CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2023-51599 – Honeywell Saia PG5 Controls Suite Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-51599
20 Dec 2023 — Honeywell Saia PG5 Controls Suite Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. The issue results from the lack of proper validation of a user-supplied path prior to using it in ... • https://www.zerodayinitiative.com/advisories/ZDI-23-1848 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51600 – Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-51600
20 Dec 2023 — Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) references, a cra... • https://www.zerodayinitiative.com/advisories/ZDI-23-1849 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51601 – Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-51601
20 Dec 2023 — Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of xml files. Due to the improper restriction of XML External Entity (XXE) references, a cra... • https://www.zerodayinitiative.com/advisories/ZDI-23-1850 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51602 – Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-51602
20 Dec 2023 — Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) references, a cra... • https://www.zerodayinitiative.com/advisories/ZDI-23-1851 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2023-51603 – Honeywell Saia PG5 Controls Suite CAB File Parsing Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-51603
20 Dec 2023 — Honeywell Saia PG5 Controls Suite CAB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CAB files. The issue results from the lack of proper validation of a user-supplied path prio... • https://www.zerodayinitiative.com/advisories/ZDI-23-1852 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51604 – Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-51604
20 Dec 2023 — Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) references, a cra... • https://www.zerodayinitiative.com/advisories/ZDI-23-1853 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51605 – Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-51605
20 Dec 2023 — Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) references, a cra... • https://www.zerodayinitiative.com/advisories/ZDI-23-1854 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30319
https://notcve.org/view.php?id=CVE-2022-30319
28 Jul 2022 — Saia Burgess Controls (SBC) PCD through 2022-05-06 allows Authentication bypass. According to FSCT-2022-0062, there is a Saia Burgess Controls (SBC) PCD S-Bus authentication bypass issue. The affected components are characterized as: S-Bus (5050/UDP) authentication. The potential impact is: Authentication bypass. The Saia Burgess Controls (SBC) PCD controllers utilize the S-Bus protocol (5050/UDP) for a variety of engineering purposes. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-03 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30320
https://notcve.org/view.php?id=CVE-2022-30320
28 Jul 2022 — Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm. According to FSCT-2022-0063, there is a Saia Burgess Controls (SBC) PCD S-Bus weak credential hashing scheme issue. The affected components are characterized as: S-Bus (5050/UDP) authentication. The potential impact is: Authentication bypass. The Saia Burgess Controls (SBC) PCD controllers utilize the S-Bus protocol (5050/UDP) for a variety of engineering purposes. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-03 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •