2 results (0.003 seconds)

CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 2

Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session. Softing FG-100 PB PROFIBUS, con firmware versión FG-x00-PB_V2.02.0.00, contiene una contraseña embebida para la cuenta root, lo que permite que atacantes remotos obtengan acceso administrativo mediante una sesión TELNET. Softing FG-100 PB comes with a hardcoded root account with a static password that cannot be changed by the administrator. • http://packetstormsecurity.com/files/128976/Softing-FG-100-PB-Hardcoded-Backdoor.html http://www.securityfocus.com/archive/1/533902/100/0/threaded http://www.securityfocus.com/bid/70927 https://exchange.xforce.ibmcloud.com/vulnerabilities/98512 https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2014-005_softring_backdoor_account.txt • CWE-798: Use of Hard-coded Credentials •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1

Cross-site scripting (XSS) vulnerability in Softing FG-100 PROFIBUS Single Channel (FG-100-PB) with firmware FG-x00-PB_V2.02.0.00 allows remote attackers to inject arbitrary web script or HTML via the DEVICE_NAME parameter to cgi-bin/CFGhttp/. Vulnerabilidad de XSS en Softing FG-100 PROFIBUS Single Channel (FG-100-PB) con firmware FG-x00-PB_V2.02.0.00, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro DEVICE_NAME a cgi-bin/CFGhttp/. Softing FG-100 PB suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/128975/Softing-FG-100-PB-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/533903/100/0/threaded http://www.securityfocus.com/bid/70917 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •