[EN] Multiple Vulnerabilities in Advantech EKI-15XX Series
Title: Multiple Vulnerabilities Product: Advantech EKI-1524-CE series, EKI-1522 series, EKI-1521 series Vulnerable version: 1.21 Fixed version: 1.24 CVE: CVE-2023-2573, CVE-2023-2574, CVE-2023-2575 Impact: High Homepage: https://advantech.com Found: 2023-03-06 Advantech EKI-1524/1522/1521 devices are prone to authenticated command injections and a buffer overflow vulnerability. These vulnerabilities can be used to execute arbitrary commands on OS level. "Advantech’s corporate vision is to enable an intelligent planet. The company is a global leader in the fields of IoT intelligent systems and embedded platforms. To embrace the trends of IoT, big data, and artificial...
[EN] Multiple Vulnerabilities in Korenix JetWave Series
Title: Multiple Vulnerabilities Product: JetWave4221 HP-E, JetWave 2212G, JetWave 2212X/2212S, JetWave 2211C, JetWave 2411/2111, JetWave 2411L/2111L, JetWave 2414/2114, JetWave 2424, JetWave 2460, JetWave 3220/3420 V3 Vulnerable version: See "Vulnerable Versions" Fixed version: See "Solution" CVE: CVE-2023-23294, CVE-2023-23295, CVE-2023-23296 Impact: High Homepage: https://korenix.com Found: 2022-11-28 Multiple JetWave products from Korenix are prone to command injection and denial of service (DoS) vulnerabilities. “Korenix Technology, a Beijer group company within the Industrial Communication business area, is a global leading manufacturer providing innovative, market-oriented, value-focused Industrial Wired and Wireless Networking Solutions. […] Our products...
[EN] Authenticated Command Injection in Delta Electronics DVW-W02W2-E2
Title: Authenticated Command Injection Product: Delta Electronics DVW-W02W2-E2 Vulnerable version: V2.42 Fixed version: V2.5.2 CVE: CVE-2022-42139 Impact: High Homepage: https://www.deltaww.com Found: 2022-08-01 Delta Electronics DVW-W02W2-E2 is prone to an authenticated command injection vulnerability. This vulnerability can be used to execute arbitrary commands on the device. "Delta, founded in 1971, is a global provider of power and thermal management solutions. Its mission statement, "To provide innovative, clean and energy -efficient solutions for a better tomorrow," focuses on addressing key environmental issues such as global climate change. As an energy-saving...
[EN] Multiple Vulnerabilities in Delta Electronics DX-2100-L1-CN
Title: Multiple Vulnerabilities Product: Delta Electronics DX-2100-L1-CN Vulnerable version: V1.5.0.10 Fixed version: V1.5.0.12 CVE: CVE-2022-42140, CVE-2022-42141 Impact: High Homepage: https://www.deltaww.com Found: 2022-08-01 Delta Electronics DX-2100-L1-CN is prone to authenticated command injection and a stored cross-site scripting (XSS) vulnerability. The XSS vulnerability can be used to execute arbitrary commands in the context of a user's browser. The command injection allows an attacker to execute system commands on the device itself. "Delta, founded in 1971, is a global provider of power and thermal management solutions. Its mission statement, "To provide...
[EN] Authenticated Command Injection in Hirschmann (Belden) BAT-C2
Title: Multiple Critical Vulnerabilities Product: Hirschmann (Belden) BAT-C2 Vulnerable version: 8.8.1.0R8 Fixed version: 09.13.01.00R04 CVE: CVE-2022-40282 Impact: High Homepage: https://hirschmann.com/ | https://beldensolutions.com Found: 2022-08-01 Hirschmann BAT-C2 is prone to an authenticated command injection vulnerability. This vulnerability can be used to execute arbitrary commands on the device. "The Technology and Market Leader in Industrial Networking. Hirschmann™ develops innovative solutions, which are geared towards its customers’ requirements in terms of performance, efficiency and investment reliability." Source: https://beldensolutions.com/en/Company/About_Us/belden_brands/index.phtml Hirschmann (Belden) BAT-C2 1) Authenticated Command Injection The web server of the device is prone to an...