Search Results (83076 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-7854 1 Schneider-electric 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more 2024-11-21 7.5 High
A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus.
CVE-2018-7853 1 Schneider-electric 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more 2024-11-21 7.5 High
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus
CVE-2018-7849 1 Schneider-electric 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more 2024-11-21 7.5 High
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus.
CVE-2018-7834 1 Schneider-electric 2 Tsxetg100, Tsxetg100 Firmware 2024-11-21 N/A
A CWE-79 Cross-Site Scripting vulnerability exists in all versions of the TSXETG100 allowing an attacker to send a specially crafted URL with an embedded script to a user that would then be executed within the context of that user.
CVE-2018-7833 1 Schneider-electric 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more 2024-11-21 N/A
An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable
CVE-2018-7831 1 Schneider-electric 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more 2024-11-21 N/A
An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server.
CVE-2018-7827 1 Schneider-electric 118 D6220, D6220 Firmware, D6220l and 115 more 2024-11-21 N/A
A Cross-Site Scripting (XSS) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which a remote attacker can execute arbitrary HTML and script code in a user’s browser session.
CVE-2018-7826 1 Schneider-electric 118 D6220, D6220 Firmware, D6220l and 115 more 2024-11-21 N/A
A Command Injection vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands.
CVE-2018-7825 1 Schneider-electric 118 D6220, D6220 Firmware, D6220l and 115 more 2024-11-21 N/A
A Command Injection vulnerability exists in the web-based GUI of the 1st Gen PelcoSarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands.
CVE-2018-7815 1 Schneider-electric 1 Guicon 2024-11-21 N/A
A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on c3core.dll which could cause remote code to be executed when parsing a GD1 file
CVE-2018-7814 1 Schneider-electric 1 Guicon 2024-11-21 N/A
A Stack-based Buffer Overflow (CWE-121) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) which could cause remote code to be executed when parsing a GD1 file
CVE-2018-7813 1 Schneider-electric 1 Guicon 2024-11-21 N/A
A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on pcwin.dll which could cause remote code to be executed when parsing a GD1 file
CVE-2018-7810 1 Schneider-electric 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more 2024-11-21 N/A
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to craft a URL containing JavaScript that will be executed within the user's browser, potentially impacting the machine the browser is running on.
CVE-2018-7803 1 Schneider-electric 1 Triconex Tristation Emulator 2024-11-21 N/A
A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack only while running in off-line mode. This vulnerability does not exist in Triconex hardware products and therefore has no effect on the operating safety functions in a plant.
CVE-2018-7800 1 Schneider-electric 2 Evlink Parking, Evlink Parking Firmware 2024-11-21 N/A
A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device.
CVE-2018-7786 1 Schneider-electric 1 U.motion Builder 2024-11-21 N/A
In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts.
CVE-2018-7785 1 Schneider-electric 1 U.motion Builder 2024-11-21 N/A
In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass.
CVE-2018-7757 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt 2024-11-21 N/A
Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file.
CVE-2018-7747 1 Calderalabs 1 Caldera Forms 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log, or (3) an imported form.
CVE-2018-7746 1 Cobub 1 Razor 2024-11-21 8.8 High
An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin.