βΌ CVE-2022-0223 βΌ
π Read
via "National Vulnerability Database".
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32526 βΌ
π Read
via "National Vulnerability Database".
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting value messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32517 βΌ
π Read
via "National Vulnerability Database".
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. Affected Products: ConextΓ’βΒ’ ComBox (All Versions)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32525 βΌ
π Read
via "National Vulnerability Database".
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32519 βΌ
π Read
via "National Vulnerability Database".
A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to V7.9.0)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32521 βΌ
π Read
via "National Vulnerability Database".
A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Products: Data Center Expert (Versions prior to V7.9.0)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32529 βΌ
π Read
via "National Vulnerability Database".
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32518 βΌ
π Read
via "National Vulnerability Database".
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to V7.9.0)π Read
via "National Vulnerability Database".
βΌ CVE-2023-22389 βΌ
π Read
via "National Vulnerability Database".
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/RestoreΓ’β¬β>Backup Settings, which could be read by any user accessing the file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32520 βΌ
π Read
via "National Vulnerability Database".
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to V7.9.0)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32512 βΌ
π Read
via "National Vulnerability Database".
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause remote code execution when a command which exploits this vulnerability is utilized. Affected Products: CanBRASS (Versions prior to V7.5.1)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32523 βΌ
π Read
via "National Vulnerability Database".
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted online data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)π Read
via "National Vulnerability Database".
βΌ CVE-2022-22732 βΌ
π Read
via "National Vulnerability Database".
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)π Read
via "National Vulnerability Database".
βΌ CVE-2023-23582 βΌ
π Read
via "National Vulnerability Database".
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code or crash the device remotely.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32515 βΌ
π Read
via "National Vulnerability Database".
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: ConextΓ’βΒ’ ComBox (All Versions)π Read
via "National Vulnerability Database".
βΌ CVE-2022-45897 βΌ
π Read
via "National Vulnerability Database".
On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48175 βΌ
π Read
via "National Vulnerability Database".
Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48176 βΌ
π Read
via "National Vulnerability Database".
Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32527 βΌ
π Read
via "National Vulnerability Database".
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm cache data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32528 βΌ
π Read
via "National Vulnerability Database".
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read files in the IGSS project report directory when an attacker sends specific messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)π Read
via "National Vulnerability Database".
βΌ CVE-2022-32747 βΌ
π Read
via "National Vulnerability Database".
A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxureΓ’βΒ’ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)π Read
via "National Vulnerability Database".