Vulnerabilities > Piigab > M BUS 900S Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-07-07 CVE-2023-32652 Cross-site Scripting vulnerability in Piigab M-Bus 900S Firmware
PiiGAB M-Bus does not validate identification strings before processing, which could make it vulnerable to cross-site scripting attacks.
network
low complexity
piigab CWE-79
6.1
6.1
2023-07-07 CVE-2023-34433 Use of Password Hash With Insufficient Computational Effort vulnerability in Piigab M-Bus 900S Firmware
PiiGAB M-Bus stores passwords using a weak hash algorithm.
network
low complexity
piigab CWE-916
critical
 9.8
9.8
2023-07-07 CVE-2023-34995 Weak Password Requirements vulnerability in Piigab M-Bus 900S Firmware
There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines.
network
low complexity
piigab CWE-521
critical
 9.8
9.8
2023-07-07 CVE-2023-35120 Cross-Site Request Forgery (CSRF) vulnerability in Piigab M-Bus 900S Firmware
PiiGAB M-Bus is vulnerable to cross-site request forgery.
network
low complexity
piigab CWE-352
8.8
8.8
2023-07-07 CVE-2023-35765 Unprotected Storage of Credentials vulnerability in Piigab M-Bus 900S Firmware
PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user to gain admin credentials.
network
low complexity
piigab CWE-256
6.5
6.5
2023-07-06 CVE-2023-31277 Unprotected Transport of Credentials vulnerability in Piigab M-Bus 900S Firmware
PiiGAB M-Bus transmits credentials in plaintext format.
network
low complexity
piigab CWE-523
7.5
7.5
2023-07-06 CVE-2023-33868 Improper Restriction of Excessive Authentication Attempts vulnerability in Piigab M-Bus 900S Firmware
The number of login attempts is not limited.
network
low complexity
piigab CWE-307
critical
 9.8
9.8
2023-07-06 CVE-2023-35987 Use of Hard-coded Credentials vulnerability in Piigab M-Bus 900S Firmware
PiiGAB M-Bus contains hard-coded credentials which it uses for authentication.
network
low complexity
piigab CWE-798
critical
 9.8
9.8
2023-07-06 CVE-2023-36859 Code Injection vulnerability in Piigab M-Bus 900S Firmware
PiiGAB M-Bus SoftwarePack 900S does not correctly sanitize user input, which could allow an attacker to inject arbitrary commands.
network
low complexity
piigab CWE-94
critical
 9.8
9.8