CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-31805 – Insecure transmission of credentials
https://notcve.org/view.php?id=CVE-2022-31805
24 Jun 2022 — In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. En CODESYS Development System, varios componentes en diversos versiones transmiten las contraseñas para la comunicación entre clientes y servidores sin protección • https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17140&token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c&download= • CWE-523: Unprotected Transport of Credentials •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-8472 – ABB System 800xA Weak File Permissions - different products
https://notcve.org/view.php?id=CVE-2020-8472
28 Apr 2020 — Insufficient folder permissions used by system functions in ABB System 800xA products OPCServer for AC800M (versions 6.0 and earlier) and Control Builder M Professional, MMSServer for AC800M, Base Software for SoftControl (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploited the vulnerabilities could escalate his/her privileges, cause system functions to stop and to corrupt user applications. Lo... • https://search.abb.com/library/Download.aspx?DocumentID=2PAA121106&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 17%CPEs: 1EXPL: 0CVE-2007-4473
https://notcve.org/view.php?id=CVE-2007-4473
17 Dec 2007 — Gesytec Easylon OPC Server before 2.3.44 does not properly validate server handles, which allows remote attackers to execute arbitrary code or cause a denial of service via unspecified network traffic to the OLE for Process Control (OPC) interface, probably related to free operations on arbitrary memory addresses through certain Remove functions, and read and write operations on arbitrary memory addresses through certain Set, Read, and Write functions. Gesytec Easylon OPC Server anterior a 2.3.44 no valida ... • http://osvdb.org/42650 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •