ICS Advisories
by Cisagov
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-41084 | Cri | 0.65 | 10.0 | 0.01 | Sep 18, 2023 | Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device. | ||
| CVE-2022-2197 | Cri | 0.64 | 9.8 | 0.01 | Jun 30, 2022 | By using a specific credential string, an attacker with network access to the device’s web interface could circumvent the authentication scheme and perform administrative operations. | ||
| CVE-2022-2103 | Cri | 0.64 | 9.8 | 0.01 | Jun 24, 2022 | An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive files and write to remotely executable directories. | ||
| CVE-2021-38477 | Cri | 0.64 | 9.8 | 0.01 | Oct 22, 2021 | There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files. | ||
| CVE-2022-1521 | Cri | 0.59 | 9.1 | 0.01 | Jun 24, 2022 | LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data. | ||
| CVE-2021-42536 | Hig | 0.52 | 8.0 | 0.01 | Oct 22, 2021 | The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables. | ||
| CVE-2023-39452 | Hig | 0.49 | 7.5 | 0.01 | Sep 18, 2023 | The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be done remotely due to the incorrect management of the sessions in the web application. | ||
| CVE-2022-1704 | Hig | 0.49 | 7.6 | 0.01 | Aug 5, 2022 | Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup. | ||
| CVE-2021-38455 | Hig | 0.48 | 7.3 | 0.01 | Oct 22, 2021 | The affected product’s OS Service does not verify any given parameter. A user can supply any type of parameter that will be passed to inner calls without checking the type of the parameter or the value. | ||
| CVE-2023-50703 | Med | 0.41 | 6.3 | 0.00 | Dec 20, 2023 | An attacker with network access could perform a man-in-the-middle (MitM) attack and capture sensitive information to gain unauthorized access to the application. | ||
| CVE-2021-42699 | Med | 0.37 | 5.7 | 0.00 | Nov 5, 2021 | The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user’s cookie and take over the account. | ||
| CVE-2020-14479 | Med | 0.35 | 5.3 | 0.01 | Apr 1, 2022 | Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication required to query the server | ||
| CVE-2022-2137 | Med | 0.32 | 4.9 | 0.01 | Jul 22, 2022 | The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information |
- risk 0.65cvss 10.0epss 0.01
Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device.
- risk 0.64cvss 9.8epss 0.01
By using a specific credential string, an attacker with network access to the device’s web interface could circumvent the authentication scheme and perform administrative operations.
- risk 0.64cvss 9.8epss 0.01
An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive files and write to remotely executable directories.
- risk 0.64cvss 9.8epss 0.01
There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files.
- risk 0.59cvss 9.1epss 0.01
LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data.
- risk 0.52cvss 8.0epss 0.01
The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables.
- risk 0.49cvss 7.5epss 0.01
The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be done remotely due to the incorrect management of the sessions in the web application.
- risk 0.49cvss 7.6epss 0.01
Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup.
- risk 0.48cvss 7.3epss 0.01
The affected product’s OS Service does not verify any given parameter. A user can supply any type of parameter that will be passed to inner calls without checking the type of the parameter or the value.
- risk 0.41cvss 6.3epss 0.00
An attacker with network access could perform a man-in-the-middle (MitM) attack and capture sensitive information to gain unauthorized access to the application.
- risk 0.37cvss 5.7epss 0.00
The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user’s cookie and take over the account.
- risk 0.35cvss 5.3epss 0.01
Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication required to query the server
- risk 0.32cvss 4.9epss 0.01
The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information