Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
scada vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-16672
An issue exists in CIRCONTROL CirCarLife prior to 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information.
Circontrol Circarlife Scada
7.2
CVSSv3
CVE-2023-22450
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an malicious user to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution.
Advantech Webaccess\\/scada
6.1
CVSSv3
CVE-2021-32989
When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting.
Lcds Laquis Scada
9.8
CVSSv3
CVE-2023-4485
ARDEREG ?Sistema SCADA Central versions 2.203 and prior login page are vulnerable to an unauthenticated blind SQL injection attack. An attacker could manipulate the application's SQL query logic to extract sensitive information or perform unauthorized actions within the data...
Ardereg Sistemas Scada
7.5
CVSSv3
CVE-2018-12635
CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs.
Circontrol Scada 4.2.4
5.3
CVSSv3
CVE-2017-6020
Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level.
Lcds Laquis Scada
1 EDB exploit
9.8
CVSSv3
CVE-2017-12707
A Stack-based Buffer Overflow issue exists in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow.
Spidercontrol Scada Microbrowser
8.8
CVSSv3
CVE-2018-18988
LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash.
Lcds Laquis Scada
6.1
CVSSv3
CVE-2018-18991
Reflected cross-site scripting (non-persistent) in SCADA WebServer (Versions before 2.03.0001) could allow an malicious user to send a crafted URL that contains JavaScript, which can be reflected off the web application to the victim's browser.
Spidercontrol Scada Webserver
8.8
CVSSv3
CVE-2018-18992
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an malicious user to execute remote code on the server.
Lcds Laquis Scada
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »