2 results (0.002 seconds)

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file. • https://www.corporate.carrier.com/product-security/advisories-resources https://www.cisa.gov/news-events/ics-advisories • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in Automated Logic WebCTRL 7.0 could allow an attacker to send a maliciously crafted URL, which when visited by an authenticated WebCTRL user, could result in the redirection of the user to a malicious webpage via "index.jsp" • https://www.corporate.carrier.com/product-security/advisories-resources https://www.cisa.gov/news-events/ics-advisories • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •