Vulnerabilities > Webhmi

DATE CVE VULNERABILITY TITLE RISK
2022-07-01 CVE-2022-2254 Cross-site Scripting vulnerability in Webhmi Firmware
A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 can store a script that could impact other logged in users.
network
webhmi CWE-79
3.5
2022-07-01 CVE-2022-2253 OS Command Injection vulnerability in Webhmi Firmware
A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server.
network
low complexity
webhmi CWE-78
critical
9.0
2021-12-06 CVE-2021-43931 Improper Authentication vulnerability in Webhmi Firmware
The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
network
low complexity
webhmi CWE-287
7.5
2021-12-06 CVE-2021-43936 Unrestricted Upload of File with Dangerous Type vulnerability in Webhmi Firmware 3.5/4.0
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution.
network
low complexity
webhmi CWE-434
critical
10.0