Page 3 of 12 results (0.002 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization. Delta Electronics DIALink versiones 1.2.4.0 y anteriores, son ejecutadas por defecto en HTTP, lo que puede permitir a un atacante situarse entre el tráfico y llevar a cabo un ataque de tipo machine-in-the-middle para acceder a la información sin autorización • https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code. Delta Electronics DIALink versiones 1.2.4.0 y anteriores, es vulnerable a un ataque de tipo cross-site scripting porque un atacante autenticado puede inyectar código JavaScript arbitrario en el parámetro deviceName de la API modbusWriter-Reader, lo que puede permitir a un atacante ejecutar código de forma remota • https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •