CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2018-25090 – Wago: Improper Neutralization of Input During Web Page Generation in multiple devices
https://notcve.org/view.php?id=CVE-2018-25090
An unauthenticated remote attacker can use an XSS attack due to improper neutralization of input during web page generation. User interaction is required. This leads to a limited impact of confidentiality and integrity but no impact of availability. Un atacante remoto no autenticado puede utilizar un ataque XSS debido a una neutralización inadecuada de la entrada durante la generación de la página web. Se requiere la interacción del usuario. • https://cert.vde.com/en/advisories/VDE-2023-039 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-10123 – Wago: Buffer Copy without Checking Size of Input in wbm of multiple products
https://notcve.org/view.php?id=CVE-2015-10123
An unautheticated remote attacker could send specifically crafted packets to a affected device. If an authenticated user then views that data in a specific page of the web-based management a buffer overflow will be triggered to gain full access of the device. Un atacante remoto no autenticado podría enviar paquetes específicamente manipulados a un dispositivo afectado. Si un usuario autenticado ve esos datos en una página específica de la administración basada en web, se activará un desbordamiento del búfer para obtener acceso completo al dispositivo. • https://cert.vde.com/en/advisories/VDE-2023-039 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2019-10953
https://notcve.org/view.php?id=CVE-2019-10953
ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. En Controladores lógicos programables de ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - , versiones múltiples. Los investigadores han encontrado que algunos controladores son susceptibles a un ataque de Denegación de Servicio (DoS) debido a una inundación de paquetes de red. • http://www.securityfocus.com/bid/108413 https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •