CVE-2018-14808
https://notcve.org/view.php?id=CVE-2018-14808
Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products. Emerson AMS Device Manager, de la versión v12.0 a la v13.5. Los usuarios no administradores pueden cambiar archivos ejecutables y de la biblioteca en los productos afectados. • http://www.securityfocus.com/bid/105406 https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01 • CWE-269: Improper Privilege Management •
CVE-2018-14804
https://notcve.org/view.php?id=CVE-2018-14804
Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution. Emerson AMS Device Manager, de la versión v12.0 a la v13.5. Un script especialmente manipulado podría ejecutarse para permitir la ejecución remota de código. • http://www.securityfocus.com/bid/105406 https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-284: Improper Access Control •
CVE-2015-1008
https://notcve.org/view.php?id=CVE-2015-1008
SQL injection vulnerability in Emerson AMS Device Manager before 13 allows remote authenticated users to gain privileges via malformed input. Vulnerabilidad de inyección SQL en Emerson AMS Device Manager anterior a 13 permite a usuarios remotos autenticados ganar privilegios a través de entradas malformadas. • http://community.emerson.com/process/emerson-exchange/operateandmanage/deltav/deltav_security/b/securitynotificationblog/archive/2015/04/16/dsn15003-2-ams-device-management-sql-injection-vulnerability http://www.securityfocus.com/bid/74774 https://ics-cert.us-cert.gov/advisories/ICSA-15-111-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •