Security Vulnerabilities - CVEs Published In January 2020
Cisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause an unsafe TCP port to open which leads to unauthenticated access
CVSS Score
9.8
EPSS Score
0.041
Published
2020-01-07
HMailServer 5.3.x and prior: Memory Corruption which could cause DOS
CVSS Score
5.9
EPSS Score
0.003
Published
2020-01-07
Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen.
CVSS Score
4.8
EPSS Score
0.004
Published
2020-01-07
A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-01-06
Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers.
CVSS Score
7.3
EPSS Score
0.002
Published
2020-01-06
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-01-06
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-01-06
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-01-06
Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code.
CVSS Score
5.4
EPSS Score
0.007
Published
2020-01-06
A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in Freebox OS Web interface 3.0.2, which allows malicious users to execute arbitrary code.
CVSS Score
5.4
EPSS Score
0.007
Published
2020-01-06