Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
scada web server vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2021-42029
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web ser...
Siemens Simatic Step 7 16
Siemens Simatic Step 7
Siemens Simatic Step 7 17
7.5
CVSSv2
CVE-2020-27304
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the ...
Civetweb Project Civetweb
Siemens Sinec Infrastructure Network Services
4
CVSSv2
CVE-2021-23336
The package python/cpython from 0 and prior to 3.6.13, from 3.7.0 and prior to 3.7.10, from 3.8.0 and prior to 3.8.8, from 3.9.0 and prior to 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaki...
Python Python
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Netapp Cloud Backup -
Netapp Snapcenter -
Netapp Ontap Select Deploy Administration Utility -
Netapp Inventory Collect Tool -
Djangoproject Django
Oracle Zfs Storage Appliance 8.8
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Communications Offline Mediation Controller 12.0.0.3.0
Oracle Communications Pricing Design Center 12.0.0.3.0
7.5
CVSSv2
CVE-2022-2104
The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash).
Secheron Sepcos Control And Protection Relay Firmware
NA
CVE-2022-1525
The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow malicious users to bypass web access controls by inspecting and modifying the source code of password pr...
Cognex 3d-a1000 Dimensioning System Firmware
NA
CVE-2024-22182
A remote, unauthenticated attacker may be able to send crafted messages to the web server of the Commend WS203VICM causing the system to restart, interrupting service.
7.5
CVSSv2
CVE-2022-22987
The affected product has a hardcoded private key available inside the project folder, which may allow an malicious user to achieve Web Server login and perform further actions.
Advantech Adam-3600 Firmware
3.3
CVSSv2
CVE-2021-20826
Unprotected transport of credentials vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU module v2.32 and previous versions, FC6A Series MICROSmart Plus CPU module v1.91 and previous versions, WindLDR v8.19.1 and previous versions, WindEDIT Lite v1.3.1 and previous ...
Idec Microsmart Fc6a Firmware
Idec Microsmart Plus Fc6a Firmware
Idec Data File Manager
Idec Windedit
Idec Windldr
NA
CVE-2023-45227
An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter.
Westermo L206-f2g Firmware 4.24
NA
CVE-2022-33944
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs.
Micodus Mv720 Firmware -
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »