Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
energy vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2018-11631
Rondaful M1 Wristband Smart Band 1 devices allow remote malicious users to send an arbitrary number of call or SMS notifications via crafted Bluetooth Low Energy (BLE) traffic.
Rondaful Project Rondaful M1 Wristband Smart Band 1 Firmware -
9.8
CVSSv3
CVE-2022-24119
Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II prior to 8.3.0.
Ge Inet 900 Firmware
Ge Inet Ii 900 Firmware
Ge Sd1 Firmware
Ge Sd2 Firmware
Ge Sd4 Firmware
Ge Sd9 Firmware
Ge Td220max Firmware
Ge Td220x Firmware
NA
CVE-2014-4428
Bluetooth in Apple OS X prior to 10.10 does not require encryption for HID Low Energy devices, which allows remote malicious users to spoof a device by leveraging previous pairing.
Apple Mac Os X
6.1
CVSSv3
CVE-2023-1051
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in As Koc Energy Web Report System allows Reflected XSS.This issue affects Web Report System: prior to 23.03.10.
Askoc Web Report System
NA
CVE-2024-23785
Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and previous versions allows a remote unauthenticated malicious user to change the product settings.
NA
CVE-2024-23789
Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and previous versions allows a network-adjacent unauthenticated malicious user to execute an arbitrary OS command on the affected product.
NA
CVE-2024-0851
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Grup Arge Energy and Control Systems Smartpower allows SQL Injection.This issue affects Smartpower: through V24.05.27.
8.8
CVSSv3
CVE-2019-14920
Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated malicious user to gain root execution privileges over the device via a hidden etc_ro/web/adm/system_command.asp shell feature.
Billion Sg600 R2 Firmware 3.02
9.8
CVSSv3
CVE-2023-1050
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in As Koc Energy Web Report System allows SQL Injection.This issue affects Web Report System: prior to 23.03.10.
Askoc Web Report System
NA
CVE-2024-23783
Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and previous versions allows a network-adjacent unauthenticated malicious user to access the affected product without authentication.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »