Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
A low-privileged remote attacker can send Modbus packets to manipulate register values that are inputs to the odorant injection logic such that too much or too little odorant is injected into a gas
An unauthanticated remote attacker can perform a DoS of the Modbus service by sending a specific function and sub-function code without affecting the core functionality.
A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulne
CVE-2025-41709
CRITICAL CVSS 9.8
Find Similar
An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device.
Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to send Modbus TCP packets to manipulate Digital Outputs, potentially allowing remote control of relay chan
An unauthenticated remote attacker can send a specially crafted Modbus read command to the device which leads to a denial of service.
CVE-2024-41798
CRITICAL CVSS 9.3
Find Similar
A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with ac
An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (RS485).
CVE-2025-58428
CRITICAL CVSS 9.4
Find Similar
The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the web services handler. This vulnerability enables remote attackers with valid credentials to execute syste
CVE-2025-13926
CRITICAL CVSS 9.3
Find Similar
An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T.
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious inpu
Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting
An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (TCP).
CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory after a successful Man-In-The-Middle attack followed by sending a crafted Modbus
CVE-2024-40765
CRITICAL CVSS 9.8
Find Similar
An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sendi
CVE-2024-11737
CRITICAL CVSS 9.3
Find Similar
CWE-20: Improper Input Validation vulnerability exists that could lead to a denial of service and a loss of confidentiality, integrity of the controller when an unauthenticated crafted Modbus packet i
A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authen
CVE-2026-8037
CRITICAL CVSS 9.6
Find Similar
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting uns
A vulnerability has been found in Edimax EW-7438RPn up to 1.31. Affected is the function formWizSurvey of the file /goform/formWizSurvey of the component webs. The manipulation of the argument ip/mask
A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.
Page 1+ Next →