|
254071
|
9.8 |
CRITICAL
Network
|
echelon
|
smartserver_1_firmware smartserver_2_firmware i.lon_100_firmware
|
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change s…
|
CWE-200
Information Exposure
|
CVE-2018-10627
|
2024-11-21 12:41 |
2018-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254072
|
7.5 |
HIGH
Network
|
selinc
|
acselerator_architect
|
SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect FTP client connects to a malicious FTP server, which may cause denial of service via 100% CPU util…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-10608
|
2024-11-21 12:41 |
2018-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254073
|
8.8 |
HIGH
Network
|
selinc
|
sel_compass
|
SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting…
|
CWE-276
Incorrect Default Permissions
|
CVE-2018-10604
|
2024-11-21 12:41 |
2018-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254074
|
9.8 |
CRITICAL
Network
|
selinc
|
acselerator_architect
|
SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in …
|
CWE-611
XXE
|
CVE-2018-10600
|
2024-11-21 12:41 |
2018-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254075
|
9.8 |
CRITICAL
Network
|
aveva
|
intouch_machine_2017 indusoft_web_studio
|
AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulner…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-10620
|
2024-11-21 12:41 |
2018-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254076
|
7.8 |
HIGH
Local
|
abb
|
panel_builder_800
|
ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used.
|
CWE-20
Improper Input Validation
|
CVE-2018-10616
|
2024-11-21 12:41 |
2018-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254077
|
6.8 |
MEDIUM
Physics
|
medtronic
|
n\'vision_8840_firmware n\'vision_8870_firmware
|
Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions. The 8840 Clinician Programmer executes the applic…
|
CWE-693
Protection Mechanism Failure
|
CVE-2018-10631
|
2024-11-21 12:41 |
2018-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254078
|
9.8 |
CRITICAL
Network
|
universal-robots
|
cb3.1_firmware
|
In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code and execute the code. This enables a remote attacker who ha…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2018-10635
|
2024-11-21 12:41 |
2018-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254079
|
9.8 |
CRITICAL
Network
|
universal-robots
|
cb3.1_firmware
|
Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that may allow an attacker to reset passwords for the controller.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-10633
|
2024-11-21 12:41 |
2018-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254080
|
6.5 |
MEDIUM
Network
|
topdesk
|
topdesk
|
Cross-site request forgery (CSRF) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5.7.SR9 allows remote attackers to hijack the authentication of authenticated users for reque…
|
CWE-352
Origin Validation Error
|
CVE-2018-10232
|
2024-11-21 12:41 |
2018-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|