Vulnerabilities > Weidmueller
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-14 | CVE-2022-3073 | Cross-site Scripting vulnerability in Weidmueller products Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to e.g. | 6.1 |
| 2021-06-25 | CVE-2021-33528 | Improper Adherence to Coding Standards vulnerability in Weidmueller products In Weidmueller Industrial WLAN devices in multiple versions an exploitable privilege escalation vulnerability exists in the iw_console functionality. | 8.8 |
| 2021-06-25 | CVE-2021-33529 | Use of Hard-coded Credentials vulnerability in Weidmueller products In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device. | 7.5 |
| 2021-06-25 | CVE-2021-33530 | OS Command Injection vulnerability in Weidmueller products In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. | 8.8 |
| 2021-06-25 | CVE-2021-33531 | Use of Hard-coded Credentials vulnerability in Weidmueller products In Weidmueller Industrial WLAN devices in multiple versions an exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities. | 8.8 |
| 2021-06-25 | CVE-2021-33532 | OS Command Injection vulnerability in Weidmueller products In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. | 8.8 |
| 2021-06-25 | CVE-2021-33533 | OS Command Injection vulnerability in Weidmueller products In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. | 8.8 |
| 2021-06-25 | CVE-2021-33534 | OS Command Injection vulnerability in Weidmueller products In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the hostname functionality. | 7.2 |
| 2021-06-25 | CVE-2021-33535 | Use of Externally-Controlled Format String vulnerability in Weidmueller products In Weidmueller Industrial WLAN devices in multiple versions an exploitable format string vulnerability exists in the iw_console conio_writestr functionality. | 8.8 |
| 2021-06-25 | CVE-2021-33536 | Integer Underflow (Wrap or Wraparound) vulnerability in Weidmueller products In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. | 7.5 |