Vulnerabilities > Danfoss

DATE CVE VULNERABILITY TITLE RISK
2023-08-21 CVE-2023-25913 Improper Authentication vulnerability in Danfoss Ak-Sm 800A Firmware
Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.
network
low complexity
danfoss CWE-287
7.5
7.5
2023-08-21 CVE-2023-25914 Path Traversal vulnerability in Danfoss Ak-Sm 800A Firmware
Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface.
network
low complexity
danfoss CWE-22
7.5
7.5
2023-08-21 CVE-2023-25915 Unspecified vulnerability in Danfoss Ak-Sm 800A Firmware
Due to improper input validation, a remote attacker could execute arbitrary commands on the target system.
network
low complexity
danfoss
critical
 9.8
9.8
2023-06-11 CVE-2023-22582 Cross-site Scripting vulnerability in Danfoss Ak-Em100 Firmware
The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting.
network
low complexity
danfoss CWE-79
6.1
6.1
2023-06-11 CVE-2023-22583 SQL Injection vulnerability in Danfoss Ak-Em100 Firmware
The Danfoss AK-EM100 web forms allow for SQL injection in the login forms.
network
low complexity
danfoss CWE-89
critical
 9.8
9.8
2023-06-11 CVE-2023-22584 Cleartext Storage of Sensitive Information vulnerability in Danfoss Ak-Em100 Firmware
The Danfoss AK-EM100 stores login credentials in cleartext.
network
low complexity
danfoss CWE-312
7.5
7.5
2023-06-11 CVE-2023-22585 Cross-site Scripting vulnerability in Danfoss Ak-Em100 Firmware
The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting in the title parameter.
network
low complexity
danfoss CWE-79
6.1
6.1
2023-06-11 CVE-2023-22586 Information Exposure vulnerability in Danfoss Ak-Em100 Firmware
The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter.
network
low complexity
danfoss CWE-200
7.5
7.5
2023-06-11 CVE-2023-25911 Command Injection vulnerability in Danfoss Ak-Em100 Firmware
The Danfoss AK-EM100 web applications allow for OS command injection through the web application parameters.
network
low complexity
danfoss CWE-77
critical
 9.8
9.8
2023-06-11 CVE-2023-25912 Information Exposure vulnerability in Danfoss Ak-Em100 Firmware
The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values.
network
low complexity
danfoss CWE-200
5.3
5.3