Security Vulnerabilities - CVEs Published In March 2022
GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR.
CVSS Score
8.4
EPSS Score
0.001
Published
2022-03-23
Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.
CVSS Score
2.4
EPSS Score
0.001
Published
2022-03-23
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. This vulnerability may allow a remote, unauthenticated attacker to gain full access to the FactoryTalk AssetCentre main server and all agent machines.
CVSS Score
10.0
EPSS Score
0.003
Published
2022-03-23
A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.
CVSS Score
10.0
EPSS Score
0.001
Published
2022-03-23
The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements.
CVSS Score
10.0
EPSS Score
0.0
Published
2022-03-23
A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.
CVSS Score
10.0
EPSS Score
0.001
Published
2022-03-23
The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements.
CVSS Score
10.0
EPSS Score
0.001
Published
2022-03-23
A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.
CVSS Score
10.0
EPSS Score
0.004
Published
2022-03-23
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-03-23
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-03-23