Danfoss: >> Ak-Em100 Firmware Security Vulnerabilities
The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting.
CVSS Score
9.0
EPSS Score
0.001
Published
2023-06-11
The Danfoss AK-EM100 web forms allow for SQL injection in the login forms.
CVSS Score
10.0
EPSS Score
0.001
Published
2023-06-11
The Danfoss AK-EM100 stores login credentials in cleartext.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-06-11
The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting in the title parameter.
CVSS Score
9.0
EPSS Score
0.001
Published
2023-06-11
The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter.
CVSS Score
7.7
EPSS Score
0.001
Published
2023-06-11
The Danfoss AK-EM100 web applications allow for an authenticated user to perform OS command injection through the web application parameters.
CVSS Score
9.9
EPSS Score
0.007
Published
2023-06-11
The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-06-11