Vulnerabilities - Yack CVE

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-6567 1Siemens 4Scalance X 200 Firmware Scalance X 200irt FirmwareScalance X 300 Firmware+1 more Jun 17, 2026 Jun 12, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300...Show more A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords.Show less
CVE-2019-6566 1Ge 1Ge Communicator Jun 17, 2026 May 9, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the uninstaller with a malicious version, which could allow an attacker to gain administrator privileges to the system.
CVE-2019-6565 1Moxa 4Eds 405a Firmware Eds 408a FirmwareEds 510a Firmware+1 more Jun 17, 2026 Mar 5, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script.
CVE-2019-6564 1Ge 1Ge Communicator Jun 17, 2026 May 9, 2019 N/A· v4 7.8 HIGH· v3 6.9 MEDIUM· v2 GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system dur...Show more GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade.Show less
CVE-2019-6563 1Moxa 4Eds 405a Firmware Eds 408a FirmwareEds 510a Firmware+1 more Jun 17, 2026 Mar 5, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device.
CVE-2019-6562 1Philips 1Tasy Emr Jun 17, 2026 May 1, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2019-6561 1Moxa 4Eds 405a Firmware Eds 408a FirmwareEds 510a Firmware+1 more Jun 17, 2026 Mar 5, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device.
CVE-2019-6559 1Moxa 4Eds 405a Firmware Eds 408a FirmwareEds 510a Firmware+1 more Jun 17, 2026 Mar 5, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash.
CVE-2019-6557 1Moxa 4Eds 405a Firmware Eds 408a FirmwareEds 510a Firmware+1 more Jun 17, 2026 Mar 5, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution.
CVE-2019-6556 1Omron 2Common Components Cx Programmer Jun 17, 2026 Apr 10, 2019 N/A· v4 6.6 MEDIUM· v3 6.8 MEDIUM· v2 When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafte...Show more When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.Show less
CVE-2019-6555 1Hornerautomation 1Cscape Jun 17, 2026 Feb 28, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Cscape, 9.80 SP4 and prior. An improper input validation vulnerability may be exploited by processing specially crafted POC files. This may allow an attacker to read confidential information and remotely execute arbitrar...Show more Cscape, 9.80 SP4 and prior. An improper input validation vulnerability may be exploited by processing specially crafted POC files. This may allow an attacker to read confidential information and remotely execute arbitrary code.Show less
CVE-2019-6554 1Advantech 1Webaccess Jun 17, 2026 Apr 5, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition.
CVE-2019-6553 1Rockwellautomation 1Rslinx Jun 17, 2026 Apr 4, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. An input validation issue in a .dll file of RSLinx Classic where the data in a Forward Open service request is passed to a fixed...Show more A vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. An input validation issue in a .dll file of RSLinx Classic where the data in a Forward Open service request is passed to a fixed size buffer, allowing an attacker to exploit a stack-based buffer overflow condition.Show less
CVE-2019-6552 1Advantech 1Webaccess Jun 17, 2026 Apr 5, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution.
CVE-2019-6551 1Pangea Comm 1Fax Ata Jun 17, 2026 Feb 28, 2019 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior allow an attacker to bypass user authentication using a specially crafted URL to cause the device to reboot, which may be used to cause a continual deni...Show more Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior allow an attacker to bypass user authentication using a specially crafted URL to cause the device to reboot, which may be used to cause a continual denial-of-service condition.Show less
CVE-2019-6550 1Advantech 1Webaccess Jun 17, 2026 Apr 5, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution.
CVE-2019-6549 1Kunbus 1Pr100088 Modbus Gateway Firmware Jun 17, 2026 Feb 12, 2019 N/A· v4 7.2 HIGH· v3 4.0 MEDIUM· v2 An attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) through FTP.
CVE-2019-6548 1Ge 1Ge Communicator Jun 17, 2026 May 9, 2019 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall...Show more GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user.Show less
CVE-2019-6547 1Deltaww 1Screeneditor Jun 17, 2026 Feb 28, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.84 and prior. An out-of-bounds read vulnerability may cause the software to crash due to lacking user input validation for processing project files.
CVE-2019-6546 1Ge 1Ge Communicator Jun 17, 2026 May 9, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements.
CVE-2019-6545 1Aveva 2Indusoft Web Studio Intouch Machine Edition 2014 Jun 17, 2026 Feb 13, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database...Show more AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server machine.Show less
CVE-2019-6544 1Ge 1Ge Communicator Jun 17, 2026 May 9, 2019 N/A· v4 5.6 MEDIUM· v3 6.8 MEDIUM· v2 GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scrip...Show more GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges. This service is inaccessible to attackers if Windows default firewall settings are used by the end user.Show less
CVE-2019-6543 1Aveva 2Indusoft Web Studio Intouch Machine Edition 2014 Jun 17, 2026 Feb 13, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could le...Show more AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine.Show less
CVE-2019-6542 1Enttec 3Datagate Mk2 Firmware Pixelator FirmwareStorm 24 Firmware Jun 17, 2026 Mar 28, 2019 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to (70044,70050,70060)_update_05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause a denial of service c...Show more ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to (70044,70050,70060)_update_05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause a denial of service condition.Show less
CVE-2019-6541 1We Con 1Levistudiou Jun 17, 2026 Feb 13, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A memory corruption vulnerability has been identified in WECON LeviStudioU version 1.8.56 and prior, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero D...Show more A memory corruption vulnerability has been identified in WECON LeviStudioU version 1.8.56 and prior, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.Show less

Previous 1...707172...14337 Next

Vulnerabilities (CVE)