Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
energy vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-20957
The Bluetooth Low Energy (BLE) subsystem on Tapplock devices prior to 2018-06-12 allows replay attacks.
Tapplock One\\+ Firmware
9.8
CVSSv3
CVE-2022-24116
Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II prior to 8.3.0.
Ge Inet 900 Firmware
Ge Inet Ii 900 Firmware
Ge Sd1 Firmware
Ge Sd2 Firmware
Ge Sd4 Firmware
Ge Sd9 Firmware
Ge Td220max Firmware
Ge Td220x Firmware
8.8
CVSSv3
CVE-2022-29490
Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user's role. This issue affects: Hitachi Energy MicroSCADA...
Hitachienergy Microscada X Sys600
4.6
CVSSv3
CVE-2022-24120
Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II prior to 8.3.0.
Ge Inet 900 Firmware
Ge Inet Ii 900 Firmware
Ge Sd1 Firmware
Ge Sd2 Firmware
Ge Sd4 Firmware
Ge Sd9 Firmware
Ge Td220max Firmware
Ge Td220x Firmware
7.5
CVSSv3
CVE-2022-29492
Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. Thi...
Hitachienergy Microscada X Sys600
7.5
CVSSv3
CVE-2022-29922
Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. The vulnerability may cause a denial-o...
Hitachienergy Microscada X Sys600
8.8
CVSSv3
CVE-2022-45089
Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: prior to 23.01.01.
Gruparge Smartpower Web
8.8
CVSSv3
CVE-2022-45090
Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: prior to 23.01.01.
Gruparge Smartpower Web
9.8
CVSSv3
CVE-2021-37291
An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php.
Kevinlab 4st L-bems 1.0.0
6.5
CVSSv3
CVE-2021-37293
A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php.
Kevinlab 4st L-bems 1.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »