CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27438
https://notcve.org/view.php?id=CVE-2021-27438
25 Mar 2021 — The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). El software contiene una contraseña embebida que usa para su propia autenticación entrante o para la comunicación saliente a componentes externos en el Reason DR60 (todas las versiones de firmware anteriores a 02A04.1) • https://us-cert.cisa.gov/ics/advisories/icsa-21-082-03 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27452
https://notcve.org/view.php?id=CVE-2021-27452
25 Mar 2021 — The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1). El software contiene una contraseña embebida que podría permitir a un atacante tomar el control de la unidad de fusión usando estas credenciales embebidas en el MU320E (todas las versiones de firmware anteriores a v04A00.1) • https://us-cert.cisa.gov/ics/advisories/icsa-21-082-02 • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18243
https://notcve.org/view.php?id=CVE-2019-18243
18 Feb 2021 — HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation. HMI/SCADA iFIX (Versiones anteriores a 6.1) permite a un usuario autenticado local modificar las configuraciones de iFIX de todo el sistema a través del registro. Esto puede permitir una escalada de privilegios • https://us-cert.cisa.gov/ics/advisories/icsa-21-040-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18255
https://notcve.org/view.php?id=CVE-2019-18255
18 Feb 2021 — HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation. HMI/SCADA iFIX (Versiones anteriores a 6.1) permite a un usuario autenticado local modificar las configuraciones de iFIX de todo el sistema mediante objetos de sección. Esto puede permitir una escalada de privilegios • https://us-cert.cisa.gov/ics/advisories/icsa-21-040-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2020-27265
https://notcve.org/view.php?id=CVE-2020-27265
13 Jan 2021 — KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code. KEPServerEX: versiones v6.0 hasta v6.9, ThingWorx Ke... • https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 1%CPEs: 11EXPL: 0CVE-2020-27263
https://notcve.org/view.php?id=CVE-2020-27263
13 Jan 2021 — KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data. KEPServerEX: versiones v6.0 hasta v6.9, ThingWorx Ke... • https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 1%CPEs: 11EXPL: 0CVE-2020-27267
https://notcve.org/view.php?id=CVE-2020-27267
13 Jan 2021 — KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data. KEPServerEX versiones v6.0 hasta v6.9, ThingWorx K... • https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-16246 – GE Reason S20 Ethernet Switch
https://notcve.org/view.php?id=CVE-2020-16246
20 Oct 2020 — The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client. El Reason S20 Ethernet Switch afectado es vulnerable a un ataque de tipo cross-site scripting (XSS), lo que puede permitir a atacantes engañar a los usuarios para que sigan un e... • https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-16242 – GE Reason S20 Ethernet Switch
https://notcve.org/view.php?id=CVE-2020-16242
25 Sep 2020 — The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts. El Reason S20 Ethernet Switch afectado es vulnerable a un ataque de tipo cross-site scripting (XSS), que pueden permitir a un atacante engañar a los usuarios de la aplicación para llevar a cabo acciones críticas de la aplicación que incluyen, pero no los limi... • https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16240
https://notcve.org/view.php?id=CVE-2020-16240
23 Sep 2020 — GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downloaded in JavaScript object notation (JSON) format by users who should not have access to such functionality. An attacker can download sensitive data related to user accounts without having the proper privileges. GE Digital APM Classic, versiones 4.4 y anteriores. Una vulnerabilidad de referencia directa a objeto no segura (IDOR) permite a unos usuarios que no debe... • https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01 • CWE-639: Authorization Bypass Through User-Controlled Key •