Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

scada web server vulnerabilities and exploits

(subscribe to this query)
5
CVSSv2
CVE-2018-18990
LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process.
Lcds Laquis Scada
4.3
CVSSv2
CVE-2022-24319
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions...
Schneider-electric Clearscada -Schneider-electric Ecostruxure Geo Scada Expert 2019Schneider-electric Ecostruxure Geo Scada Expert 2020
5
CVSSv2
CVE-2020-7000
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated malicious user to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authent...
Visam Vbase Editor 11.5.0.2Visam Vbase Web-remote -
5
CVSSv2
CVE-2020-25710
A flaw was found in OpenLDAP in versions prior to 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.
Openldap OpenldapRedhat Enterprise Linux 7.0Redhat Enterprise Linux 6.0Redhat Jboss Enterprise Web Server 2.0.0Redhat Enterprise Linux 5.0Redhat Jboss Enterprise Application Platform 5.0.0Redhat Jboss Core Services -Debian Debian Linux 9.0Fedoraproject Fedora 33
9
CVSSv2
CVE-2015-0979
Heap-based buffer overflow in the SOAP web interface in SCADA Engine BACnet OPC Server prior to 2.1.371.24 allows remote malicious users to execute arbitrary code via a crafted packet.
Scadaengine Bacnet Opc Server
4
CVSSv2
CVE-2020-3516
A vulnerability in the web server authentication of Cisco IOS XE Software could allow an authenticated, remote malicious user to crash the web server on the device. The vulnerability is due to insufficient input validation during authentication. An attacker could exploit this vul...
Cisco Ios XeCisco Ios Xe 17.2.1
7.5
CVSSv2
CVE-2015-0981
The SOAP web interface in SCADA Engine BACnet OPC Server prior to 2.1.371.24 allows remote malicious users to bypass authentication and read or write to arbitrary database fields via unspecified vectors.
Scadaengine Bacnet Opc Server
9
CVSSv2
CVE-2020-3211
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote malicious user to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An atta...
Cisco Ios Xe 16.10.1Cisco Ios Xe 16.10.1aCisco Ios Xe 16.10.1bCisco Ios Xe 16.10.1eCisco Ios Xe 16.10.1sCisco Ios Xe 16.10.2Cisco Ios Xe 16.11.1Cisco Ios Xe 16.11.1aCisco Ios Xe 16.11.1bCisco Ios Xe 16.11.1cCisco Ios Xe 16.11.1sCisco Ios Xe 16.12.1Cisco Ios Xe 16.12.1aCisco Ios Xe 16.12.1cCisco Ios Xe 16.12.1sCisco Ios Xe 16.12.1t
9
CVSSv2
CVE-2015-0980
Format string vulnerability in BACnOPCServer.exe in the SOAP web interface in SCADA Engine BACnet OPC Server prior to 2.1.371.24 allows remote malicious users to execute arbitrary code via format string specifiers in a request.
Scadaengine Bacnet Opc Server
4.3
CVSSv2
CVE-2016-2279
Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* prior to 28.011+ allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Rockwellautomation Compactlogix 1769-l16er-bb1b FirmwareRockwellautomation Compactlogix 1769-l18er-bb1b FirmwareRockwellautomation Compactlogix 1769-l18erm-bb1b FirmwareRockwellautomation Compactlogix 1769-l24er-qb1b FirmwareRockwellautomation Compactlogix 1769-l24er-qbfc1b FirmwareRockwellautomation Compactlogix 1769-l27erm-qbfc1b FirmwareRockwellautomation Compactlogix 1769-l30er FirmwareRockwellautomation Compactlogix 1769-l30erm FirmwareRockwellautomation Compactlogix 1769-l30er-nse FirmwareRockwellautomation Compactlogix 1769-l33er FirmwareRockwellautomation Compactlogix 1769-l33erm FirmwareRockwellautomation Compactlogix 1769-l36erm FirmwareRockwellautomation Compactlogix 1769-l23e-qb1b FirmwareRockwellautomation Compactlogix 1769-l23e-qbfc1b FirmwareRockwellautomation Compactlogix 1756-en2f Series A FirmwareRockwellautomation Compactlogix 1756-en2f Series B FirmwareRockwellautomation Compactlogix 1756-en2t Series A FirmwareRockwellautomation Compactlogix 1756-en2t Series B FirmwareRockwellautomation Compactlogix 1756-en2t Series C FirmwareRockwellautomation Compactlogix 1756-en2t Series D FirmwareRockwellautomation Compactlogix 1756-en2tr Series A FirmwareRockwellautomation Compactlogix 1756-en2tr Series B Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook