Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web panel vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-2035
Cross-site scripting (XSS) vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) prior to 5.0.13 build 574 allows remote malicious users to inject arbitrary web script or HTML via the i parameter.
Interworx Web Control Panel 5.0.11
Interworx Web Control Panel 5.0.12
Interworx Web Control Panel 5.0
Interworx Web Control Panel
Interworx Web Control Panel 5.0.10
8.8
CVSSv3
CVE-2023-45321
The Android Client application, when enrolled with the define method 1 (the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature i...
Boschrexroth Ctrlx Hmi Web Panel Wr2107 Firmware
Boschrexroth Ctrlx Hmi Web Panel Wr2110 Firmware
Boschrexroth Ctrlx Hmi Web Panel Wr2115 Firmware
8.8
CVSSv3
CVE-2023-41255
The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the ‘su’ binary file installed on the device that can be accessed through the ADB (Android De...
Boschrexroth Ctrlx Hmi Web Panel Wr2107 Firmware
Boschrexroth Ctrlx Hmi Web Panel Wr2110 Firmware
Boschrexroth Ctrlx Hmi Web Panel Wr2115 Firmware
6.8
CVSSv3
CVE-2023-45844
The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure setti...
Boschrexroth Ctrlx Hmi Web Panel Wr2107 Firmware
Boschrexroth Ctrlx Hmi Web Panel Wr2110 Firmware
Boschrexroth Ctrlx Hmi Web Panel Wr2115 Firmware
8.8
CVSSv3
CVE-2023-45851
The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an malicious user to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake m...
Boschrexroth Ctrlx Hmi Web Panel Wr2107 Firmware
Boschrexroth Ctrlx Hmi Web Panel Wr2110 Firmware
Boschrexroth Ctrlx Hmi Web Panel Wr2115 Firmware
7.8
CVSSv3
CVE-2023-41372
The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encryp...
Boschrexroth Ctrlx Hmi Web Panel Wr2107 Firmware
Boschrexroth Ctrlx Hmi Web Panel Wr2110 Firmware
Boschrexroth Ctrlx Hmi Web Panel Wr2115 Firmware
8.8
CVSSv3
CVE-2023-45220
The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is...
Boschrexroth Ctrlx Hmi Web Panel Wr2107 Firmware
Boschrexroth Ctrlx Hmi Web Panel Wr2110 Firmware
Boschrexroth Ctrlx Hmi Web Panel Wr2115 Firmware
3.3
CVSSv3
CVE-2023-41960
The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself.
Boschrexroth Ctrlx Hmi Web Panel Wr2107 Firmware
Boschrexroth Ctrlx Hmi Web Panel Wr2110 Firmware
Boschrexroth Ctrlx Hmi Web Panel Wr2115 Firmware
8.8
CVSSv3
CVE-2023-46102
The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-code...
Boschrexroth Ctrlx Hmi Web Panel Wr2107 Firmware
Boschrexroth Ctrlx Hmi Web Panel Wr2110 Firmware
Boschrexroth Ctrlx Hmi Web Panel Wr2115 Firmware
7.8
CVSSv3
CVE-2023-43488
The vulnerability allows a low privileged (untrusted) application to modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without re...
Boschrexroth Ctrlx Hmi Web Panel Wr2107 Firmware
Boschrexroth Ctrlx Hmi Web Panel Wr2110 Firmware
Boschrexroth Ctrlx Hmi Web Panel Wr2115 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »