VYPR

SCADA

by Xarrow

CVEs (3)

  • CVE-2021-33021MedMay 16, 2022
    risk 0.40cvss 6.1epss 0.01

    xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘edate’ of the resource xhisalarm.htm, which may allow an unauthorized attacker to execute arbitrary code.

  • CVE-2021-33001MedMay 16, 2022
    risk 0.40cvss 6.1epss 0.01

    xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code.

  • CVE-2021-33025MedMay 16, 2022
    risk 0.36cvss 5.6epss 0.00

    xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges.