Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-06-01 CVE-2016-4500 7PK - Security Features vulnerability in Moxa Uc-7408 Lx-Plus and Uc-7408 Lx-Plus Firmware
Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access.
network
high complexity
moxa CWE-254
4.9
4.9
2016-06-01 CVE-2016-0288 XML External Entity Information Disclosure vulnerability in IBM Security AppScan
IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and Security AppScan Enterprise allow remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
network
low complexity
ibm
4.0
4.0
2016-05-31 CVE-2016-4785 Information Exposure vulnerability in Siemens Siprotec Firmware 4.26
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02.
network
low complexity
siemens CWE-200
5.0
5.0
2016-05-31 CVE-2016-4784 Information Exposure vulnerability in Siemens Siprotec Firmware 4.26
A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.83; SIPROTEC 7UT686 : All versions < V 4.01; SIPROTEC 7SD686 : All versions < V 4.03; SIPROTEC 7SJ66 : All versions < V 4.20.
network
low complexity
siemens CWE-200
5.0
5.0
2016-05-31 CVE-2016-4506 Cross-Site Request Forgery (CSRF) vulnerability in Resourcedm Intuitive 650 TDB Controller
Cross-site request forgery (CSRF) vulnerability on Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allows remote authenticated users to hijack the authentication of arbitrary users. 		6.0
6.0
2016-05-31 CVE-2016-4502 Improper Access Control vulnerability in Envirosys ESC 8832 Data Controller
Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter.
network
low complexity
envirosys CWE-284
5.0
5.0
2016-05-31 CVE-2016-4501 Improper Access Control vulnerability in Envirosys ESC 8832 Data Controller
Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors.
network
low complexity
envirosys CWE-284
6.4
6.4
2016-05-31 CVE-2016-2295 Information Exposure vulnerability in Moxa products
Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allow remote attackers to obtain sensitive cleartext information by reading a configuration file.
network
low complexity
moxa CWE-200
5.0
5.0
2016-05-31 CVE-2016-2286 Improper Authentication vulnerability in Moxa products
Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 have a blank default password, which allows remote attackers to obtain access via unspecified vectors.
network
low complexity
moxa CWE-287
5.0
5.0
2016-05-31 CVE-2016-2285 Cross-Site Request Forgery (CSRF) vulnerability in Moxa products
Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allows remote attackers to hijack the authentication of arbitrary users.
network
moxa CWE-352
6.8
6.8