Filtered by vendor Danfoss
Subscribe
Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25915 | 1 Danfoss | 2 Ak-sm 800a, Ak-sm 800a Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| Due to improper input validation, a remote attacker could execute arbitrary commands on the target system. | |||||
| CVE-2023-25913 | 1 Danfoss | 2 Ak-sm 800a, Ak-sm 800a Firmware | 2023-12-10 | N/A | 7.5 HIGH |
| Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information. | |||||
| CVE-2023-25914 | 1 Danfoss | 2 Ak-sm 800a, Ak-sm 800a Firmware | 2023-12-10 | N/A | 7.5 HIGH |
| Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface. | |||||
| CVE-2023-22586 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2023-12-10 | N/A | 7.5 HIGH |
| The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter. | |||||
| CVE-2023-25912 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2023-12-10 | N/A | 5.3 MEDIUM |
| The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values. | |||||
| CVE-2023-22584 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2023-12-10 | N/A | 7.5 HIGH |
| The Danfoss AK-EM100 stores login credentials in cleartext. | |||||
| CVE-2023-22585 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2023-12-10 | N/A | 6.1 MEDIUM |
| The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting in the title parameter. | |||||
| CVE-2023-22583 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| The Danfoss AK-EM100 web forms allow for SQL injection in the login forms. | |||||
| CVE-2023-25911 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| The Danfoss AK-EM100 web applications allow for OS command injection through the web application parameters. | |||||
| CVE-2023-22582 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2023-12-10 | N/A | 6.1 MEDIUM |
| The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting. | |||||