Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-24 | CVE-2015-7931 | Improper Input Validation vulnerability in Adcon A840 Telemetry Gateway Base Station Firmware The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support. | 8.7 |
| 2015-12-23 | CVE-2015-7928 | Information Exposure vulnerability in Ewon Firmware 10.0S0 eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 8.5 |
| 2015-12-23 | CVE-2015-7925 | Cross-Site Request Forgery (CSRF) vulnerability in Ewon Firmware 10.0S0 Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot. | 8.0 |
| 2015-12-23 | CVE-2015-7924 | Unspecified vulnerability in Ewon Firmware 10.0S0 eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 8.8 |
| 2015-12-23 | CVE-2015-7936 | Cross-Site Request Forgery (CSRF) vulnerability in Motorola Moscad IP Gateway Firmware Cross-site request forgery (CSRF) vulnerability in Motorola Solutions MOSCAD IP Gateway allows remote attackers to hijack the authentication of administrators for requests that modify a password. | 7.5 |
| 2015-12-23 | CVE-2015-7935 | Information Exposure vulnerability in Motorola Moscad IP Gateway Firmware Motorola Solutions MOSCAD IP Gateway allows remote attackers to read arbitrary files via unspecified vectors. | 7.5 |
| 2015-12-23 | CVE-2015-7917 | Unspecified vulnerability in Opcsystems OPC Systems.Net 8.00.0023 Untrusted search path vulnerability in Open Automation OPC Systems.NET 8.00.0023 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.2 |
| 2015-12-21 | CVE-2015-4545 | Permissions, Privileges, and Access Controls vulnerability in EMC Isilon Onefs EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account and establishing a login session. | 8.0 |
| 2015-12-21 | CVE-2015-7907 | Path Traversal vulnerability in Honeywell Midas Black Firmware and Midas Firmware Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors. | 8.6 |
| 2015-12-21 | CVE-2015-6481 | Unspecified vulnerability in Moxa Oncell Central Manager 2.0 The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password, which allows remote attackers to obtain administrative access via a login session. | 8.3 |