Page 3 of 13 results (0.005 seconds)

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in Socomec REMOTE VIEW PRO 2.0.41.4. Improper validation of input into the username field makes it possible to place a stored XSS payload. This is executed if an administrator views the System Event Log. Se ha detectado un problema en Socomec REMOTE VIEW PRO 2.0.41.4. Una comprobación inapropiada de la entrada en el campo username hace posible la colocación de una carga útil de tipo XSS almacenado. • https://f20.be/cves/socomec https://www.socomec.com/remote-view-software_en.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. An authenticated attacker can bypass a client-side file-type check and upload arbitrary .php files. Se ha detectado un problema en el formulario de actualización del firmware en Socomec REMOTE VIEW PRO versión 2.0.41.4. Un atacante autenticado puede omitir una comprobación de tipo de archivo del lado del cliente y cargar archivos .php arbitrarios • https://f20.be/cves/socomec https://www.socomec.com/remote-view-software_en.html • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: 19%CPEs: 2EXPL: 0

Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI. La divulgación de la contraseña en la interfaz web de los dispositivos socomec DIRIS A-40 versiones anteriores a 48250501, permite que un atacante remoto consiga acceso completo a un dispositivo por medio del URI /password.jsn. Socomec DIRIS A-40 devices versions before 48250501 allow a remote attacker to get full access to a device via the /password.jsn URI. • http://packetstormsecurity.com/files/154764/Socomec-DIRIS-A-40-Password-Disclosure.html http://seclists.org/fulldisclosure/2019/Oct/10 https://www.socomec.com/single-circuit-multifunction-meters_en.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •