Sec Consult
Products
3- 5 CVEs
- 4 CVEs
- 1 CVE
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-27183 | Cri | 0.64 | 9.8 | 0.01 | Oct 27, 2020 | A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact. | ||
| CVE-2020-27179 | Cri | 0.64 | 9.8 | 0.01 | Oct 27, 2020 | konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens. | ||
| CVE-2025-48416 | Hig | 0.53 | 8.1 | 0.01 | May 21, 2025 | An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the "/etc/shadow" file in the firmware image for the "root" user. However, in the default SSH configuration the "PermitRootLogin" is disabled, preventing the root user from logging in via SSH. This… | ||
| CVE-2018-19233 | Hig | 0.51 | 7.8 | 0.01 | Dec 20, 2018 | COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file. | ||
| CVE-2025-48413 | Hig | 0.50 | 7.7 | 0.00 | May 21, 2025 | The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating system "root" user. The credentials are shipped with the update files. There is no option for deleting or changing their passwords for an enduser. An attacker can use the credentials to… | ||
| CVE-2020-27180 | Hig | 0.49 | 7.5 | 0.01 | Oct 27, 2020 | konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter. | ||
| CVE-2025-48417 | Med | 0.42 | 6.5 | 0.00 | May 21, 2025 | The certificate and private key used for providing transport layer security for connections to the web interface (TCP port 443) is hard-coded in the firmware and are shipped with the update files. An attacker can use the private key to perform man-in-the-middle attacks against… | ||
| CVE-2025-48414 | Med | 0.42 | 6.5 | 0.00 | May 21, 2025 | There are several scripts in the web interface that are accessible via undocumented hard-coded credentials. The scripts provide access to additional administrative/debug functionality and are likely intended for debugging during development and provides an additional attack… | ||
| CVE-2025-48415 | Med | 0.40 | 6.2 | 0.00 | May 21, 2025 | A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted "salia.ini" files. The .ini file can contain several "commands" that could be exploited by an attacker to export or modify the device configuration, enable an SSH backdoor or… | ||
| CVE-2020-27182 | Med | 0.40 | 6.1 | 0.01 | Oct 27, 2020 | Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form. |
- risk 0.64cvss 9.8epss 0.01
A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact.
- risk 0.64cvss 9.8epss 0.01
konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens.
- risk 0.53cvss 8.1epss 0.01
An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the "/etc/shadow" file in the firmware image for the "root" user. However, in the default SSH configuration the "PermitRootLogin" is disabled, preventing the root user from logging in via SSH. This…
- risk 0.51cvss 7.8epss 0.01
COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file.
- risk 0.50cvss 7.7epss 0.00
The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating system "root" user. The credentials are shipped with the update files. There is no option for deleting or changing their passwords for an enduser. An attacker can use the credentials to…
- risk 0.49cvss 7.5epss 0.01
konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter.
- risk 0.42cvss 6.5epss 0.00
The certificate and private key used for providing transport layer security for connections to the web interface (TCP port 443) is hard-coded in the firmware and are shipped with the update files. An attacker can use the private key to perform man-in-the-middle attacks against…
- risk 0.42cvss 6.5epss 0.00
There are several scripts in the web interface that are accessible via undocumented hard-coded credentials. The scripts provide access to additional administrative/debug functionality and are likely intended for debugging during development and provides an additional attack…
- risk 0.40cvss 6.2epss 0.00
A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted "salia.ini" files. The .ini file can contain several "commands" that could be exploited by an attacker to export or modify the device configuration, enable an SSH backdoor or…
- risk 0.40cvss 6.1epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form.