Page 2 of 23 results (0.004 seconds)

CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0

A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-306: Missing Authentication for Critical Function •

CVSS: 8.1EPSS: 0%CPEs: 12EXPL: 0

A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-306: Missing Authentication for Critical Function •

CVSS: 5.4EPSS: 0%CPEs: 12EXPL: 0

A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-306: Missing Authentication for Critical Function •

CVSS: 5.3EPSS: 0%CPEs: 20EXPL: 0

Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges. La administración de múltiples productos basada en web de Wago tiene una vulnerabilidad que permite a un atacante autenticado local cambiar las contraseñas de otros usuarios que no sean administradores y así escalar privilegios no root. • https://cert.vde.com/en/advisories/VDE-2023-015 • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •

CVSS: 2.7EPSS: 0%CPEs: 14EXPL: 0

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected. En los productos Wago afectados, un atacante remoto con privilegios administrativos puede acceder a archivos a los que ya tiene acceso a través de una inclusión de archivo local no documentada. Este acceso se registra en un archivo de registro diferente al esperado. • https://cert.vde.com/en/advisories/VDE-2023-046 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •