Security Vulnerabilities - CVEs Published In September 2024
Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication.
CVSS Score
7.5
EPSS Score
0.004
Published
2024-09-04
Directory traversal vulnerability in the cust module
Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
CVSS Score
6.1
EPSS Score
0.004
Published
2024-09-04
Access permission verification vulnerability in the WMS module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-09-04
Vulnerability of resources not being closed or released in the keystore module
Impact: Successful exploitation of this vulnerability will affect availability.
CVSS Score
4.0
EPSS Score
0.0
Published
2024-09-04
Vulnerability of permission verification for APIs in the DownloadProviderMain module
Impact: Successful exploitation of this vulnerability will affect availability.
CVSS Score
5.1
EPSS Score
0.001
Published
2024-09-04
Permission control vulnerability in the software update module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
4.0
EPSS Score
0.002
Published
2024-09-04
Access control vulnerability in the SystemUI module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-09-04
Input verification vulnerability in the system service module
Impact: Successful exploitation of this vulnerability will affect availability.
CVSS Score
6.2
EPSS Score
0.001
Published
2024-09-04
Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user credentials of the PLC or Operator Interfaces. As a result, an attacker may be able to manipulate and/or suspend the PLC and Operator Interfaces by accessing or hijacking them.
CVSS Score
8.1
EPSS Score
0.003
Published
2024-09-04
Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated.
CVSS Score
4.6
EPSS Score
0.0
Published
2024-09-04