2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2016-9333 — Moxa Softcms: The SoftCMS Application does not properly sanitize input that may allow a remote attacker

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9333

An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. The SoftCMS Application does not properly sanitize input that may allow a remote attacker access to SoftCMS with administrator's privilege through specially crafted input (SQL INJECTION). CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDMoxaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2016-8567 — Siemens Sicam_pas\/pqs: A factory account with hard-coded passwords is present in the SICAM PAS installations.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8567

An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP. CVSSv3.1 9.8 (CRITICAL)

CWECWE 798VNDSiemensTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-13
2017-02-13 21:59Z
HIGH

CVE-2016-8379 — Moxa Iologik_e1200_series_firmware: An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8379

An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, f CVSSv3.1 8.1 (HIGH)

VNDMoxaTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2016-8378 — Lynxspring Jenesys_bas_bridge: An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8378

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application's database lacks sufficient safeguards for protecting credentials. CVSSv3.1 9.8 (CRITICAL)

CWECWE 255VNDLynxspringTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-13
2017-02-13 21:59Z
HIGH

CVE-2016-8377 — Fatek Plc_winproladder_firmware: A stack-based buffer overflow vulnerability exists when the software application connects to a malicious

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8377

An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server, resulting in a stack buffer overflow. This causes an exploitable Structured Exception Handler (SEH) overwrite condition that may allow remote code execution. CVSSv3.1 8.0 (HIGH)

CWECWE 119VNDFatekTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2017-02-13
2017-02-13 21:59Z
HIGH

CVE-2016-8372 — Moxa Iologik_e1200_series_firmware: An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8372

An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, f CVSSv3.1 8.1 (HIGH)

CWECWE 255VNDMoxaTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-02-13
2017-02-13 21:59Z
HIGH

CVE-2016-8369 — Lynxspring Jenesys_bas_bridge: The application does not sufficiently verify if a request was intentionally provided by the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8369

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request (CROSS-SITE REQUEST FORGERY). CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDLynxspringTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2017-02-13
2017-02-13 21:59Z
HIGH

CVE-2016-8368 — Mitsubishielectric Qj71e71-100_firmware: The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8368

An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock. CVSSv3.1 8.6 (HIGH)

CWECWE 662VNDMitsubishielectricVNDMitsubishiTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2016-8364 — Ibhsoftec S7-softplc: Object memory can read a network packet that is larger than the space that

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8364

An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. Object memory can read a network packet that is larger than the space that is available, a Heap-based Buffer Overflow. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDIbhsoftecTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2016-8363 — Moxa Oncellg3470a-lte_firmware: An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8363

An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. User is able to execute arbitrary OS commands on the server. CVSSv3.1 10.0 (CRITICAL)

CWECWE 264VNDMoxaTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2017-02-13
2017-02-13 21:59Z
HIGH

CVE-2016-8361 — Lynxspring Jenesys_bas_bridge: The application uses a hard-coded username with no password allowing an attacker into the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8361

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication. CVSSv3.1 8.6 (HIGH)

CWECWE 798VNDLynxspringTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2017-02-13
2017-02-13 21:59Z
HIGH

CVE-2016-8360 — Moxa Softcms: A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8360

An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an attacker to modify memory locations and possibly cause a denial of service or the execution of arbitrary code. CVSSv3.1 8.1 (HIGH)

CWECWE 415VNDMoxaTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-02-13
2017-02-13 21:59Z
HIGH

CVE-2016-8356 — Kabona_ab Webdatorcentral: The web server URL inputs are not sanitized correctly, which may allow cross-site scripting

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8356

An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. The web server URL inputs are not sanitized correctly, which may allow cross-site scripting vulnerabilities. CVSSv3.1 8.2 (HIGH)

CWECWE 79VNDKabona AbVNDKabonaTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2016-8352 — Schneider-electric Connexium_firmware: A stack-based buffer overflow can be triggered during the SNMP login authentication process that

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8352

An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code. CVSSv3.1 10.0 (CRITICAL)

CWECWE 119VNDSchneider ElectricVNDSchneiderTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2016-8348 — Emerson Liebert_sitescan_web: An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8348

An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network. CVSSv3.1 9.8 (CRITICAL)

CWECWE 611VNDEmersonTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2016-8347 — Kabona_ab Webdatorcentral: WDC does not limit authentication attempts that may allow a brute force attack method.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8347

An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. WDC does not limit authentication attempts that may allow a brute force attack method. CVSSv3.1 9.8 (CRITICAL)

CWECWE 287VNDKabona AbVNDKabonaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2016-8341 — Ecava Integraxor: The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8341

An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDEcavaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2016-5818 — Schneider-electric Powerlogic_pm8ecc_firmware: Undocumented hard-coded credentials allow access to the device.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5818

An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device. CVSSv3.1 9.8 (CRITICAL)

CWECWE 798VNDSchneider ElectricVNDSchneiderTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-13
2017-02-13 21:59Z
CRIT

CVE-2016-5815 — Schneider-electric Ion5000: An unauthorized user can access the device management portal and make configuration changes.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5815

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes. CVSSv3.1 9.8 (CRITICAL)

CWECWE 284VNDSchneider ElectricVNDSchneiderTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-13
2017-02-13 21:59Z
HIGH

CVE-2016-5809 — Schneider-electric Ion5000: There is no CSRF Token generated to authenticate the user during a session.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5809

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDSchneider ElectricVNDSchneiderTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-13
2017-02-13 21:59Z
HIGH

CVE-2016-5803 — Ca_technologies Unified_infrastructure_management: An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5803

An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. CVSSv3.1 8.6 (HIGH)

CWECWE 22VNDCa TechnologiesTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2017-02-13
2017-02-13 21:59Z
HIGH

CVE-2016-5796 — Fatek Automation_fv_designer: Sending additional valid packets could allow the attacker to cause a crash or to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5796

An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. Sending additional valid packets could allow the attacker to cause a crash or to execute arbitrary code, because of Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDFatekTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-13
2017-02-13 21:59Z
HIGH

CVE-2016-5782 — Locusenergy Lgate_firmware: An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5782

An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information that is sent in the POST request. CVSSv3.1 8.6 (HIGH)

CWECWE 20VNDLocusenergyVNDLocusTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2017-02-13
2017-02-13 18:59Z
CRIT

CVE-2016-8859 — Etalabs Musl: Multiple integer overflows in the TRE library and musl libc allow attackers to cause

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8859

Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write. CVSSv3.1 9.8 (CRITICAL)

CWECWE 190VNDEtalabsVNDTreTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-13
2017-02-13 18:59Z
CRIT

CVE-2016-7565 — Exponentcms Exponent_cms: install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7565

install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter. CVSSv3.1 9.8 (CRITICAL)

CWECWE 284VNDExponentcmsVNDExponentTYPVulnerability
9.8
CVSS v3.1
99
Edit Score