CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4522
https://notcve.org/view.php?id=CVE-2016-4522
SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Rockwell Automation FactoryTalk EnergyMetrix en versiones anteriores a 2.20.00 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/92135 https://ics-cert.us-cert.gov/advisories/ICSA-16-173-03 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4531
https://notcve.org/view.php?id=CVE-2016-4531
Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. Rockwell Automation FactoryTalk EnergyMetrix en versiones anteriores a 2.20.00 no invalida credenciales sobre una acción de cierre de sesión, lo que facilita a atacantes remotos obtener acceso aprovechando una estación de servicio desatendida. • http://www.securityfocus.com/bid/92135 https://ics-cert.us-cert.gov/advisories/ICSA-16-173-03 • CWE-285: Improper Authorization •