Controlbyweb: Security Vulnerabilities
The affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user's session.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-12-07
Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code.
CVSS Score
9.1
EPSS Score
0.001
Published
2023-02-13
Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker.
CVSS Score
4.5
EPSS Score
0.001
Published
2023-02-13
A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory reset is required to restore the device to an operational state.
CVSS Score
6.5
EPSS Score
0.007
Published
2019-03-21
A stored cross-site scripting (XSS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface.
CVSS Score
5.4
EPSS Score
0.004
Published
2019-03-21