CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-42833 – Use of hardcoded credentials impacting AquaView versions 1.60, 7.x, 8.x
https://notcve.org/view.php?id=CVE-2021-42833
A Use of Hardcoded Credentials vulnerability exists in AquaView versions 1.60, 7.x, and 8.x that could allow an authenticated local attacker to manipulate users and system settings. Se presenta una vulnerabilidad de uso de credenciales embebidas en AquaView versiones 1.60, 7.x y 8.x, que podría permitir a un atacante local autenticado manipular usuarios y configuraciones del sistema • https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-01 https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xpsa-aquaview-v5.0.pdf • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41063
https://notcve.org/view.php?id=CVE-2021-41063
SQL injection vulnerability was discovered in Aanderaa GeoView Webservice prior to version 2.1.3 that could allow an unauthenticated attackers to execute arbitrary commands. Se ha detectado una vulnerabilidad de inyección SQL en el servicio web de Aanderaa GeoView versiones anteriores a 2.1.3, que podría permitir a un atacante no autenticado ejecutar comandos arbitrarios • https://www.cisa.gov/uscert/ics/advisories/icsa-21-334-01 https://www.xylem.com https://www.xylem.com/en-us/about-xylem/cybersecurity/advisories https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-aanderaa-psa-2021-003.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •