Vulnerabilities > Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

DATE CVE VULNERABILITY TITLE RISK
2020-04-29 CVE-2020-8478 Injection vulnerability in ABB Base Software, MMS Server and OPC Server
Insufficient protection of the inter-process communication functions in ABB System 800xA products OPC Server for AC 800M, MMS Server for AC 800M and Base Software for SoftControl (all published versions) enables an attacker authenticated on the local system to inject data, affecting the online view of runtime data shown in Control Builder.
local
low complexity
abb CWE-74
3.3
3.3
2020-04-28 CVE-2018-21208 Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.
low complexity
netgear CWE-74
8.8
8.8
2020-04-28 CVE-2017-18863 Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by command execution via a PHP form.
local
low complexity
netgear CWE-74
7.1
7.1
2020-04-24 CVE-2018-21228 Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by command injection by an authenticated user.
low complexity
netgear CWE-74
6.8
6.8
2020-04-24 CVE-2018-21227 Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by command injection by an authenticated user.
low complexity
netgear CWE-74
6.8
6.8
2020-04-23 CVE-2017-18737 Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.
low complexity
netgear CWE-74
8.8
8.8
2020-04-23 CVE-2017-18736 Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.
low complexity
netgear CWE-74
8.8
8.8
2020-04-23 CVE-2017-18735 Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.
low complexity
netgear CWE-74
8.8
8.8
2020-04-23 CVE-2017-18734 Injection vulnerability in Netgear products
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.
low complexity
netgear CWE-74
8.8
8.8
2020-04-22 CVE-2020-7489 Injection vulnerability in Schneider-Electric products
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification).
network
low complexity
schneider-electric CWE-74
critical
 9.8
9.8