CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2022-31482 – Denial-of-Service via internal structure overflow
https://notcve.org/view.php?id=CVE-2022-31482
06 Jun 2022 — An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this ... • https://www.corporate.carrier.com/product-security/advisories-resources • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 1%CPEs: 28EXPL: 0CVE-2022-31481 – Remote Code Execution via buffer overflow in firmware update process
https://notcve.org/view.php?id=CVE-2022-31481
06 Jun 2022 — An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The overflowed data can allow the attacker to manipulate the “normal” code execution to that of their choosing. An attacker with this level of access on the device can monitor all com... • https://www.corporate.carrier.com/product-security/advisories-resources • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2022-31480 – Unauthenticated Firmware Upload and Arbitrary Reboot
https://notcve.org/view.php?id=CVE-2022-31480
06 Jun 2022 — An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The attacker needs to have a properly signed and encrypted binary, loading the firmware to the device ultimately triggers a reboot. Un atacante no autenticado... • https://www.corporate.carrier.com/product-security/advisories-resources • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 10.0EPSS: 2%CPEs: 28EXPL: 0CVE-2022-31479 – Remote Code Execution via command injection of the hostname
https://notcve.org/view.php?id=CVE-2022-31479
06 Jun 2022 — An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboar... • https://www.corporate.carrier.com/product-security/advisories-resources • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-693: Protection Mechanism Failure •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-26519 – Interlogix Hills ComNav Improper Restriction of Excessive Authentication Attempts
https://notcve.org/view.php?id=CVE-2022-26519
20 Apr 2022 — There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 3002-19 interface, which allows local attackers to brute-force credentials. No se presenta límite en el número de intentos de autenticación para las páginas de configuración local de la interfaz Hills ComNav Versión 3002-19, lo que permite a atacantes locales forzar las credenciales • https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdf • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1318 – Hills ComNav Inadequate Encryption Strength
https://notcve.org/view.php?id=CVE-2022-1318
20 Apr 2022 — Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuration pages can be viewed by a malicious actor. The size of certain communications packets are predictable. This would allow an attacker to learn the state of the system if they can observe the traffic. This would be possible even if the traffic were encrypted, e.g., using WPA2, as the packet sizes would remain observable. • https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdf • CWE-203: Observable Discrepancy CWE-326: Inadequate Encryption Strength •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19762
https://notcve.org/view.php?id=CVE-2020-19762
22 Feb 2021 — Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request. Automated Logic Corporation (ALC) WebCTRL System versiones 6.5 y anteriores, permite a atacantes remotos ejecutar cualquier código JavaScript por medio de una carga útil XSS para el parámetro first en una petición GET • https://github.com/ismailerkek/CVEs/blob/main/CVE-2020-19762-RESERVED.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 2CVE-2018-8819 – WebCTRL Out-Of-Band XML Injection
https://notcve.org/view.php?id=CVE-2018-8819
09 Jun 2018 — An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via the "X-Wap-Profile" HTTP header. Se ha descubierto un problema de XEE (XML External Entity) en Automated Logic Corporation (ALC) WebCTRL en versiones 6.0, 6.1 y 6.5. Un atacante no autenticado podría introducir ent... • https://packetstorm.news/files/id/148126 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-5795
https://notcve.org/view.php?id=CVE-2016-5795
31 Aug 2017 — An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network. Se descubrió una vulnerabilidad XXE en Automated Logic Corporation (ALC) Liebert SiteScan Web en versio... • http://www.securityfocus.com/bid/100558 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 2%CPEs: 10EXPL: 2CVE-2017-9640 – Automated Logic WebCTRL 6.1 - Path Traversal / Arbitrary File Write
https://notcve.org/view.php?id=CVE-2017-9640
23 Aug 2017 — A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to overwrite files that are used to execute code. This vulnerability does not affect version 6.5 of the software. Se ha descubierto un problema de salto de directorio en Automated L... • https://packetstorm.news/files/id/143896 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •