The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.
An unauthenticated remote attacker can gain limited information of the PLC network but the user management of the PLCs prevents the actual access to the PLCs.
An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function.
The affected products expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device.
An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.
Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configura
An low privileged remote attacker can enforce the watchdog of the affected devices to reboot the PLC due to incorrect default permissions of a config file.
The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information.
An unauthenticated remote attacker can access a URL which causes the device to reboot.
An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials.
An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS.
An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP.
LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to obtain sensitive information via the firmware update process.
An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data.
By default, the Packet Power Monitoring and Control Web Interface do not
enforce authentication mechanisms. This vulnerability could allow
unauthorized users to access and manipulate monitoring and
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication.
Unitronics Vision PLC –
CWE-676: Use of Potentially Dangerous Function may allow security feature bypass
Improper control of framework service permissions with possibility of some sensitive device information leakage.
An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service.
A vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5), Industrial Edge Management Virtual (All versions < V2.3.1-1). Affected components do not properly validat
Page 1+ Next →