| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities. |
| GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition. |
| Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. |
| Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code. |
| Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code. |
| Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account. |
| Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data. |
| Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials. |
| HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
|
| Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code. |
| OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow unauthorized users to access the system after no more than a fixed maximum number of attempts. |
| A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands. |
| OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may allow the execution of malicious code within the user’s browser. |
| OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check permissions before executing SQL queries, which may allow a low-privilege user to access privileged information. |
| OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the execution of malicious uploaded files. |
| OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques. |
| OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded files, which may allow a low-privilege user to upload and execute arbitrary files on the system. |
| OpenClinic GA 5.09.02 contains a hidden default user account that may be accessed if an administrator has not expressly turned off this account, which may allow an attacker to login and execute arbitrary commands. |
| An attacker may bypass permission/authorization checks in OpenClinic GA 5.09.02 and 5.89.05b by ignoring the redirect of a permission failure, which may allow unauthorized execution of commands. |
| OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries. |
