Skip to main content

Smartics

3 CVEs product

Monthly

CVE-2022-2140 CRITICAL Act Now

Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Smartics
NVD
CVSS 3.1
9.0
EPSS
0.8%
CVE-2022-2106 LOW Monitor

Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Smartics
NVD
CVSS 3.1
2.7
EPSS
0.6%
CVE-2022-2088 MEDIUM This Month

An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Smartics
NVD
CVSS 3.1
4.9
EPSS
0.7%
EPSS 1% CVSS 9.0
CRITICAL Act Now

Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Smartics
NVD
EPSS 1% CVSS 2.7
LOW Monitor

Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Smartics
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Smartics
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy