Vulnerabilities in ICS-CERT

93 results
CVE-2019-6539Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitEPSS 2.1%CVE-2018-8843Rockwell Automation Arena versions 15.10.00 and prior contains a use after free vulnerability caused by processing specially crafted Arena SEPSS 2.0%CVE-2018-18992LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper sanitation, which may allow an attacker to execute EPSS 2.0%CVE-2018-7506The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and accessed via an HTTP GET request, which may aEPSS 2.0%CVE-2019-6537Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings witEPSS 1.9%CVE-2019-6563Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, whEPSS 1.7%CVE-2019-6555Cscape, 9.80 SP4 and prior. An improper input validation vulnerability may be exploited by processing specially crafted POC files. This may EPSS 1.7%CVE-2019-6520Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuEPSS 1.7%CVE-2017-5175Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within thEPSS 1.6%CVE-2018-14782NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device allows access to configuration filEPSS 1.6%CVE-2019-6541A memory corruption vulnerability has been identified in WECON LeviStudioU version 1.8.56 and prior, which may allow arbitrary code executioEPSS 1.6%CVE-2018-19008The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability in the file parser of the Text Editor whEPSS 1.6%CVE-2018-19019A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). An attacker could use a specEPSS 1.5%CVE-2018-19015An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a EPSS 1.5%CVE-2018-7510In the web application in BeaconMedaes TotalAlert Scroll Medical Air Systems running software versions prior to 4107600010.23, passwords areEPSS 1.4%CVE-2018-7518In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an attacker with network access to the intEPSS 1.3%CVE-2019-6518Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device.EPSS 1.2%CVE-2019-6533Registers used to store Modbus values can be read and written from the web interface without authentication in the PR100088 Modbus gateway vEPSS 1.2%CVE-2019-6561Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device.EPSS 1.2%CVE-2019-6527PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) may allow an attacker to be able to change the passworEPSS 1.2%