Search Results (365329 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-27463 1 Emerson 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more 2024-11-21 5.3 Medium
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information.
CVE-2021-27461 1 Emerson 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more 2024-11-21 7.5 High
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected webserver applications allow access to stored data that can be obtained by using specially crafted URLs.
CVE-2021-27459 1 Emerson 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more 2024-11-21 9.8 Critical
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code.
CVE-2021-27458 1 Jtekt 36 2port-efr Thu-6404, 2port-efr Thu-6404 Firmware, Fl\/et-t-v2h Thu-6289 and 33 more 2024-11-21 7.5 High
If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ (TOYOPUC-PC10 Series: PC10G-CPU TCC-6353: All versions, PC10GE TCC-6464: All versions, PC10P TCC-6372: All versions, PC10P-DP TCC-6726: All versions, PC10P-DP-IO TCC-6752: All versions, PC10B-P TCC-6373: All versions, PC10B TCC-1021: All versions, PC10B-E/C TCU-6521: All versions, PC10E TCC-4737: All versions; TOYOPUC-Plus Series: Plus CPU TCC-6740: All versions, Plus EX TCU-6741: All versions, Plus EX2 TCU-6858: All versions, Plus EFR TCU-6743: All versions, Plus EFR2 TCU-6859: All versions, Plus 2P-EFR TCU-6929: All versions, Plus BUS-EX TCU-6900: All versions; TOYOPUC-PC3J/PC2J Series: FL/ET-T-V2H THU-6289: All versions, 2PORT-EFR THU-6404: All versions) are left in an open state by an attacker, Ethernet communications cannot be established with other devices, depending on the settings of the link parameters.
CVE-2021-27457 1 Emerson 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more 2024-11-21 7.5 High
A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access.
CVE-2021-27455 1 Deltaww 1 Dopsoft 2024-11-21 5.5 Medium
Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to disclose information.
CVE-2021-27454 1 Ge 2 Reason Dr60, Reason Dr60 Firmware 2024-11-21 7.8 High
The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1).
CVE-2021-27453 1 Mesalabs 1 Amegaview 2024-11-21 7.3 High
Mesa Labs AmegaView Versions 3.0 uses default cookies that could be set to bypass authentication to the web application, which may allow an attacker to gain access.
CVE-2021-27452 1 Ge 2 Mu320e, Mu320e Firmware 2024-11-21 7.8 High
The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1).
CVE-2021-27451 1 Mesalabs 1 Amegaview 2024-11-21 7.3 High
Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generated by an easily reversible algorithm, which may allow an attacker to gain access to the device.
CVE-2021-27450 1 Ge 2 Mu320e, Mu320e Firmware 2024-11-21 7.8 High
SSH server configuration file does not implement some best practices. This could lead to a weakening of the SSH protocol strength, which could lead to additional misconfiguration or be leveraged as part of a larger attack on the MU320E (all firmware versions prior to v04A00.1).
CVE-2021-27449 1 Mesalabs 1 Amegaview 2024-11-21 9.9 Critical
Mesa Labs AmegaView Versions 3.0 and prior has a command injection vulnerability that can be exploited to execute commands in the web server.
CVE-2021-27448 1 Ge 2 Mu320e, Mu320e Firmware 2024-11-21 7.8 High
A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E (all firmware versions prior to v04A00.1).
CVE-2021-27447 1 Mesalabs 1 Amegaview 2024-11-21 10 Critical
Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, which may allow an attacker to remotely execute arbitrary code.
CVE-2021-27445 1 Mesalabs 1 Amegaview 2024-11-21 7.8 High
Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissions that could be exploited to escalate privileges on the device.
CVE-2021-27440 1 Ge 2 Reason Dr60, Reason Dr60 Firmware 2024-11-21 9.8 Critical
The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).
CVE-2021-27438 1 Ge 2 Reason Dr60, Reason Dr60 Firmware 2024-11-21 8.8 High
The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).
CVE-2021-27437 1 Advantech 1 Wise-paas\/rmm 2024-11-21 9.1 Critical
The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1).
CVE-2021-27436 1 Advantech 1 Webaccess\/scada 2024-11-21 6.1 Medium
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions.
CVE-2021-27434 2 Microsoft, Unified-automation 2 .net Framework, .net Based Opc Ua Client\/server Sdk 2024-11-21 7.5 High
Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.