Vulnerabilities > Sauter Controls > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-27 | CVE-2023-22300 | Cross-site Scripting vulnerability in Sauter-Controls Ey-As525F001 Firmware An unauthenticated remote attacker could force all authenticated users, such as administrative users, to perform unauthorized actions by viewing the logs. | 6.1 |
| 2023-03-27 | CVE-2023-27927 | Cleartext Transmission of Sensitive Information vulnerability in Sauter-Controls Ey-As525F001 Firmware An authenticated malicious user could acquire the simple mail transfer protocol (SMTP) Password in cleartext format, despite it being protected and hidden behind asterisks. | 6.5 |
| 2023-03-27 | CVE-2023-28650 | Cross-site Scripting vulnerability in Sauter-Controls Ey-As525F001 Firmware An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. | 6.1 |
| 2023-03-27 | CVE-2023-28652 | Unrestricted Upload of File with Dangerous Type vulnerability in Sauter-Controls Ey-As525F001 Firmware An authenticated malicious user could successfully upload a malicious image could lead to a denial-of-service condition. | 6.5 |
| 2023-03-27 | CVE-2023-28655 | Cross-site Scripting vulnerability in Sauter-Controls Ey-As525F001 Firmware A malicious user could leverage this vulnerability to escalate privileges or perform unauthorized actions in the context of the targeted privileged users. | 5.4 |
| 2016-02-06 | CVE-2015-7916 | Cross-site Scripting vulnerability in Sauter-Controls Moduweb Vision 1.5 Cross-site scripting (XSS) vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query. | 6.5 |