Security Vulnerabilities - CVEs Published In May 2023
Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with
Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote
attacker to potentially steal user credentials that are stored in the user’s browsers local storage via
cross-site-scripting attacks.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-05-15
Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-05-15
An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition.
CVSS Score
6.5
EPSS Score
0.003
Published
2023-05-15
An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation.
CVSS Score
6.5
EPSS Score
0.004
Published
2023-05-15
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Subscribers.Com Subscribers plugin <= 1.5.3 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-05-15
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shopfiles Ltd Ebook Store plugin <= 5.775 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-05-15
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
CVSS Score
8.8
EPSS Score
0.037
Published
2023-05-15
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
CVSS Score
8.8
EPSS Score
0.037
Published
2023-05-15
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
CVSS Score
8.8
EPSS Score
0.019
Published
2023-05-15
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.
CVSS Score
8.8
EPSS Score
0.037
Published
2023-05-15