Danfoss: Security Vulnerabilities
Due to improper input validation, an authenticated remote attacker could execute arbitrary commands on the target system.
CVSS Score
9.9
EPSS Score
0.009
Published
2023-08-21
Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-08-21
Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-21
The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting.
CVSS Score
9.0
EPSS Score
0.001
Published
2023-06-11
The Danfoss AK-EM100 web forms allow for SQL injection in the login forms.
CVSS Score
10.0
EPSS Score
0.001
Published
2023-06-11
The Danfoss AK-EM100 stores login credentials in cleartext.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-06-11
The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting in the title parameter.
CVSS Score
9.0
EPSS Score
0.001
Published
2023-06-11
The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter.
CVSS Score
7.7
EPSS Score
0.001
Published
2023-06-11
The Danfoss AK-EM100 web applications allow for an authenticated user to perform OS command injection through the web application parameters.
CVSS Score
9.9
EPSS Score
0.007
Published
2023-06-11
The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-06-11
Page 1