Security Vulnerabilities - CVEs Published In February 2017
An issue was discovered in OmniMetrix OmniView, Version 1.2. Insufficient password requirements for the OmniView web application may allow an attacker to gain access by brute forcing account passwords.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-02-13
An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to 2.10.10. Multiple instances of out-of-bounds write conditions may allow malicious files to be read and executed by the affected software.
CVSS Score
7.8
EPSS Score
0.002
Published
2017-02-13
An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
CVSS Score
8.6
EPSS Score
0.054
Published
2017-02-13
An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of arbitrary code or a denial of service.
CVSS Score
7.8
EPSS Score
0.002
Published
2017-02-13
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-02-13
An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. User controlled input is not neutralized prior to being placed in web page output (CROSS-SITE SCRIPTING).
CVSS Score
6.1
EPSS Score
0.002
Published
2017-02-13
An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. When a specific URL to an image is accessed, the downloaded image carries with it source code used in the web server (INFORMATION EXPOSURE).
CVSS Score
5.3
EPSS Score
0.002
Published
2017-02-13
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes.
CVSS Score
9.8
EPSS Score
0.012
Published
2017-02-13
An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-02-13
An issue was discovered in Siemens ETA4 firmware (all versions prior to Revision 08) of the SM-2558 extension module for: SICAM AK, SICAM TM 1703, SICAM BC 1703, and SICAM AK 3. Specially crafted packets sent to Port 2404/TCP could cause the affected device to go into defect mode. A cold start might be required to recover the system, a Denial-of-Service Vulnerability.
CVSS Score
7.5
EPSS Score
0.008
Published
2017-02-13