Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-13 | CVE-2016-3635 | Improper Access Control vulnerability in SAP Netweaver 7.40 SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366. | 7.5 |
| 2016-10-13 | CVE-2016-8565 | Improper Access Control vulnerability in Siemens Automation License Manager 5.3 Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets. | 9.1 |
| 2016-10-13 | CVE-2016-8564 | SQL Injection vulnerability in Siemens Automation License Manager 5.3 SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410. | 6.5 |
| 2016-10-13 | CVE-2016-8563 | Improper Input Validation vulnerability in Siemens Automation License Manager 5.3 Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410. | 7.5 |
| 2016-10-13 | CVE-2016-7960 | Information Exposure vulnerability in Siemens Simatic Step 7 Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors. | 2.5 |
| 2016-10-13 | CVE-2016-7959 | 7PK - Security Features vulnerability in Siemens Simatic Step 7 Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack. | 4.7 |
| 2016-10-10 | CVE-2016-1000216 | OS Command Injection vulnerability in Ruckus Wireless H500 Ruckus Wireless H500 web management interface authenticated command injection | 8.8 |
| 2016-10-10 | CVE-2016-1000155 | Cross-site Scripting vulnerability in Wpsolr Wpsolr-Search-Engine 7.6 Reflected XSS in wordpress plugin wpsolr-search-engine v7.6 | 6.1 |
| 2016-10-10 | CVE-2016-1000154 | Cross-site Scripting vulnerability in Browserweb Whizz Reflected XSS in wordpress plugin whizz v1.0.7 | 6.1 |
| 2016-10-10 | CVE-2016-1000153 | Cross-site Scripting vulnerability in Tidio-Gallery Project Tidio-Gallery 1.1 Reflected XSS in wordpress plugin tidio-gallery v1.1 | 6.1 |