ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted...
7.8CVSS
7.7AI Score
0.001EPSS
An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST...
6.1CVSS
6.2AI Score
0.001EPSS
A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST...
6.1CVSS
5.9AI Score
0.001EPSS
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when...
7.5CVSS
7.7AI Score
0.002EPSS