Page 2 of 13 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to historical data from AprolSqlServer by bypassing authentication, a different vulnerability than CVE-2019-16358. Se detectó un problema en B&R Industrial Automation APROL versiones anteriores a R4.2 V7.08. Un atacante puede conseguir acceso a datos históricos de AprolSqlServer al omitir una autenticación, una vulnerabilidad diferente de CVE-2019-16358 • https://www.br-automation.com/downloads_br_productcatalogue/BRP44400000000000000585952/APROL_R42_A1_ReleaseNotes_001.pdf •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against AprolSqlServer, a different vulnerability than CVE-2019-16357. Se detectó un problema en B&R Industrial Automation APROL versiones anteriores a R4.2 V7.08. Un atacante puede conseguir acceso a información confidencial fuera del directorio de trabajo por medio de ataques de Salto de Directorio contra AprolSqlServer, una vulnerabilidad diferente de CVE-2019-16357 • https://www.br-automation.com/downloads_br_productcatalogue/BRP44400000000000000585952/APROL_R42_A1_ReleaseNotes_001.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006. Se detectó un problema en B&R Industrial Automation APROL versiones anteriores a R4.2 V7.08. Un script PHP EnMon era vulnerable a una inyección SQL, una vulnerabilidad diferente de CVE-2019-10006 • https://www.br-automation.com/downloads_br_productcatalogue/BRP44400000000000000585952/APROL_R42_A1_ReleaseNotes_001.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected (using Python scripts) via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364. Se detectó un problema en B&R Industrial Automation APROL versiones anteriores a R4.2 V7.08. Se pueden inyectar comandos arbitrarios (usando scripts de Python) por medio del script AprolCluster que es invocado por medio de sudo y, por lo tanto, se ejecuta con privilegio root, una vulnerabilidad diferente de CVE-2019-16364 • https://www.br-automation.com/downloads_br_productcatalogue/BRP44400000000000000585952/APROL_R42_A1_ReleaseNotes_001.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in the web interface allowed injection and execution of arbitrary unintended commands on the web server, a different vulnerability than CVE-2019-16364. Se detectó un problema en B&R Industrial Automation APROL versiones anteriores a R4.2 V7.08. Algunos scripts web en la interfaz web permitían una inyección y ejecución de comandos arbitrarios no deseados en el servidor web, una vulnerabilidad diferente de CVE-2019-16364 • https://www.br-automation.com/downloads_br_productcatalogue/BRP44400000000000000585952/APROL_R42_A1_ReleaseNotes_001.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •