Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 216078 entries
IDDescriptionPriorityModified date
CVE-2018-4839 A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions < V4.70), SIPROTEC 4 7SJ61 (All versions < V4.96), SIPROTEC 4 7SJ62 (All versions < V4.96), SIPROTEC 4 7SJ64 (All versions < V4.96), SIPROTEC 4 7SJ66 (All versions < V4.30), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords. LOW Mar 8, 2018
CVE-2018-4838 A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities. MEDIUM Mar 8, 2018
CVE-2018-4837 A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with access to the TeleControl Server Basic's webserver (port 80/tcp or 443/tcp) could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected by the Denial-of-Service condition. MEDIUM Jan 27, 2018
CVE-2018-4836 A vulnerability has been identified in TeleControl Server Basic < V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations. MEDIUM Jan 25, 2018
CVE-2018-4835 A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information. MEDIUM Jan 25, 2018
CVE-2018-4834 A vulnerability has been identified in Desigo Automation Controllers Products and Desigo Operator Unit PXM20-E. A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication. HIGH Jan 24, 2018
CVE-2018-4833 A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client\'s DHCP request. MEDIUM Jun 14, 2018
CVE-2018-4832 A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions < 15 SP1), SIMATIC PCS 7 V7.1 and earlier (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP1), SIMATIC Route Control V7.1 and earlier (All versions), SIMATIC Route Control V8.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Upd2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Upd5), SIMATIC WinCC V7.2 and earlier (All versions < WinCC 7.2 Upd 15), SIMATIC WinCC V7.3 (All versions < WinCC 7.3 Upd 16), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 4), SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Specially crafted messages sent to the RPC service of the affected products could cause a Denial-of-Service condition on the remote and local communication functionality of the affected products. A reboot of the system is required to recover the remote and local communication functionality. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. MEDIUM Apr 24, 2018
CVE-2018-4831 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4830 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4829 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4828 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4827 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4826 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4825 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4824 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4823 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4822 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4821 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4820 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4819 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4818 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4817 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4816 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4815 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4814 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4813 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4812 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4811 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4810 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4809 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4808 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4807 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4806 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4805 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4804 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4803 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4802 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4801 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4800 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4799 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4798 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4797 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4796 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4795 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4794 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4793 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4792 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4791 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
CVE-2018-4790 Rejected reason: This candidate is unused by its CNA. -- Nov 7, 2023
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online