2017-02-15
2017-02-15 06:59Z
HIGH

CVE-2017-2984 — Adobe Flash_player: Successful exploitation could lead to arbitrary code execution.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2984

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the h264 decoder routine. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)

CWECWE 787VNDAdobeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 06:59Z
HIGH

CVE-2017-2982 — Adobe Flash_player: Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2982

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in a routine related to player shutdown. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 8.8 (HIGH)

CWECWE 416VNDAdobeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-15
2017-02-15 06:59Z
CRIT

CVE-2017-2973 — Adobe Digital_editions: Successful exploitation could lead to arbitrary code execution.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2973

Adobe Digital Editions versions 4.5.3 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDAdobeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-15
2017-02-15 06:59Z
CRIT

CVE-2017-2968 — Adobe Campaign: versions 16.4 Build 8724 and earlier have a code injection vulnerability.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2968

Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability. CVSSv3.1 9.1 (CRITICAL)

CWECWE 94VNDAdobeTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2017-02-13
2017-02-13 22:59Z
HIGH

CVE-2017-5149 — Abbott Merlin\@home_firmware: This may allow a man-in-the-middle attacker to access or influence communications between the identified

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5149

An issue was discovered in St. Jude Medical Merlin@home, versions prior to Version 8.2.2 (RF models: EX1150; Inductive models: EX1100; and Inductive models: EX1100 with MerlinOnDemand capability). The identities of the endpoints for the communication channel between the transmitter and St. Jude Medical's web site, Merlin.net, are not verified. This may allow a man-in-the-middle attacker to access or influence communications between the identified endpoints. CVSSv3.1 8.9 (HIGH)

CWECWE 476VNDAbbottTYPVulnerability
8.9
CVSS v3.1
95
Edit Score
2017-02-13
2017-02-13 22:59Z
HIGH

CVE-2016-8358 — Smiths-medical Cadd-solis_medication_safety_software: The affected software does not verify the identities at communication endpoints, which may allow

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8358

An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which may allow a man-in-the-middle attacker to gain access to the communication channel between endpoints. CVSSv3.1 8.5 (HIGH)

CWECWE 346VNDSmiths MedicalVNDSmithsTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2017-02-13
2017-02-13 22:59Z
CRIT

CVE-2016-8355 — Smiths-medical Cadd-solis_medication_safety_software: CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8355

An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database, which would allow an authenticated user to modify drug libraries, add and delete users, and change user permissions. According to Smiths-Medical, physical access to the pump is required to install drug library updates. CVSSv3.1 9.9 (CRITICAL)

CWECWE 306VNDSmiths MedicalVNDSmithsTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
728 × 90 / responsive · programmatic ad slot
2017-02-13
2017-02-13 21:59Z
HIGH

CVE-2017-5167 — Binom3 Universal_multifunctional_electric_power_quality_meter_firmware: An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5167

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords. CVSSv3.1 8.6 (HIGH)

CWECWE 798VNDBinom3TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2017-5166 — Binom3 Universal_multifunctional_electric_power_quality_meter_firmware: An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5166

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. An INFORMATION EXPOSURE flaw can be used to gain privileged access to the device. CVSSv3.1 9.8 (CRITICAL)

CWECWE 200VNDBinom3TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2017-5162 — Binom3 Universal_multifunctional_electric_power_quality_meter_firmware: An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5162

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration. CVSSv3.1 9.8 (CRITICAL)

CWECWE 306VNDBinom3TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2017-5159 — Phoenixcontact Mguard_firmware: An issue was discovered on Phoenix Contact mGuard devices that have been updated to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5159

An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succeed, but it will reset the password of the admin user to its default value. CVSSv3.1 9.8 (CRITICAL)

CWECWE 99VNDPhoenixcontactVNDPhoenixTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2017-5154 — Advantech Webaccess: To be able to exploit the SQL injection vulnerability, an attacker must supply malformed

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5154

An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDAdvantechTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2017-5152 — Advantech Webaccess: By accessing a specific uniform resource locator (URL) on the web server, a malicious

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5152

An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICATION BYPASS). CVSSv3.1 9.1 (CRITICAL)

CWECWE 287VNDAdvantechTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2017-5145 — Carlosgavazzi Vmu-c_em_firmware: Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vulnerability can allow execution of unauthorized

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5145

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vulnerability can allow execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration. CVSSv3.1 10.0 (CRITICAL)

CWECWE 352VNDCarlosgavazziVNDCarloTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2017-5144 — Carlosgavazzi Vmu-c_em_firmware: The access control flaw allows access to most application functions without authentication.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5144

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions without authentication. CVSSv3.1 9.8 (CRITICAL)

VNDCarlosgavazziVNDCarloTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-13
2017-02-13 21:59Z
HIGH

CVE-2017-5143 — Honeywell Xl_web_ii_controller: A user without authenticating can make a directory traversal attack by accessing a specific

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5143

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL. CVSSv3.1 8.6 (HIGH)

CWECWE 22VNDHoneywellTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2017-5142 — Honeywell Xl_web_ii_controller: An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5142

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management. CVSSv3.1 9.1 (CRITICAL)

CWECWE 269VNDHoneywellTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2017-5140 — Honeywell Xl_web_ii_controller: An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5140

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text. CVSSv3.1 9.8 (CRITICAL)

CWECWE 522VNDHoneywellTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2017-5139 — Honeywell Xl_web_ii_controller: An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5139

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password. CVSSv3.1 9.8 (CRITICAL)

CWECWE 522VNDHoneywellTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2016-9369 — Moxa Nport_5100_series_firmware: Firmware can be updated over the network without authentication, which may allow remote code

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9369

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPor CVSSv3.1 9.8 (CRITICAL)

CWECWE 287VNDMoxaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2016-9366 — Moxa Nport_5100_series_firmware: An attacker can freely use brute force to determine parameters needed to bypass authentication.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9366

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPor CVSSv3.1 9.8 (CRITICAL)

CWECWE 264VNDMoxaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-13
2017-02-13 21:59Z
HIGH

CVE-2016-9365 — Moxa Nport_5100_series_firmware: Requests are not verified to be intentionally submitted by the proper user (CROSS-SITE REQUEST

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9365

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPor CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDMoxaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2016-9362 — Wago Pfc200_firmware: An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9362

An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view settings without authenticating. CVSSv3.1 9.1 (CRITICAL)

CWECWE 287VNDWagoTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2016-9361 — Moxa Nport_5100_series_firmware: An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9361

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPor CVSSv3.1 9.8 (CRITICAL)

CWECWE 287VNDMoxaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2016-9343 — Rockwellautomation Softlogix_5800_controller_firmware: By sending malformed common industrial protocol (CIP) packet, an attacker may be able to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9343

An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service. CVSSv3.1 10.0 (CRITICAL)

CWECWE 787VNDRockwellautomationVNDRockwellTYPVulnerability
10.0
CVSS v3.1
100
Edit Score