Page 6 of 30 results (0.009 seconds)

CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0

An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System. Se detectó un problema en los productos 3S-Smart CODESYS V3. CODESYS Gateway no comprueba correctamente la propiedad de un canal de comunicación. • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12937&token=769045a17015bea00ec7ff313de8f1a5c73e7b93&download= https://www.us-cert.gov/ics/advisories/icsa-19-213-03 •

CVSS: 7.5EPSS: 9%CPEs: 5EXPL: 2

The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message. An attacker could thus mislead a user to believe this information is from the legitimate service when it's not. SAP Gateway, versiones 7.5, 7.51, 7.52 y 7.53, permite a un atacante inyectar contenido que es desplegado en forma de mensaje de error. Por lo tanto, un atacante podría engañar a un usuario para que crea que esta información es de servicio legítimo cuando no lo es. • http://packetstormsecurity.com/files/153661/SAPUI5-1.0.0-SAP-Gateway-7.5-7.51-7.52-7.53-Content-Spoofing.html http://www.securityfocus.com/bid/109074 https://cxsecurity.com/ascii/WLB-2019050283 https://drive.google.com/open?id=1aGFqggvydehSK7MFIsfKW7tO60yiF55f https://launchpad.support.sap.com/#/notes/2752614 https://launchpad.support.sap.com/#/notes/2911267 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0

Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. Existe el filtrado de direcciones de comunicación incorrecto en los productos de CODESYS, en sus versiones V3 anteriores a la V3.5.14.0. • http://www.securityfocus.com/bid/106251 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04 •

CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0

Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0. Existen valores aleatorios utilizados de manera insuficiente en los productos de CODESYS, en sus versiones V3 anteriores a la V3.5.14.0. • http://www.securityfocus.com/bid/106251 https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04 • CWE-330: Use of Insufficiently Random Values •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to (1) funcs.inc, (2) defines.inc, or (3) msg.inc in Management/. El radware AppWall Web Application Firewall (WAF) v1.0.2.6, con Gateway v4.6.0.2, permite a los atacantes remotos leer código fuente a través de una petición directa a (1) funcs.inc, (2) defines.inc, o (3) msg.inc en Management/. • http://www.securityfocus.com/archive/1/504682/100/0/threaded • CWE-20: Improper Input Validation •