|
222961
|
5.9 |
MEDIUM
Network
|
br-automation
|
automation_studio
|
A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.5SP, < 4.6.4 and …
|
CWE-295
Improper Certificate Validation
|
CVE-2019-19101
|
2024-11-21 13:34 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222962
|
7.1 |
HIGH
Local
|
br-automation
|
automation_studio
|
A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.4SP, <. 4.6.3SP, < 4.7.2 and < 4.8.1 allow authenticate…
|
NVD-CWE-Other
|
CVE-2019-19100
|
2024-11-21 13:34 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222963
|
5.5 |
MEDIUM
Local
|
abb
busch-jaeger
|
tg\/s3.2_firmware
6186\/11_firmware
|
The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext (although hidden when displayed).
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-19107
|
2024-11-21 13:34 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222964
|
9.1 |
CRITICAL
Network
|
abb
busch-jaeger
|
tg\/s3.2_firmware
6186\/11_firmware
|
Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing o…
|
NVD-CWE-Other
|
CVE-2019-19106
|
2024-11-21 13:34 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222965
|
5.5 |
MEDIUM
Local
|
abb
busch-jaeger
|
tg\/s3.2_firmware
6186\/11_firmware
|
The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-19105
|
2024-11-21 13:34 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222966
|
9.8 |
CRITICAL
Network
|
abb
busch-jaeger
|
tg\/s3.2_firmware
6186\/11_firmware
|
The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific unifor…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-19104
|
2024-11-21 13:34 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222967
|
9.4 |
CRITICAL
Network
|
br-automation
|
automation_studio
automation_runtime
|
An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-19108
|
2024-11-21 13:34 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222968
|
6.1 |
MEDIUM
Network
|
northern.tech
|
cfengine
|
Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x before 3.12.3, 3.13.x, and 3.14.x allows XSS. This is fixed in 3.10.7, 3.12.3, and 3.15.0.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19394
|
2024-11-21 13:34 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222969
|
5.4 |
MEDIUM
Network
|
matrix42
|
workspace_management
|
The Search parameter of the Software Catalogue section of Matrix42 Workspace Management 9.1.2.2765 and below accepts unfiltered parameters that lead to multiple reflected XSS issues.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19390
|
2024-11-21 13:34 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222970
|
5.4 |
MEDIUM
Network
|
matrix42
|
workspace_management
|
Matrix42 Workspace Management 9.1.2.2765 and below allows stored XSS via unfiltered description parameters, as demonstrated by the comment field of a special order for individual software.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19500
|
2024-11-21 13:34 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
