.51.41 permits local authenticated users to bypass data authenticity verification in the REG File Handler component, resulting in potential information disclosure. The vulnerability requires local access and authenticated privileges but carries minimal real-world impact given the CVSS 1.9 score and EPSS exploitation probability of 0.01% (third percentile). Public exploit code has been disclosed, though vendor has not responded to disclosure notifications.

Information Disclosure Control Center
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-7883 HIGH This Week

Command injection in Eluktronics Control Center 5.23.51.41 allows local authenticated users to execute arbitrary PowerShell commands with elevated privileges through the AiStoneService component. The vulnerability has public exploit code available (CVSS E:P) and affects a PC hardware control software, enabling local privilege escalation. Vendor was notified but did not respond, leaving the vulnerability unpatched. EPSS data not available, but the local-only attack vector (AV:L) and authentication requirement (PR:L) limit widespread exploitation risk despite the critical CVSS 7.1 score.

Command Injection Control Center
NVD VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2023-5616 MEDIUM POC PATCH This Month

In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. Public exploit code available.

Authentication Bypass Ubuntu SSH Control Center Ubuntu Linux +2
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2023-43052 MEDIUM This Month

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Control Center
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-35114 MEDIUM This Month

IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Control Center
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-35113 MEDIUM Monitor

IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Control Center
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-35112 MEDIUM This Month

IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Control Center
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-35111 MEDIUM Monitor

IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Control Center
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-21229 HIGH This Week

Improper buffer restrictions for some Intel(R) NUC 9 Extreme Laptop Kit drivers before version 2.2.0.22 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Control Center
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-26669 MEDIUM This Month

ASUS Control Center is vulnerable to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Control Center
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-26668 MEDIUM This Month

ASUS Control Center API has a broken access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Control Center
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-33408 MEDIUM This Month

Local File Inclusion vulnerability in Ab Initio Control>Center before 4.0.2.6 allows remote attackers to retrieve arbitrary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control Center
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-20529 MEDIUM PATCH This Month

IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Control Center
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-20528 MEDIUM PATCH This Month

IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Control Center
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2016-0252 MEDIUM This Month

IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Control Center Sterling Control Center
NVD
CVSS 3.0
5.1
EPSS
0.1%
EPSS 0% CVSS 1.9
LOW Monitor

Eluktronics Control Center 5.23.51.41 permits local authenticated users to bypass data authenticity verification in the REG File Handler component, resulting in potential information disclosure. The vulnerability requires local access and authenticated privileges but carries minimal real-world impact given the CVSS 1.9 score and EPSS exploitation probability of 0.01% (third percentile). Public exploit code has been disclosed, though vendor has not responded to disclosure notifications.

Information Disclosure Control Center
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Command injection in Eluktronics Control Center 5.23.51.41 allows local authenticated users to execute arbitrary PowerShell commands with elevated privileges through the AiStoneService component. The vulnerability has public exploit code available (CVSS E:P) and affects a PC hardware control software, enabling local privilege escalation. Vendor was notified but did not respond, leaving the vulnerability unpatched. EPSS data not available, but the local-only attack vector (AV:L) and authentication requirement (PR:L) limit widespread exploitation risk despite the critical CVSS 7.1 score.

Command Injection Control Center
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM POC PATCH This Month

In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. Public exploit code available.

Authentication Bypass Ubuntu SSH +4
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Control Center
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Control Center
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

IBM Control Center 6.2.1 and 6.3.1 could allow an authenticated user to obtain sensitive information exposed through a directory listing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Control Center
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Control Center
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Control Center
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper buffer restrictions for some Intel(R) NUC 9 Extreme Laptop Kit drivers before version 2.2.0.22 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Control Center
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

ASUS Control Center is vulnerable to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Control Center
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

ASUS Control Center API has a broken access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Control Center
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Local File Inclusion vulnerability in Ab Initio Control>Center before 4.0.2.6 allows remote attackers to retrieve arbitrary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control Center
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Control Center
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Control Center
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Control Center +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy