|
2381
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface.
This could allow an authenticated attacker who is author…
|
CWE-79
Cross-site Scripting
|
CVE-2026-25786
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2382
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker w…
|
CWE-79
Cross-site Scripting
|
CVE-2026-25787
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2383
|
8.3 |
HIGH
Adjacent
|
-
|
-
|
A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All version…
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2025-40946
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2384
|
7.5 |
HIGH
Network
|
-
|
-
|
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1…
|
CWE-78
OS Command
|
CVE-2025-40947
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2385
|
6.8 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1…
|
CWE-88
Argument Injection
|
CVE-2025-40948
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2386
|
9.1 |
CRITICAL
Network
|
-
|
-
|
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1…
|
CWE-78
OS Command
|
CVE-2025-40949
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2387
|
7.1 |
HIGH
Network
|
-
|
-
|
Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file…
|
CWE-79
Cross-site Scripting
|
CVE-2026-25789
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2388
|
7.7 |
HIGH
Local
|
-
|
-
|
Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place.
This could allow an unauthenticated attacker to gain…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2026-27662
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2389
|
9.1 |
CRITICAL
Network
|
-
|
-
|
A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected versions contain a path traversal vulnerability because user input is not properly sanitized.
This could allow a remote …
|
CWE-23
Relative Path Traversal
|
CVE-2026-41551
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2390
|
6.0 |
MEDIUM
Adjacent
|
-
|
-
|
A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All versions), bluepla…
|
CWE-89
SQL Injection
|
CVE-2026-41125
|
2026-05-12 23:19 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
