Security Vulnerabilities - CVEs Published In February 2017
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file.
CVSS Score
7.0
EPSS Score
0.037
Published
2017-02-13
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-02-13
An issue was discovered in Moxa DACenter Versions 1.4 and older. A specially crafted project file may cause the program to crash because of Uncontrolled Resource Consumption.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-02-13
An issue was discovered in Moxa DACenter Versions 1.4 and older. The application may suffer from an unquoted search path issue.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-02-13
An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user.
CVSS Score
7.2
EPSS Score
0.005
Published
2017-02-13
An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output; this could allow for cross-site scripting.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-02-13
An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information that is sent in the POST request.
CVSS Score
8.6
EPSS Score
0.009
Published
2017-02-13
An issue was discovered in OmniMetrix OmniView, Version 1.2. The OmniView web application transmits credentials with the HTTP protocol, which could be sniffed by an attacker that may result in the compromise of account credentials.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-02-13
An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. Sending additional valid packets could allow the attacker to cause a crash or to execute arbitrary code, because of Improper Restriction of Operations within the Bounds of a Memory Buffer.
CVSS Score
8.8
EPSS Score
0.004
Published
2017-02-13
An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. By sending additional valid packets, an attacker could trigger a stack-based buffer overflow and cause a crash. Also, a malicious attacker can trigger a remote buffer overflow on the Fatek Communication Server.
CVSS Score
7.5
EPSS Score
0.017
Published
2017-02-13