Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
karn ganeshen vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2015-6473
WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation.
Wago 750-849 Firmware 01.01.27
Wago 758-870 Firmware 01.01.27
Wago 758-870 Firmware 01.02.05
7.8
CVSSv3
CVE-2017-7968
An Incorrect Default Permissions issue exists in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a new directory and two files, which are placed in the system's path and can be manip...
Schneider-electric Wonderware Indusoft Web Studio
8.8
CVSSv3
CVE-2015-7924
eWON devices with firmware prior to 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Ewon Ewon Firmware
8
CVSSv3
CVE-2015-7925
Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware up to and including 10.1s0 allows remote malicious users to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot.
Ewon Ewon Firmware
8.5
CVSSv3
CVE-2015-7928
eWON devices with firmware prior to 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Ewon Ewon Firmware
9.9
CVSSv3
CVE-2015-7926
eWON devices with firmware prior to 10.1s0 omit RBAC for I/O server information and status requests, which allows remote malicious users to obtain sensitive information via an unspecified URL.
Ewon Ewon Firmware
4.3
CVSSv3
CVE-2015-7929
eWON devices with firmware up to and including 10.1s0 support unspecified GET requests, which might allow remote malicious users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
Ewon Ewon Firmware
8
CVSSv3
CVE-2016-5789
A Cross-site Request Forgery issue exists in JanTek JTC-200, all versions. An attacker could perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.
Jantek Jtc-200 Firmware
7.2
CVSSv3
CVE-2017-5161
An issue exists in Sielco Sistemi Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to Version 3.02.01. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. Exploitation of this vulnerabi...
Sielcosistemi Winlog Lite
Sielcosistemi Winlog Pro
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4