Total
316156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10621 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). | |||||
| CVE-2020-10620 | 1 Opto22 | 1 Softpac Project | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely. | |||||
| CVE-2020-10619 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control. | |||||
| CVE-2020-10618 | 1 Lcds | 1 Laquis Scada | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users. | |||||
| CVE-2020-10617 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. | |||||
| CVE-2020-10616 | 1 Opto22 | 1 Softpac Project | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts. | |||||
| CVE-2020-10615 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers cause a denial-of-service condition due to a lack of proper validation of the length of user-supplied data, prior to copying it to a fixed-length stack-based buffer. Authentication is not required to exploit this vulnerability. | |||||
| CVE-2020-10614 | 1 Osisoft | 1 Pi Vision | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision databases could inject code into a display. Unauthorized information disclosure, deletion, or modification is possible if a victim views the infected display. | |||||
| CVE-2020-10613 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to disclose sensitive information due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. Authentication is not required to exploit this vulnerability. Only applicable to installations using DNP3 Data Sets. | |||||
| CVE-2020-10612 | 1 Opto22 | 1 Softpac Project | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values. | |||||
| CVE-2020-10611 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type confusion condition. Authentication is not required to exploit this vulnerability. Only applicable to installations using DNP3 Data Sets. | |||||
| CVE-2020-10610 | 1 Osisoft | 9 Pi Api, Pi Buffer Subsystem, Pi Connector and 6 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification. | |||||
| CVE-2020-10609 | 1 Grundfos | 1 Cim 500 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device. | |||||
| CVE-2020-10608 | 1 Osisoft | 9 Pi Api, Pi Buffer Subsystem, Pi Connector and 6 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. This exploitation can target another local user of PI System software on the computer to escalate privilege and result in unauthorized information disclosure, deletion, or modification. | |||||
| CVE-2020-10607 | 1 Advantech | 1 Webaccess | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. | |||||
| CVE-2020-10606 | 1 Osisoft | 9 Pi Api, Pi Buffer Subsystem, Pi Connector and 6 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, or modification if the local computer also processes PI System data from other users, such as from a shared workstation or terminal server deployment. | |||||
| CVE-2020-10605 | 1 Grundfos | 2 Cim 500, Cim 500 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files. | |||||
| CVE-2020-10604 | 1 Osisoft | 1 Pi Data Archive | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive. | |||||
| CVE-2020-10603 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely. | |||||
| CVE-2020-10602 | 1 Pi | 1 Data Archive | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Network Manager due to a race condition. This can result in blocking connections and queries to PI Data Archive. | |||||