Security Vulnerabilities - CVEs Published In August 2021
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-08-03
All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-08-03
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-08-03
A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGroupLogs.php start and end parameters.
CVSS Score
8.8
EPSS Score
0.343
Published
2021-08-03
A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter.
CVSS Score
8.8
EPSS Score
0.343
Published
2021-08-03
A SQL injection vulnerability in a MediaWiki script in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote unauthenticated attackers to execute arbitrary SQL commands via the host_name and service_description parameters. The vulnerability can be exploited only when a valid Knowledge Base URL is configured on the Knowledge Base configuration page and points to a MediaWiki instance. This relates to the proxy feature in class/centreon-knowledge/ProceduresProxy.class.php and include/configuration/configKnowledge/proxy/proxy.php.
CVSS Score
9.8
EPSS Score
0.021
Published
2021-08-03
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-08-03
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-08-03
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.
CVSS Score
6.1
EPSS Score
0.007
Published
2021-08-03
Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-08-03