Shodan
Vulnerabilities
Vulnerable Software
Meteocontrol:  Security Vulnerabilities
CVE-2016-4504
A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-03-21
CVE-2016-2298
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.73
Published
2016-05-14
CVE-2016-2297
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature."
CVSS Score
9.4
EPSS Score
0.016
Published
2016-05-14
CVE-2016-2296
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
CVSS Score
9.4
EPSS Score
0.753
Published
2016-05-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved