Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. Date published : 2021-08-31 https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm https://support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-EmailWebPage-Command-Injection-RCE-CVE-2021-35220?language=en_US
ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page. Date published : 2021-08-31 https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm https://support.solarwinds.com/SuccessCenter/s/article/Mitigate-the-ExportToPdfCmd-Arbitrary-File-Read-Information-Disclosure-CVE-2021-35219?language=en_US
An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is...
An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including...
Missing Release of Resource after Effective Lifetime vulnerability in OpenSSL implementation of WAGO 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 in versions FW4 up to FW15 allows an unauthenticated attacker to cause DoS on the device. Date...
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up...
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials. Date published : 2021-08-31 https://cert.vde.com/en-us/advisories/vde-2021-027
Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user’s credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9. Date published : 2021-08-31 https://cert.vde.com/en-us/advisories/vde-2021-027
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie’s value to be read or set by client-side JavaScript. Date published : 2021-08-31 https://cert.vde.com/en-us/advisories/vde-2021-027
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application’s response. Date published : 2021-08-31 https://cert.vde.com/en-us/advisories/vde-2021-027
In PEPPERL+FUCHS WirelessHART-Gateway
In PEPPERL+FUCHS WirelessHART-Gateway
In PEPPERL+FUCHS WirelessHART-Gateway
In PEPPERL+FUCHS WirelessHART-Gateway