CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-11528
https://notcve.org/view.php?id=CVE-2019-11528
An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable. Se detectó un problema en Softing uaGate SI versión 1.60.01. Una ruta predeterminada del sistema para los ejecutables puede ser escrita por parte de un usuario. • https://security.mioso.com/CVE-2019-11528-en.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 1CVE-2019-15051
https://notcve.org/view.php?id=CVE-2019-15051
An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter. Se descubrió un problema en Softing uaGate (SI, MB, 840D) versión firmware hasta 1.71.00.1225. Un script CGI es vulnerable a la inyección de comandos por medio de un parámetro form maliciosamente creado. • https://security.mioso.com/CVE-2019-15051-en.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2019-11526
https://notcve.org/view.php?id=CVE-2019-11526
An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations. Se detectó un problema en Softing uaGate SI versión 1.60.01. Un script de mantenimiento, que es ejecutable mediante un sudo, es vulnerable a la inyección de ruta de archivo. • https://security.mioso.com/CVE-2019-11526-en.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 2CVE-2014-6617 – Softing FG-100 PB Hardcoded Backdoor
https://notcve.org/view.php?id=CVE-2014-6617
Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session. Softing FG-100 PB PROFIBUS, con firmware versión FG-x00-PB_V2.02.0.00, contiene una contraseña embebida para la cuenta root, lo que permite que atacantes remotos obtengan acceso administrativo mediante una sesión TELNET. Softing FG-100 PB comes with a hardcoded root account with a static password that cannot be changed by the administrator. • http://packetstormsecurity.com/files/128976/Softing-FG-100-PB-Hardcoded-Backdoor.html http://www.securityfocus.com/archive/1/533902/100/0/threaded http://www.securityfocus.com/bid/70927 https://exchange.xforce.ibmcloud.com/vulnerabilities/98512 https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2014-005_softring_backdoor_account.txt • CWE-798: Use of Hard-coded Credentials •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2014-6616 – Softing FG-100 PB Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-6616
Cross-site scripting (XSS) vulnerability in Softing FG-100 PROFIBUS Single Channel (FG-100-PB) with firmware FG-x00-PB_V2.02.0.00 allows remote attackers to inject arbitrary web script or HTML via the DEVICE_NAME parameter to cgi-bin/CFGhttp/. Vulnerabilidad de XSS en Softing FG-100 PROFIBUS Single Channel (FG-100-PB) con firmware FG-x00-PB_V2.02.0.00, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro DEVICE_NAME a cgi-bin/CFGhttp/. Softing FG-100 PB suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/128975/Softing-FG-100-PB-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/533903/100/0/threaded http://www.securityfocus.com/bid/70917 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •