3 results (0.002 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products. Emerson AMS Device Manager, de la versión v12.0 a la v13.5. Los usuarios no administradores pueden cambiar archivos ejecutables y de la biblioteca en los productos afectados. • http://www.securityfocus.com/bid/105406 https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01 • CWE-269: Improper Privilege Management •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution. Emerson AMS Device Manager, de la versión v12.0 a la v13.5. Un script especialmente manipulado podría ejecutarse para permitir la ejecución remota de código. • http://www.securityfocus.com/bid/105406 https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-284: Improper Access Control •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in Emerson AMS Device Manager before 13 allows remote authenticated users to gain privileges via malformed input. Vulnerabilidad de inyección SQL en Emerson AMS Device Manager anterior a 13 permite a usuarios remotos autenticados ganar privilegios a través de entradas malformadas. • http://community.emerson.com/process/emerson-exchange/operateandmanage/deltav/deltav_security/b/securitynotificationblog/archive/2015/04/16/dsn15003-2-ams-device-management-sql-injection-vulnerability http://www.securityfocus.com/bid/74774 https://ics-cert.us-cert.gov/advisories/ICSA-15-111-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •