B&R Automation Security Vulnerabilities
Exploit for OS Command Injection in Dolibarr Dolibarr Erp\/Crm
CVE-2023-30253 Exploit Dolibarr...
7.5AI Score
0.005EPSS
n-e-r-v-o-u-s.com Cross Site Scripting vulnerability OBB-3857032
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Automation.
Summary IBM Workload Automation has updated OpenSSL to address multiple vulnerabilities. (CVE-2023-2650, CVE-2023-0464, CVE-2023-0466, CVE-2023-0465). Vulnerability Details ** CVEID: CVE-2023-2650 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a flaw when using...
7.6AI Score
0.003EPSS
VISAM Automation Base (VBASE) Web-Remote Detection
The VISAM Automation Base (VBASE) Web-Remote service, a web-based remote interface to VBASE, is running on the remote...
1.5AI Score
Rockwell Automation RSLinx Classic < 3.73.00 Buffer Overflow
The remote host has a version of RSLinx Classic installed that is prior to 3.73.00. It is, therefore, affected by an arbitrary code execution vulnerability due an overflow condition caused by improper validation of user-supplied input. A local attacker can exploit this, via a specially crafted...
4.4AI Score
Rockwell Automation MicroLogix 1400 PLC Default Credentials
The remote device appears to be a Rockwell Automation MicroLogix 1400 PLC that can be accessed using default HTTP credentials. An attacker can exploit this to gain administrative access to the affected...
3.9AI Score
Rockwell Automation MicroLogix 1100 PLC Default Credentials
The remote device appears to be a Rockwell Automation MicroLogix 1100 PLC that can be accessed using default HTTP credentials. An attacker can utilize this to gain administrative access to the affected...
3.8AI Score
6.3AI Score
0.002EPSS
Microsoft SQL Server Command Execution
This module will execute a Windows command on a MSSQL/MSDE instance via the xp_cmdshell (default) or the sp_oacreate procedure (more opsec safe, no output, no temporary data table). A valid username and password is required to use this...
7.7AI Score
Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local...
5.6AI Score
0.0004EPSS
Exploit for Vulnerability in Cisco Ios Xe
CVE-2023-20273 CVE-2023-20273 Exploit PoC Usage ```...
7.4AI Score
0.026EPSS
Inductive Automation Ignition 8.x < 8.0.10 Multiple Vulnerabilities
The version of Inductive Automation Ignition running on the remote host is affected by multiple vulnerabilities : A denial of service (DoS) vulnerability exists due to an unprotected logging route when the Perspective Module is running. An unauthenticated, remote attacker can exploit...
2.3AI Score
Rockwell Automation RSLinx Classic < 4.11.00 Local Privilege Escalation
The remote host has a version of RSLinx Classic installed that is prior to 4.11.00. It is, therefore, affected by a local privilege escalation vulnerability where an authenticated attacker could modify a registry key, thiw could lead to the execution of malicious code usying system privileges when....
3.8AI Score
Rockwell Automation RSLinx Classic < 4.00.01 Local Privilege Escalation
The remote host has a version of RSLinx Classic installed that is prior to 4.00.01. It is, therefore, affected by a local privilege escalation vulnerability due to an unquoted path for a Windows service. A local attacker can gain elevated privileges by inserting an executable file in the path of...
4.4AI Score
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: goreleaser, melange, fq, tekton-chains, go-licenses, bom, kyverno-policy-reporter, slsa-verifier, fulcio, cfssl, external-dns, terragrunt, gitlab-kas, flux, crossplane, prometheus, dynamic-localpv-provisioner, weaviate, kubescape, sops, kubernetes-dashboard,...
7AI Score
0.962EPSS
Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation...
7AI Score
0.0005EPSS
Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local...
7AI Score
0.0004EPSS
Threat landscape for industrial automation systems, Q1 2024
Global statistics Statistics across all threats In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. Percentage of...
7.5AI Score
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: fuse-overlayfs-snapshotter, goreleaser, bom, trust-manager, kubernetes-csi-external-snapshotter, aactl, external-dns, flux, prometheus, dynamic-localpv-provisioner, gke-gcloud-auth-plugin, weaviate, kubernetes-dashboard, keda, aws-efs-csi-driver,...
7.5AI Score
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local...
6.4CVSS
6.7AI Score
0.0004EPSS
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local...
6.3AI Score
0.0004EPSS
Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution
Micro Focus Operations Bridge Manager in versions 2020.05 and below is vulnerable to remote code execution via UCMDB. The vulnerability allows remote attackers to execute arbitrary code on affected installations of Data Center Automation. An attack requires network access and authentication as a...
9AI Score
0.837EPSS
Microsoft SQL Server Configuration Enumerator
This module will perform a series of configuration audits and security checks against a Microsoft SQL Server database. For this module to work, valid administrative user credentials must be...
7.9AI Score
r-b-a.ru Cross Site Scripting vulnerability OBB-3906108
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Rockwell Automation FactoryTalk Linx Path Traversal Information Disclosure
The Rockwell Automation FactoryTalk Linx running on the remote host is affected by a path traversal vulnerability due to the lack of validation of user-supplied file paths before using them in file operations. An unauthenticated, remote attacker can exploit this, via specially crafted messages, to....
2.2AI Score
Rockwell Automation RSLinx Classic ENGINE.dll Stack Buffer Overflow
The RSLinx Classic running on the remote host is affected by a remote code execution vulnerability due to a stack buffer overflow condition when handling an EtherNet/IP message received on TCP port 44818. An unauthenticated, remote attacker can exploit this issue, via a specially crafted message,.....
4.7AI Score
Arbitrary File Overwrite in Eclipse JGit
Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensiti...
8.8AI Score
0.001EPSS
6.5AI Score
0.019EPSS
Exploit for Improper Initialization in Linux Linux Kernel
CVE-2022-0847 The Dirty Pipe Vulnerability For educational...
8.2AI Score
0.076EPSS
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local access. Bugs https://bugzilla.redhat.com/show_bug.cgi?id=2278989...
6.4AI Score
0.0004EPSS
Rockwell Automation MicroLogix 1400 PLC Web Server Detection
The remote device is running an integrated web server that is part of the software platform for managing and monitoring the Rockwell Automation MicroLogix 1400 Programmable Logic Controller...
2.2AI Score
Rockwell Automation MicroLogix 1100 PLC Web Server Detection
The remote device is running an integrated web server that is part of the software platform for managing and monitoring the Rockwell Automation MicroLogix 1100 Programmable Logic Controller...
2.2AI Score
WebCTRL OEM <= 6.5 - Cross-Site Scripting
WebCTRL OEM 6.5 and prior is susceptible to a cross-site scripting vulnerability because the login portal does not sanitize the operatorlocale GET...
6AI Score
0.014EPSS
CVE-2021-22280 DLL Hijacking Vulnerability in Automation Studio
Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the...
7AI Score
0.0004EPSS
Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local...
6AI Score
0.0004EPSS
7AI Score
0.001EPSS
7.4AI Score
0.019EPSS
Siemens Automation License Manager 5.x < 5.3.4.4 Multiple Vulnerabilities
The remote host has a version of Siemens Automation License Manager installed that is affected by the following vulnerabilities : A user-input validation error exists that allows a directory traversal attack. This could allow, among other actions, code execution. User interaction is ...
4.2AI Score
Rockwell Automation RSLinx Classic <= 2.57.00.14 DoS (CVE-2020-13573)
The remote host has a version of RSLinx Classic installed that is prior or equal to 2.57.00.14. It is, therefore, potentially affected by a denial of service vulnerability in the Ethernet/IP server implementation. A remote, unauthenticated attacker could cause the device to crash by sending a...
3.6AI Score
VMware Workspace ONE Access, Identity Manager, and Realize Automation are vulnerable to local file inclusion because they contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without....
9.3AI Score
0.641EPSS
Exploit for OS Command Injection in Tp-Link Tl-Wr840N Firmware
CVE-2022-25064 TP-LINK TL-WR840N RCE via the function...
10AI Score
0.012EPSS
Siemens Automation License Manager 6.x < 6.0.1 Directory Traversal
The version of Siemens Automation License Manager installed on the remote host is version 6.x prior to 6.0.1 and thus, is affected by a user-input validation error that allows a directory traversal attack. This could allow, among other actions, code execution. User interaction is required for this....
4.9AI Score
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local...
6.5AI Score
0.0004EPSS
Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local...
4.7AI Score
0.0004EPSS
(RHSA-2024:3422) Important: linux-firmware security update
The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): linux-firmware: hw: intel: Improper access control for some Intel(R) PROSet/Wireless WiFi (CVE-2022-27635) linux-firmware: hw: intel: Improper access control for...
7AI Score
0.0004EPSS
Exploit for Inadequate Encryption Strength in Alpha-Innotec Heat Pumps Firmware
CVE-2024-22894 Downloaded the latest heatpump firmware...
7AI Score
0.001EPSS
r-toyota.co.jp Cross Site Scripting vulnerability OBB-3916414
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Home Assistant Supervisor - Authentication Bypass
Home Assistant Supervisor is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered.This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older.....
9.7AI Score
0.034EPSS
7.3AI Score
Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable information disclosure via network...
5.3CVSS
6.6AI Score
0.0004EPSS