Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
energy vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-24119
Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II prior to 8.3.0.
Ge Inet 900 Firmware
Ge Inet Ii 900 Firmware
Ge Sd1 Firmware
Ge Sd2 Firmware
Ge Sd4 Firmware
Ge Sd9 Firmware
Ge Td220max Firmware
Ge Td220x Firmware
4.3
CVSSv3
CVE-2018-11631
Rondaful M1 Wristband Smart Band 1 devices allow remote malicious users to send an arbitrary number of call or SMS notifications via crafted Bluetooth Low Energy (BLE) traffic.
Rondaful Project Rondaful M1 Wristband Smart Band 1 Firmware -
NA
CVE-2014-4428
Bluetooth in Apple OS X prior to 10.10 does not require encryption for HID Low Energy devices, which allows remote malicious users to spoof a device by leveraging previous pairing.
Apple Mac Os X
NA
CVE-2024-23785
Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and previous versions allows a remote unauthenticated malicious user to change the product settings.
NA
CVE-2024-23789
Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and previous versions allows a network-adjacent unauthenticated malicious user to execute an arbitrary OS command on the affected product.
6.1
CVSSv3
CVE-2023-1051
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in As Koc Energy Web Report System allows Reflected XSS.This issue affects Web Report System: prior to 23.03.10.
Askoc Web Report System
8.8
CVSSv3
CVE-2019-14920
Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated malicious user to gain root execution privileges over the device via a hidden etc_ro/web/adm/system_command.asp shell feature.
Billion Sg600 R2 Firmware 3.02
9.8
CVSSv3
CVE-2022-24117
Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II prior to 8.3.0, SD prior to 6.4.7, TD220X prior to 2.0.16, and TD220MAX prior to 1.2.6.
Ge Inet 900 Firmware
Ge Inet Ii 900 Firmware
Ge Sd1 Firmware
Ge Sd2 Firmware
Ge Sd4 Firmware
Ge Sd9 Firmware
Ge Td220max Firmware
Ge Td220x Firmware
NA
CVE-2024-23783
Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and previous versions allows a network-adjacent unauthenticated malicious user to access the affected product without authentication.
9.8
CVSSv3
CVE-2023-1050
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in As Koc Energy Web Report System allows SQL Injection.This issue affects Web Report System: prior to 23.03.10.
Askoc Web Report System
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »