VYPR
Vendor

StoneFly

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2026-56413criJun 30, 2026
    risk 0.65cvss 10.0epss

    Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote attacker can send a specially crafted…

  • CVE-2026-56415criJun 30, 2026
    risk 0.65cvss 10.0epss

    Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a specially crafted HTTP request containing a malicious payload that is processed without adequate input…

  • CVE-2026-55721criJun 30, 2026
    risk 0.60cvss 9.3epss

    Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to…

  • CVE-2026-50110criJun 30, 2026
    risk 0.60cvss 9.2epss

    Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of…

  • CVE-2024-30213HigJul 12, 2024
    risk 0.58cvss 8.8epss 0.01

    StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution.

  • CVE-2026-50040medJun 30, 2026
    risk 0.40cvss 6.1epss

    Storage Concentrator (SC & SCVM) is vulnerable to reflected cross-site scripting (XSS) due to unsanitized content being echoed back in 404 error pages. An attacker can craft a malicious URL that, when visited by an authenticated user, causes arbitrary script content to execute…

  • CVE-2024-31947Jul 12, 2024
    risk 0.00cvss epss 0.01

    StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information.