A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access to any file on the device.

A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to any file on the device after the watchdog has been initialized.

An low privileged remote attacker can enforce the watchdog of the affected devices to reboot the PLC due to incorrect default permissions of a config file.

A vulnerability was found in code-projects Responsive Blog Site 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed …

An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.

An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.

An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.

An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.

A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root.

A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.