Danfoss
Products
2- 3 CVEs
- 3 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-41451 | Hig | 0.57 | — | 0.01 | Aug 22, 2025 | Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command ('Command Injection') in Danfoss AK-SM8xxA Series prior to version 4.3.1, leading to a potential post-authenticated remote code execution on an attacked system. | ||
| CVE-2025-41450 | Hig | 0.53 | 8.2 | 0.00 | May 8, 2025 | Improper Authentication vulnerability in Danfoss AKSM8xxA Series.This issue affects Danfoss AK-SM 8xxA Series prior to version 4.2 | ||
| CVE-2025-41452 | Med | 0.44 | — | 0.00 | Aug 22, 2025 | Post-authenticated external control of system web interface configuration setting vulnerability in Danfoss AK-SM8xxA Series prior to 4.3.1, which could allow for a denial of service attack induced by improper handling of exceptional conditions | ||
| CVE-2023-25913 | 0.00 | — | 0.00 | Aug 21, 2023 | Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information. | |||
| CVE-2023-25914 | 0.00 | — | 0.00 | Aug 21, 2023 | Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise. | |||
| CVE-2023-25915 | 0.00 | — | 0.01 | Aug 21, 2023 | Due to improper input validation, an authenticated remote attacker could execute arbitrary commands on the target system. |
- risk 0.57cvss —epss 0.01
Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command ('Command Injection') in Danfoss AK-SM8xxA Series prior to version 4.3.1, leading to a potential post-authenticated remote code execution on an attacked system.
- risk 0.53cvss 8.2epss 0.00
Improper Authentication vulnerability in Danfoss AKSM8xxA Series.This issue affects Danfoss AK-SM 8xxA Series prior to version 4.2
- risk 0.44cvss —epss 0.00
Post-authenticated external control of system web interface configuration setting vulnerability in Danfoss AK-SM8xxA Series prior to 4.3.1, which could allow for a denial of service attack induced by improper handling of exceptional conditions
- CVE-2023-25913Aug 21, 2023risk 0.00cvss —epss 0.00
Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.
- CVE-2023-25914Aug 21, 2023risk 0.00cvss —epss 0.00
Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise.
- CVE-2023-25915Aug 21, 2023risk 0.00cvss —epss 0.01
Due to improper input validation, an authenticated remote attacker could execute arbitrary commands on the target system.