#vulnerability

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: CNC Series Vulnerability: Improper Validation of Specified Quantity in Input 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to cause a denial-of-service (DoS) condition on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Mitsubishi Electric products are affected: M800VW (BND-2051W000-**): All versions M800VS (BND-2052W000-**): All versions M80V (BND-2053W000-**): All versions M80VW (BND-2054W000-**): All versions M800W (BND-2005W000-**): All versions M800S (BND-2006W000-**): All versions M80 (BND-2007W000-**): All versions M80W (BND-2008W000-**): All versions E80 (BND-2009W000-**): All versions C80 (BND-2036W000-**): All versions M750VW (BND-1015W002-**): All versions M730VW/M720VW (BND-1015W000-**): All versions M750VS (BND-1012W002-**): All versions M730VS/M720VS (BND-1012W000-**...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME Equipment: LAquis SCADA Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to steal cookies, inject arbitrary code, or perform unauthorized actions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of LAquis SCADA, an HMI program, are affected: LAquis SCADA: Version 4.7.1.511 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79 In LAquis SCADA version 4.7.1.511, a cross-site scripting vulnerability could allow an attacker to inject arbitrary code into a web page. This could allow an attacker to steal cookies, redirect users, or perform unauthorized actions. CVE-2024-9414 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Kieback&Peter Equipment: DDC4000 Series Vulnerabilities: Path Traversal, Insufficiently Protected Credentials, Use of Weak Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full administrator rights on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Kieback&Peter DDC4000 series products are affected: DDC4002 : Versions 1.12.14 and prior DDC4100 : Versions 1.7.4 and prior DDC4200 : Versions 1.12.14 and prior DDC4200-L : Versions 1.12.14 and prior DDC4400 : Versions 1.12.14 and prior DDC4002e : Versions 1.17.6 and prior DDC4200e : Versions 1.17.6 and prior DDC4400e : Versions 1.17.6 and prior DDC4020e : Versions 1.17.6 and prior DDC4040e : Versions 1.17.6 and prior 3.2 Vulnerability Overview 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 The a...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: HMS Networks Equipment: EWON FLEXY 202 Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to sniff and decode credentials that are transmitted using weak encoding techniques. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of EWON FLEXY 202, an industrial modular gateway, are affected: EWON FLEXY 202: Firmware Version 14.2s0 3.2 Vulnerability Overview 3.2.1 CWE-522: Insufficiently Protected Credentials The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials. CVE-2024-7755 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). CVE-2024-7755 has been assigned to this ...

Security researchers created an algorithm that turns a malicious prompt into a set of hidden instructions that could send a user's personal information to an attacker.

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.59

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.59

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:N). What does that mean for this vulnerability?** There are limited impact to Confidentiality and Integrity and no Avaibility impact from exploiting this vulnerability. An attacker would need to combine this with other vulnerabilities to perform an attack.

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.59