CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5500 – Frauscher: FDS102 for FAdC/FAdCi remote code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-5500
11 Dec 2023 — This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code ('Code Injection') to gain full control of the affected device. Esta vulnerabilidad permite a un atacante remoto con pocos privilegios hacer un uso indebido del control inadecuado de generación de código ("inyección de código") para obtener el control total del dispositivo afectado. • https://cert.vde.com/en/advisories/VDE-2023-049 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4292 – Frauscher FDS101 for FAdC/FAdCi SQL injection vulnerability
https://notcve.org/view.php?id=CVE-2023-4292
21 Sep 2023 — Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without authentication. The database contains limited, non-critical log information. Frauscher Sensortechnik GmbH FDS101 para FAdC/FAdCi v1.4.24 y todas las versiones anteriores son vulnerables a una vulnerabilidad de inyección SQL a través de parámetros manipulados de la interfaz web sin autenticación. La base de datos contiene ... • https://https://cert.vde.com/en/advisories/VDE-2023-038 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4152 – Frauscher FDS101 for FAdC/FAdCi path traversal vulnerability
https://notcve.org/view.php?id=CVE-2023-4152
21 Sep 2023 — Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS101 device. Frauscher Sensortechnik GmbH FDS101 para FAdC/FAdCi v1.4.24 y todas las versiones anteriores son vulnerables a una vulnerabilidad de Path Traversal de la interfaz web mediante una URL manipulada sin autenticación. Esto permite... • https://cert.vde.com/en/advisories/VDE-2023-038 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4291 – Frauscher FDS101 for FAdC/FAdCi remote code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-4291
21 Sep 2023 — Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface without authentication. This could lead to a full compromise of the FDS101 device. Frauscher Sensortechnik GmbH FDS101 para FAdC/FAdCi v1.4.24 y todas las versiones anteriores son vulnerables a una vulnerabilidad de ejecución remota de código (RCE) a través de parámetros manipulados de la interfaz web sin autenticac... • https://cert.vde.com/en/advisories/VDE-2023-038 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2880 – Frauscher Sensortechnik Diagnostic System FDS001 for FAdC/FAdCi Path Traversal vulnerability
https://notcve.org/view.php?id=CVE-2023-2880
05 Jul 2023 — Frauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi v1.3.3 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS001 device. • https://cert.vde.com/en/advisories/VDE-2023-011 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3575 – Frauscher Sensortechnik Diagnostic System FDS102 for FAdC R2 and FAdCi R2 configuration upload vulnerability
https://notcve.org/view.php?id=CVE-2022-3575
02 Nov 2022 — Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device. Frauscher Sensortechnik GmbH FDS102 para FAdC R2 y FAdCi R2 v2.8.0 a v2.9.1 son vulnerables a la carga de códigos maliciosos sin autenticación mediante la función de carga de configuración. Esto podría provocar un compromiso total del dispositivo FDS102. • https://www.frauscher.com/en/psirt • CWE-434: Unrestricted Upload of File with Dangerous Type •