Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ak\-Em100_firmware
(Danfoss)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 7 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-06-11 | CVE-2023-25911 | The Danfoss AK-EM100 web applications allow for an authenticated user to perform OS command injection through the web application parameters. | Ak\-Em100_firmware | 8.8 | ||
| 2023-06-11 | CVE-2023-22582 | The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting. | Ak\-Em100_firmware | 6.1 | ||
| 2023-06-11 | CVE-2023-22583 | The Danfoss AK-EM100 web forms allow for SQL injection in the login forms. | Ak\-Em100_firmware | 9.8 | ||
| 2023-06-11 | CVE-2023-22584 | The Danfoss AK-EM100 stores login credentials in cleartext. | Ak\-Em100_firmware | 7.5 | ||
| 2023-06-11 | CVE-2023-22585 | The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting in the title parameter. | Ak\-Em100_firmware | 6.1 | ||
| 2023-06-11 | CVE-2023-22586 | The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter. | Ak\-Em100_firmware | 7.5 | ||
| 2023-06-11 | CVE-2023-25912 | The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values. | Ak\-Em100_firmware | 5.3 |