CVE-2025-41013 - SQL injection vulnerability in TCMAN GIM
CVE ID : CVE-2025-41013
Published : Dec. 2, 2025, 1:13 p.m. | 23 minutes ago
Description : SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41013
Published : Dec. 2, 2025, 1:13 p.m. | 23 minutes ago
Description : SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11778 - Stack-based buffer overflow vulnreability in Circutor SGE-PLC1000/SGE-PLC50
CVE ID : CVE-2025-11778
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Stack-based buffer overflow in Circutor SGE-PLC1000/SGE-PLC50 v0.9.2. This vulnerability allows an attacker to remotely exploit memory corruption through the 'read_packet()' function of the TACACSPLUS implementation.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11778
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Stack-based buffer overflow in Circutor SGE-PLC1000/SGE-PLC50 v0.9.2. This vulnerability allows an attacker to remotely exploit memory corruption through the 'read_packet()' function of the TACACSPLUS implementation.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11779 - Stack-based buffer overflow vulnreability in Circutor SGE-PLC1000/SGE-PLC50
CVE ID : CVE-2025-11779
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web request, which can be invoked by a user when making changes to the 'index.cgi' web application. The parameters are not being sanitised, which could lead to command injection.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11779
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web request, which can be invoked by a user when making changes to the 'index.cgi' web application. The parameters are not being sanitised, which could lead to command injection.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11780 - Stack-based buffer overflow vulnreability in Circutor SGE-PLC1000/SGE-PLC50
CVE ID : CVE-2025-11780
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMeterReport()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the “meter” parameter.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11780
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMeterReport()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the “meter” parameter.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11781 - Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50
CVE ID : CVE-2025-11781
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key (e.g., by analysing the firmware image or memory dump) and create valid firmware update packages. This bypasses all intended access controls and grants full administrative privileges.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11781
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key (e.g., by analysing the firmware image or memory dump) and create valid firmware update packages. This bypasses all intended access controls and grants full administrative privileges.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11782 - Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50
CVE ID : CVE-2025-11782
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload()' function uses “sprintf()” to format a string that includes the user-controlled input of 'GetParameter(meter)' in the fixed-size buffer 'acStack_4c' (64 bytes) without checking the length. An attacker can provide an excessively long value for the 'meter' parameter that exceeds the 64-byte buffer size.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11782
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload()' function uses “sprintf()” to format a string that includes the user-controlled input of 'GetParameter(meter)' in the fixed-size buffer 'acStack_4c' (64 bytes) without checking the length. An attacker can provide an excessively long value for the 'meter' parameter that exceeds the 64-byte buffer size.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11783 - Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50
CVE ID : CVE-2025-11783
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent()' function when copying the user-controlled username input to a fixed-size buffer (48 bytes) without boundary checking. This can lead to memory corruption, resulting in possible remote code execution.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11783
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent()' function when copying the user-controlled username input to a fixed-size buffer (48 bytes) without boundary checking. This can lead to memory corruption, resulting in possible remote code execution.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11784 - Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50
CVE ID : CVE-2025-11784
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterDatabase()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the 'meter' parameter.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11784
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterDatabase()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the 'meter' parameter.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11785 - Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50
CVE ID : CVE-2025-11785
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterPasswords()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the 'meter' parameter.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11785
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterPasswords()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the 'meter' parameter.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11786 - Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50
CVE ID : CVE-2025-11786
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword()' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf()' without any sanitisation or validation, and then executed using 'system()'. This allows an attacker to inject arbitrary shell commands that will be executed with the same privileges as the application.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11786
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'SetUserPassword()' function, the 'newPassword' parameter is directly embedded in a shell command string using 'sprintf()' without any sanitisation or validation, and then executed using 'system()'. This allows an attacker to inject arbitrary shell commands that will be executed with the same privileges as the application.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11787 - Command injection vulnerability in Circutor SGE-PLC1000/SGE-PLC50
CVE ID : CVE-2025-11787
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS()', 'CheckPing()' and 'TraceRoute()' functions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11787
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS()', 'CheckPing()' and 'TraceRoute()' functions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11788 - Heap-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50
CVE ID : CVE-2025-11788
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Heap-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowSupervisorParameters()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the 'meter' parameter.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11788
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Heap-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowSupervisorParameters()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the 'meter' parameter.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11789 - Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50
CVE ID : CVE-2025-11789
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'DownloadFile' function converts a parameter to an integer using 'atoi()' and then uses it as an index in the 'FilesDownload' array with '(&FilesDownload)[iVar2]'. If the parameter is too large, it will access memory beyond the limits.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11789
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'DownloadFile' function converts a parameter to an integer using 'atoi()' and then uses it as an index in the 'FilesDownload' array with '(&FilesDownload)[iVar2]'. If the parameter is too large, it will access memory beyond the limits.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12465 - Blind SQL Injection in QuickCMS
CVE ID : CVE-2025-12465
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : A Blind SQL injection vulnerability has been identified in QuickCMS. Improper neutralization of input provided by a high-privileged user into aFilesDelete allows for Blind SQL Injection attacks. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12465
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : A Blind SQL injection vulnerability has been identified in QuickCMS. Improper neutralization of input provided by a high-privileged user into aFilesDelete allows for Blind SQL Injection attacks. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13879 - Directory traversal vulnerability in EfficientIP's SOLIDserver IPAM
CVE ID : CVE-2025-13879
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Directory traversal vulnerability in SOLIDserver IPAM v8.2.3. This vulnerability allows an authenticated user with administrator privileges to list directories other than those to which the have authorized access using the 'directory' parameter in '/mod/ajax.php?action=sections/list/list'.For examplem setting the 'directory' parameter to '/' displays files outside the 'LOCAL:///' folder.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13879
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Directory traversal vulnerability in SOLIDserver IPAM v8.2.3. This vulnerability allows an authenticated user with administrator privileges to list directories other than those to which the have authorized access using the 'directory' parameter in '/mod/ajax.php?action=sections/list/list'.For examplem setting the 'directory' parameter to '/' displays files outside the 'LOCAL:///' folder.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40700 - Reflected Cross-Site Scripting (XSS) in Governalia by IDI Eikon
CVE ID : CVE-2025-40700
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Reflected Cross-Site Scripting (XSS) in IDI Eikon's Governalia. The vulnerability allows an attacker to execute JavaScript code in the victim's browser when a malicious URL with the 'q' parameter in '/search' is sent to them. This vulnerability can be exploited to steal sensitive information such as session cookies or to perform actions on behalf of the victim.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40700
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Reflected Cross-Site Scripting (XSS) in IDI Eikon's Governalia. The vulnerability allows an attacker to execute JavaScript code in the victim's browser when a malicious URL with the 'q' parameter in '/search' is sent to them. This vulnerability can be exploited to steal sensitive information such as session cookies or to perform actions on behalf of the victim.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41012 - Unauthorized access vulnerability in TCMAN GIM
CVE ID : CVE-2025-41012
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41012
Published : Dec. 2, 2025, 1:15 p.m. | 21 minutes ago
Description : Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41014 - User Enumeration vulnerability in TCMAN GIM
CVE ID : CVE-2025-41014
Published : Dec. 2, 2025, 1:18 p.m. | 18 minutes ago
Description : User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in '/WS/PDAWebService.asmx'.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41014
Published : Dec. 2, 2025, 1:18 p.m. | 18 minutes ago
Description : User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in '/WS/PDAWebService.asmx'.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41015 - User Enumeration vulnerability in TCMAN GIM
CVE ID : CVE-2025-41015
Published : Dec. 2, 2025, 1:18 p.m. | 18 minutes ago
Description : User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetUserQuestionAndAnswer' in '/WS/PDAWebService.asmx'.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41015
Published : Dec. 2, 2025, 1:18 p.m. | 18 minutes ago
Description : User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetUserQuestionAndAnswer' in '/WS/PDAWebService.asmx'.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41086 - Authorization bypass in GAMS from GAMS Development Corp.
CVE ID : CVE-2025-41086
Published : Dec. 2, 2025, 1:22 p.m. | 14 minutes ago
Description : Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculate the checksum and generate a valid license to grant themselves full privileges without credentials or access to the source code, allowing them unrestricted access to GAMS's mathematical models and commercial solvers.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41086
Published : Dec. 2, 2025, 1:22 p.m. | 14 minutes ago
Description : Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculate the checksum and generate a valid license to grant themselves full privileges without credentials or access to the source code, allowing them unrestricted access to GAMS's mathematical models and commercial solvers.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59694 - Entrust nShield Connect XC, nShield 5c, and nShield HSMi Firmware Persistence Vulnerability
CVE ID : CVE-2025-59694
Published : Dec. 2, 2025, 3:15 p.m. | 2 hours, 21 minutes ago
Description : The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to persistently modify firmware and influence the (insecurely configured) appliance boot process. To exploit this, the attacker must modify the firmware via JTAG or perform an upgrade to the chassis management board firmware. This is called F03.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59694
Published : Dec. 2, 2025, 3:15 p.m. | 2 hours, 21 minutes ago
Description : The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to persistently modify firmware and influence the (insecurely configured) appliance boot process. To exploit this, the attacker must modify the firmware via JTAG or perform an upgrade to the chassis management board firmware. This is called F03.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...