Vulnerabilities > Danfoss > AK SM 800A Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-08-21 CVE-2023-25913 Improper Authentication vulnerability in Danfoss Ak-Sm 800A Firmware 3.3
Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.
network
low complexity
danfoss CWE-287
7.5
7.5
2023-08-21 CVE-2023-25914 Path Traversal vulnerability in Danfoss Ak-Sm 800A Firmware 3.3
Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface.
network
low complexity
danfoss CWE-22
7.5
7.5
2023-08-21 CVE-2023-25915 Unspecified vulnerability in Danfoss Ak-Sm 800A Firmware 3.3
Due to improper input validation, an authenticated remote attacker could execute arbitrary commands on the target system.
network
low complexity
danfoss
critical
 9.8
9.8