CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43804 – OS Command Injection via Port Scan Functionality in Roxy-WI
https://notcve.org/view.php?id=CVE-2024-43804
An OS Command Injection vulnerability allows any authenticated user on the application to execute arbitrary code on the web application server via port scanning functionality. • https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-qc52-vwwj-5585 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-5624 – Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL
https://notcve.org/view.php?id=CVE-2024-5624
Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL <= R 4.4-00P3 may allow a network-based attacker to execute arbitrary JavaScript code in the context of the user's browser session • https://www.br-automation.com/fileadmin/SA24P2014_Multiple_vulnerabilities_in_BR_APROL.pdf-367290ae.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-5623 – Untrusted search path vulnerability in B&R APROL
https://notcve.org/view.php?id=CVE-2024-5623
An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges. • https://www.br-automation.com/fileadmin/SA24P2014_Multiple_vulnerabilities_in_BR_APROL.pdf-367290ae.pdf • CWE-250: Execution with Unnecessary Privileges CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-5622 – Untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL
https://notcve.org/view.php?id=CVE-2024-5622
.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges. • https://www.br-automation.com/fileadmin/SA24P2014_Multiple_vulnerabilities_in_BR_APROL.pdf-367290ae.pdf • CWE-250: Execution with Unnecessary Privileges CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8255 – Path Traversal in Ocean Data Systems Dream Report
https://notcve.org/view.php?id=CVE-2024-8255
Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DTN Soft. ... An attacker can leverage this vulnerability to execute code in the context of an administrator. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-242-02 • CWE-502: Deserialization of Untrusted Data •