Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
energy vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-24117
Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II prior to 8.3.0, SD prior to 6.4.7, TD220X prior to 2.0.16, and TD220MAX prior to 1.2.6.
Ge Inet 900 Firmware
Ge Inet Ii 900 Firmware
Ge Sd1 Firmware
Ge Sd2 Firmware
Ge Sd4 Firmware
Ge Sd9 Firmware
Ge Td220max Firmware
Ge Td220x Firmware
9.8
CVSSv3
CVE-2022-4557
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: prior to 23.01.01.
Gruparge Smartpower
6.5
CVSSv3
CVE-2019-5014
An exploitable improper access control vulnerability exists in the bluetooth low energy functionality of Winco Fireworks FireFly FW-1007 V2.0. An attacker can connect to the device to trigger this vulnerability.
Wincofireworks Fw-1007 Firmware 2.0
NA
CVE-2024-23787
Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and previous versions allows a network-adjacent unauthenticated malicious user to obtain an arbitrary file in the affected product.
NA
CVE-2024-32368
Insecure Permission vulnerability in Agasta Sanketlife 2.0 Pocket 12-Lead ECG Monitor FW Version 3.0 allows a local malicious user to cause a denial of service via the Bluetooth Low Energy (BLE) component.
1 Github repository
5.4
CVSSv3
CVE-2022-45086
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS). This issue affects Smartpower Web: prior to 23.01.01.
Gruparge Smartpower Web
6.1
CVSSv3
CVE-2022-45087
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS). This issue affects Smartpower Web: prior to 23.01.01.
Gruparge Smartpower Web
5.4
CVSSv3
CVE-2022-45091
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).This issue affects Smartpower Web: prior to 23.01.01.
Gruparge Smartpower Web
NA
CVE-2015-6459
Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise prior to 3.1.5 allows remote malicious users to read or delete arbitrary files via a full pathname.
Ge Mds Pulsenet
7.8
CVSSv3
CVE-2019-14919
An exposed Telnet Service on the Billion Smart Energy Router SG600R2 with firmware v3.02.rc6 allows a local network malicious user to authenticate via hardcoded credentials into a shell, gaining root execution privileges over the device.
Billion Sg600 R2 Firmware 3.02
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »