Xarrow: Security Vulnerabilities
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-05-16
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘edate’ of the resource xhisalarm.htm, which may allow an unauthorized attacker to execute arbitrary code.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-05-16
xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges.
CVSS Score
5.6
EPSS Score
0.001
Published
2022-05-16
The server in xArrow before 3.4.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors.
CVSS Score
7.8
EPSS Score
0.005
Published
2012-05-25
Heap-based buffer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via packets that trigger an invalid free operation.
CVSS Score
10.0
EPSS Score
0.032
Published
2012-05-25
Integer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via a crafted packet that triggers an out-of-bounds read operation.
CVSS Score
10.0
EPSS Score
0.019
Published
2012-05-25
The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS Score
10.0
EPSS Score
0.03
Published
2012-05-25