Vulnerability Advisories

August 7, 2024

CVE-2024-32931

Johnson Controls

exacqVision Web Service

Use of GET Request Method With Sensitive Query Strings (Operator)

Medium

August 7, 2024

CVE-2024-32931

Johnson Controls

exacqVision Web Service

Use of GET Request Method With Sensitive Query Strings (Administrator)

Medium

July 5, 2024

CVE-2024-31199

Plug&Track

Sensor Net Connect V2

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

High

July 5, 2024

CVE-2024-3083

Plug&Track

Sensor Net Connect V2

Cross-Site Request Forgery (CSRF)

High

July 5, 2024

CVE-2024-3082

Plug&Track

Sensor Net Connect V2

Plaintext Storage of a Password

Medium

July 5, 2024

CVE-2024-31200

Plug&Track

Sensor Net Connect V2

Insertion of Sensitive Information Into Sent Data

Medium

July 5, 2024

CVE-2024-31202

Plug&Track

Thermoscan IP

Incorrect Permission Assignment for Critical Resource

High

July 5, 2024

CVE-2024-31201

Plug&Track

Thermoscan IP

Unquoted Search Path or Element

Medium

July 5, 2024

CVE-2024-31203

Plug&Track

Thermoscan IP

Stack-based Buffer Overflow

Low

May 14, 2024

CVE-2024-1630

GE HealthCare

Common Service Desktop

Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)

High

May 14, 2024

CVE-2024-1628

GE HealthCare

Common Service Desktop

Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)

High

May 14, 2024

CVE-2024-27110

GE HealthCare

EchoPAC Software Only (SWO), EchoPAC TurnKey and ImageVault

Execution with Unnecessary Privileges

High

May 14, 2024

CVE-2024-27109

GE HealthCare

EchoPAC Software Only (SWO), EchoPAC TurnKey and ImageVault

Insufficiently Protected Credentials

High

May 14, 2024

CVE-2024-27108

GE HealthCare

EchoPAC Software Only (SWO), EchoPAC TurnKey and ImageVault

Incorrect Permission Assignment for Critical Resource

Medium

May 14, 2024

CVE-2024-27107

GE HealthCare

EchoPAC Software Only (SWO), EchoPAC TurnKey and ImageVault

Use of Hard-coded Credentials

Critical

May 14, 2024

CVE-2024-27106

GE HealthCare

EchoPAC Software Only (SWO), EchoPAC TurnKey and ImageVault

Missing Encryption of Sensitive Data

Medium

May 14, 2024

CVE-2024-1629

GE HealthCare

Common Service Desktop

Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)

Medium

May 14, 2024

CVE-2024-1486

GE HealthCare

Ultrasound Imaging Families

Incorrect Permission Assignment for Critical Resource

High

May 14, 2024

CVE-2020-6977

GE HealthCare

Ultrasound Imaging Families

Execution with Unnecessary Privileges

Medium

May 14, 2024

CVE-2020-6977

GE HealthCare

Ultrasound Imaging Families

Protection Mechanism Failure

High

May 1, 2024

CVE-2023-6949

DJI

Mini Pro 3

DJI Mini Pro 3 Missing Authentication for Critical Function

Medium

May 1, 2024

CVE-2023-51456

DJI

Mavic 3

DJI Mavic 3 Series Improper Input Validation

Medium

May 1, 2024

CVE-2023-51455

DJI

Mavic 3

DJI Mavic 3 Series Improper Validation of Array

Medium

May 1, 2024

CVE-2023-51454

DJI

Mavic 3

DJI Mavic 3 Series Out-of-bounds Write

Medium

May 1, 2024

CVE-2023-51453

DJI

Mavic 3

DJI Mavic 3 Series Out-of-bounds Write

Low

May 1, 2024

CVE-2023-51452

DJI

Mavic 3

DJI Mavic 3 Series Out-of-bounds Write

Low

May 1, 2024

CVE-2023-6948

DJI

Mavic 3

DJI Mavic 3 Series Buffer Copy without Checking Size of Input

Low

May 1, 2024

CVE-2023-6950

DJI

Mini Pro 3

DJI Mini Pro 3 Improper Validation of Syntactic Correctness of Input

Low

May 1, 2024

CVE-2023-6951

DJI

Mavic 3

DJI Mavic 3 Series Small Space of Random Values

Medium

May 1, 2024

CVE-2024-23913

Merative

Merative Merge DICOM Toolkit C/C++ (Windows)

Use of Out-of-range Pointer Offset

Medium

May 1, 2024

CVE-2024-23914

Merative

Merative Merge DICOM Toolkit C/C++ (Windows)

Use of Externally-Controlled Format String

Medium

May 1, 2024

CVE-2024-23912

Merative

Merative Merge DICOM Toolkit C/C++ (Windows)

Out-of-bounds Read

Medium

February 22, 2017

CVE-2017-6017

Schneider Electric

Modicon M340 PLC

Uncontrolled Resource Consumption

High

August 14, 2018

CVE-2018-11453

Siemens

SIMATIC STEP 7 and SIMATIC WinCC

Unauthorized Code Execution

High

August 16, 2018

CVE-2018-14791

Emerson

DeltaV DCS Workstations

Unauthorized Code Execution

High

February 27, 2018

CVE-2018-5452

Emerson

ControlWave Micro Process Automation Controller

Denial of Service

High

March 29, 2018

CVE-2018-8836

WAGO

750 Series

Denial of Service

Medium

May 17, 2018

CVE-2018-8867

PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CPU320/CRU320, Rxi

Denial of Service

High

August 14, 2018

CVE-2018-11454

Siemens

SIMATIC STEP 7 and SIMATIC WinCC

Unauthorized Code Execution

High

April 30, 2019

CVE-2019-10952

Rockwell Automation

CompactLogix 5370

Stack-based Buffer Overflow

Critical

August 16, 2018

CVE-2018-14795

Emerson

DeltaV DCS Workstations

Unauthorized Code Execution

High

November 13, 2018

CVE-2018-13815

Siemens

SIMATIC S7

Denial of Service

High

September 20, 2018

CVE-2018-14827

Rockwell Automation

RSLinx Classic

Denial of Service

High

May 22, 2019

CVE-2019-10977

Mitsubishi Electric

MELSEC-Q Series Ethernet Module

Denial of Service

High

August 23, 2019

CVE-2019-10942

Siemens

SCALANCE X Switches

Denial of Service

High

January 17, 2020

CVE-2018-7794

Schneider Electric

Modicon Controllers

Denial of Service

High

January 19, 2021

CVE-2020-25173

Reolink

P2P protocol implementation

deobfuscation and credentials leak

High

July 30, 2020

CVE-2020-14496

Mitsubishi Electric

Multiple Factory Automation Engineering Software Products (Update A)

Permission Issues

High

January 19, 2021

CVE-2020-25169

Reolink

P2P protocol implementation

Video/audio Lack of Encryption and Stream Reconstruction

High

April 13, 2021

CVE-2021-27458

JTEKT

TOYOPUC products

Improper Resource Shutdown or Release

High

May 11, 2021

CVE-2019-19276

Siemens

HMI

out of bounds write over SNMP

Medium

June 30, 2021

CVE-2021-32934

ThroughTek

P2P protocol

deobfuscation

Critical

May 28, 2021

CVE-2021-20591

Mitsubishi Electric

MELSEC iQ-R Series products

Uncontrolled Resource Consumption

High

August 26, 2021

CVE-2021-32941

Annke

N48PBB

Stack-based Buffer Overflow

Critical

September 7, 2021

CVE-2021-20597

Mitsubishi Electric

MELSEC iQ-R Series CPU

CPU credentials leak

Critical

September 7, 2021

CVE-2021-20598

Mitsubishi Electric

MELSEC iQ-R Series CPU

CPU login denial of service

Medium

September 7, 2021

CVE-2021-20594

Mitsubishi Electric

MELSEC iQ-R Series CPU

Username Bruteforce

High

November 9, 2021

CVE-2021-22814

APC by Schneider Electric

Network Management Cards (NMC)

Cross-Site Scripting (XSS)

Medium

October 5, 2021

CVE-2021-31988

AXIS

AXIS OS

SMTP Header Injection in Email Test Functionality

High

October 5, 2021

CVE-2021-31987

AXIS

AXIS OS

Improper Recipient Validation in Network Test Functionalities

High

October 5, 2021

CVE-2021-31986

AXIS

AXIS OS

Heap based Buffer Overflow

Medium

November 18, 2021

CVE-2021-43548

Philips

Information Center iX (PIC iX)

denial of service

Medium

November 18, 2021

CVE-2021-43552

Philips

Information Center iX (PIC iX)

patient data backup hardcoded encryption key

Medium

October 14, 2021

CVE-2021-20599

Mitsubishi Electric

MELSEC iQ-R Series Safety CPU

Authorization Bypass

High

November 9, 2021

CVE-2021-22799

Schneider Electric

Software Update

Insufficient Entropy

Low

November 18, 2021

CVE-2021-43550

Philips

Patient Information Center iX (PIC iX) and Efficia CM Series

insecure communication

Medium

November 18, 2021

CVE-2021-33017

Philips

IntelliBridge EC 40/EC 80 Hub

unauthenticated administration interface

High

November 18, 2021

CVE-2021-43550

Philips

Patient Information Center iX (PIC iX) and Efficia CM Series

insecure communication

Medium

November 18, 2021

CVE-2021-43552

Philips

Information Center iX (PIC iX)

patient data backup hardcoded encryption key

Medium

May 17, 2022

CVE-2022-24045

Siemens

PXC4.E16

Session Cookie Attribute Issues

Medium

May 17, 2022

CVE-2022-24044

Siemens

PXC4.E16

Lack of anti-Password Spraying and Credential Stuffing Mechanism

High

December 21, 2021

CVE-2021-22825

APC by Schneider Electric

Network Management Cards (NMC)

Exposure of Sensitive Information to an Unauthorized Actor

High

November 18, 2021

CVE-2021-32993

Philips

IntelliBridge EC 40/EC 80 Hub

hardcoded credentials

High

February 16, 2022

CVE-2021-26726

Valmet

DNA

Remote Code Execution

High

May 12, 2022

CVE-2022-30295

uClibc, uClibc-ng libraries

uClibc, uClibc-ng

monotonically increasing DNS transaction ID

Medium

May 17, 2022

CVE-2022-24041

Siemens

PXC4.E16

Weak PBKDF2 Default Cost Factor

Medium

May 17, 2022

CVE-2022-24040

Siemens

PXC4.E16

DoS through Insufficiently-Constrained PBKDF2 Cost Factor

Medium

May 17, 2022

CVE-2022-24043

Siemens

PXC4.E16

Username Enumeration through Response Timing

Medium

May 17, 2022

CVE-2022-24042

Siemens

PXC4.E16

Insufficient Session Expiration

Critical

May 17, 2022

CVE-2022-24039

Siemens

PXC4.E16

XLS Injection

Critical

October 11, 2022

CVE-2022-30560

Dahua

ASI7XXXX

DoS through Uploaded Filename

High

October 12, 2022

CVE-2022-30563

Dahua

IPC-HDBW2XXX IPC-HFW2XXX ONVIF

Insufficient Replay Attacks Protection

High

October 12, 2022

Avalue

Renity ARTEMIS UWB RTLS

Insufficient Transport Layer Protection

High

October 12, 2022

CVE-2022-30562

Dahua

ASI7XXXX

Host Header Injection

Medium

October 12, 2022

Sewio

RTLS Studio

Insufficient Transport Layer Protection

High

October 12, 2022

CVE-2022-30561

Dahua

ASI7XXXX

Pass-the-Hash in Login

Medium

October 20, 2022

CVE-2022-40182

Siemens

Desigo PXM

Execution with Unnecessary Privileges

High

October 20, 2022

CVE-2022-40179

Siemens

Desigo PXM

Cross-Site Request Forgery (CSRF)

High

October 20, 2022

CVE-2022-40181

Siemens

Desigo PXM

Improper Neutralization of Encoded URI Schemes in a Web Page

High

October 20, 2022

CVE-2022-40176

Siemens

Desigo PXM

Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

High

October 20, 2022

CVE-2022-40180

Siemens

Desigo PXM

Cross-Site Request Forgery (CSRF)

Medium

October 20, 2022

CVE-2022-40178

Siemens

Desigo PXM

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

Medium

October 25, 2022

CVE-2021-4228

Lanner

IAC-AST2500A

Hard-coded TLS Certificate

Medium

October 20, 2022

CVE-2022-40177

Siemens

Desigo PXM

Exposure of Sensitive Information to an Unauthorized Actor

Medium

October 26, 2022

CVE-2021-26727

Lanner

IAC-AST2500A

spx_restservice SubNet_handler_func Multiple Command Injections and Stack-Based Buffer Overflows

Critical

October 30, 2022

CVE-2021-26733

Lanner

IAC-AST2500A

spx_restservice FirstReset_handler_func Broken Access Control

Medium

October 27, 2022

CVE-2021-26728

Lanner

IAC-AST2500A

spx_restservice KillDupUsr_func Command Injection and Stack-Based Buffer Overflow

Critical

October 28, 2022

CVE-2021-26729

Lanner

IAC-AST2500A

spx_restservice Login_handler_func Command Injection and Multiple Stack-Based Buffer Overflows

Critical

October 29, 2022

CVE-2021-26731

Lanner

IAC-AST2500A

spx_restservice modifyUserb_func Command Injection and Multiple Stack-Based Buffer Overflows

Critical

CVE ID

CVE-2025-41670

Vendor

Phoenix Contact

Product

PLCnext family

Date Published

May 27, 2026

Type

Uncontrolled Search Path Element

Risk Score

High

Details

CVE ID

CVE-2025-41669

Vendor

Phoenix Contact

Product

PLCnext family

Date Published

May 27, 2026

Type

Improper Verification of Cryptographic Signature

Risk Score

High

Details

CVE ID

CVE-2025-41281

Vendor

Waterfall

Product

WF-500

Date Published

May 29, 2026

Type

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Risk Score

High

Details

CVE ID

CVE-2025-41280

Vendor

Waterfall

Product

WF-500

Date Published

May 29, 2026

Type

Relative Path Traversal

Risk Score

High

Details

CVE ID

CVE-2025-41279

Vendor

Waterfall

Product

WF-500

Date Published

May 29, 2026

Type

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Risk Score

High

Details

CVE ID

CVE-2025-41278

Vendor

Waterfall

Product

WF-500

Date Published

May 29, 2026

Type

Out-of-bounds Read

Risk Score

High

Details

CVE ID

CVE-2025-41277

Vendor

Waterfall

Product

WF-500

Date Published

May 29, 2026

Type

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Risk Score

Critical

Details

CVE ID

CVE-2025-41276

Vendor

Waterfall

Product

WF-500

Date Published

May 29, 2026

Type

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Risk Score

Critical

Details

CVE ID

CVE-2025-41275

Vendor

Waterfall

Product

WF-500

Date Published

May 29, 2026

Type

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Risk Score

Critical

Details

CVE ID

CVE-2025-41274

Vendor

Waterfall

Product

WF-500

Date Published

May 29, 2026

Type

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Risk Score

Critical

Details

CVE ID

CVE-2025-41273

Vendor

Waterfall

Product

WF-500

Date Published

May 29, 2026

Type

Authentication Bypass Using an Alternate Path or Channel

Risk Score

Critical

Details

CVE ID

CVE-2025-41272

Vendor

Waterfall

Product

WF-500

Date Published

May 29, 2026

Type

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Risk Score

Critical

Details

CVE ID

CVE-2025-41271

Vendor

Waterfall

Product

WF-500

Date Published

May 29, 2026

Type

Relative Path Traversal

Risk Score

High

Details

CVE ID

CVE-2025-41270

Vendor

Waterfall

Product

WF-500

Date Published

May 29, 2026

Type

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Risk Score

Critical

Details

CVE ID

CVE-2025-41269

Vendor

Waterfall

Product

WF-500

Date Published

May 29, 2026

Type

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Risk Score

Critical

Details