Type Automation Software

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Vendor »

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector »

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication »

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction »

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index »

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume »

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities »

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (432): 3scale API Management, Adobe Stock API, Allround Automations PL-SQL Developer, Amazon Elastic Load Balancing API Tools, American Auto-Matrix Aspect-Matrix Building Automation Front-End, American Auto-Matrix Aspect-Nexus Building Automation Front-End, Andrew Sterling Hanenkamp Rest API module, Ansible Automation Platform, Ansible Tower, Apache Sling API, Apache Sling Servlets Post, Apache Sling XSS Protection API, API Platform, Apple Exposure Notification API, AutomatedShops WebC.cgi, Automatedsolutions Modbus, Automatedsolutions TCP Master OPC Server, Automated Logic WebCTRL, Automated Logic WebCTRL OEM, Automated Solutions Modbus Slave ActiveX Control, Automation, AutomationDirect C-More Micro, AutomationDirect C-More Programming Software, AutomationDirect CLICK Programming Software, AutomationDirect GS Drives Configuration Software, AutomationDirect SL-SOFT SOLO, Automation License Manager, Bitpay Insight-api, Blue Prism Robotic Process Automation, BMC BladeLogic Server Automation, BMC Server Automation, B&R Automation Runtime, B&R Automation Studio, B&R Industrial Automation APROL, CA API Developer Portal, CA API Gateway, CA Automic Workload Automation, CA Client Automation, CA Release Automation, CA Workload Automation AE, CASAP Automated Enrollment System, Cisco Business Process Automation, Cisco Cloud Network Automation Provisioner, Cisco Crosswork Change Automation, Cisco Tidal Enterprise Scheduler, Cisco Umbrella API, Cisco Workload Automation, CloudForms API, Cmsnx Automated Link Exchange Portal, CODESYS Automation Server, Code Coverage API Plugin, Cortexa Automation 7202 Home Automation Controller, DataFeedFile Dff Framework Api, Delta Electronics Automation TPEditor, Delta Electronics Delta Industrial Automation DOPSoft, Delta Electronics Delta Industrial Automation PMSoft, Delta Electronics Delta Industrial Automation Screen Editor, Delta Electronics Industrial Automation COMMGR, Delta Electronics Industrial Automation Screen Editor, Delta Industrial Automation CNCSoft, Delta Industrial Automation CNCSoft-B, Delta Industrial Automation CNCSoft ScreenEditor, Delta Industrial Automation DOPSoft, Delta Industrial Automation TPEditor, Dillon Kane Tidal Workload Automation Agent, Divante storefront-api, Divante vue-storefront-api, Dolby Audio X2 API, Dolby DAX2 API, ECharts API Plugin, eGain Web Email API 11+, EMC RSA Authentication Agent API, EMC RSA Authentication Agent SDK, EMC RSA Authentication API, Emerson GE Automation Proficy Machine Edition, Emmanuel MyDomoAtHome REST API Domoticz ISS Gateway, Entity Api, Entity API module, Fatek Automation Communication Server, Fatek Automation FV Designer, Fatek Automation PLC Ethernet Module, Fatek Automation PM Designer V3, Fatek Automation WinProladder, GNU wget, Google API Search, Google Exposure Notification API, Google Sign-In with Google API C++ Client, Greyware Automation Products Domain Time II, Harbor API, Hirschmann Automation Control HiOS, Hirschmann Automation HiSecOS, Hitachi Automation Director, Hitachi Command Suite, HM Courts & Tribunals ccd-data-store-api, HomeAutomation, Horner Automation Cscape, HP Business Service Automation Essentials, HP Client Automation Enterprise, HP Client Automation Enterprise Infrastructure, HP Continuous Delivery Automation, HP Database, HP Middleware Automation, HP Network Automation, HP Persistent Accelerite Radia Client Automation, HP Radia Client Automation, HPE StorageWorks XP7 Automation Director, HPE Universal API Framework, IBM API Connect, IBM API Connect Developer Portal, IBM API Management, IBM Business Automation Content Analyzer on Cloud, IBM Business Automation Workflow, IBM Case Manager, IBM Cloud Automation Manager, IBM Cloud Pak for Automation, IBM Rational Automation Framework, IBM Robotic Process Automation with Automation Anywhere, IBM Runbook Automation, IBM Tivoli Service Automation Manager, IBM Tivoli Workload Automation for AIX, IBM Workload Automation, IDAutomation PDF417 Barcode, ID Automation Linear Barcode, Igniterealtime Smack Api, Inductive Automation Ignition, Inductive Automation Ignition, Infinite Automation Mango Automation, Infinite Automation Systems Mango Automation, JavaScript WebGL API, Karotz API, larvitbase-api, Liebert MultiLink Automated Shutdown, Mathijs Koenraadt Search API Sorts, Micro Focus Data Center Automation Containerized Suite, Micro Focus Hybrid Cloud Management Containerized Suite, Micro Focus Network Automation, Micro Focus Network Operations Management Suite, Micro Focus Operations Bridge Containerized Suite, Micro Focus Secure API Manager, Micro Focus Service Management Automation, Micro Focus Service Management Automation Suite, Micro Focus Service Manager Automation, Micro Focus Application Automation Tools Plugin, Mitsubishi-automation Mitsubishi MX Component, Moxa, Moxa 5232-N, Moxa ActiveX SDK, Moxa Active OPC Server, Moxa Camera VPort 06EC-2V, Moxa DACenter, Moxa Device Management, Moxa EDR-810, Moxa EDR-G902, Moxa EDR-G903, Moxa EDR 810, Moxa EDS, Moxa EDS-405A, Moxa EDS-408A, Moxa EDS-510A, Moxa EDS-G508E, Moxa EDS-G512E, Moxa EDS-G516E, Moxa G3100V2, Moxa IKS, Moxa IKS-G6824A, Moxa ioAdmin Configuration Utility, Moxa ioLogik, Moxa ioLogik 2500, Moxa ioLogik 2542-HSPA, Moxa ioLogik E2200, Moxa Ioxpress Configuration Utility, Moxa IOxpress Configuration Utility, Moxa MDM Tool, Moxa MGate 5105-MB-EIP, Moxa MGate MB3170, Moxa MGate MB3180, Moxa Mgate MB3180, Moxa MGate MB3270, Moxa MGate MB3280, Moxa MGate MB3480, Moxa MGate MB3660, Moxa MiiNePort, Moxa MX-AOPC Server, Moxa MXView, Moxa MXview Network Management, Moxa NPort, Moxa NPort 5110, Moxa NPort 5130, Moxa NPort 5150, Moxa NPort 5150A, Moxa NPort 5210, Moxa NPort 5230, Moxa NPort 5232, Moxa NPort IA5000A, Moxa NPort IA5150A, Moxa NPort IA5150A-IEX, Moxa NPort IA5150A-T, Moxa NPort IA5150A-T-IEX, Moxa NPort IA5150AI, Moxa NPort IA5150AI-IEX, Moxa NPort IA5150AI-T, Moxa NPort IA5150AI-T-IE, Moxa NPort IA5250A, Moxa NPort IA5250A-IEX, Moxa NPort IA5250A-T, Moxa NPort IA5250A-T-IEX, Moxa NPort IA5250AI, Moxa NPort IA5250AI-IEX, Moxa NPort IA5250AI-T, Moxa NPort IA5250AI-T-IE, Moxa NPort IA5450A, Moxa NPort IA5450A-T, Moxa NPort IA5450AI, Moxa NPort IA5450AI-T, Moxa NPort IAW5000A-IO, Moxa NPort W2x50A, Moxa NPort W2150A, Moxa NPort W2250A, Moxa OnCell, Moxa OnCell 5004, Moxa OnCell 5104, Moxa OnCell Central Manager, Moxa OnCell G3100-HSPA, Moxa OnCell G3110, Moxa OnCell G3111, Moxa OnCell G3150, Moxa OnCell G3151, Moxa OnCell G3211, Moxa OnCell G3251, Moxa OnCell G3470A-LTE, Moxa OnCell G3470A-LTE-EU, Moxa OnCell G3470A-LTE-EU-T, Moxa Oncell Gateway G3211, Moxa PT-7528, Moxa PT-7728, Moxa PT-7828, Moxa SoftCMS, Moxa SoftCMS Live Viewer, Moxa SoftNVR-IA Live Viewer, Moxa TAP-323-EU-CT-T, Moxa TAP-323-JP-CT-T, Moxa TAP-323-US-CT-T, Moxa ThingsPro, Moxa ThingsPro IIoT Gateway, Moxa UC-7408 LX-Plus, Moxa VPort 461, Moxa VPort ActiveX SDK, Moxa WAC-1001, Moxa WAC-1001-T, Moxa WAC-2004, Moxa WDR-3124A-EU, Moxa WDR-3124A-EU-T, Moxa WDR-3124A-US, Moxa WDR-3124A-US-T, Mulesoft, MuleSoft API Gateay, MuleSoft Mule Community Edition, MuleSoft Mule Enterprise Edition, Mulesoft API Gateway, mz-automation libIEC61850, MZ Automation lib60870.NET, NetApp OnCommand API Services, NetApp OnCommand Workflow Automation, NetApp Service Level Manager, NETxAutomation NETxEIB, Nortek Linear eMerge 50P, Nortek Linear eMerge 5000P, Nortek Linear eMerge E3, OnCommand Workflow Automation, Open Automation OPC Systems.NET, Open Build Service API, Opsware Network Automation System, Optimalpayments Neteller Direct Payment Api, Oracle API Gateway, Oracle Policy Automation, Oracle Policy Automation Connector for Siebel, Oracle Siebel Core - Automation, OSIsoft PI API, OSIsoft PI Asset Framework Client, OSIsoft PI Buffer Subsystem, OSIsoft PI Connector, OSIsoft PI Coresight, OSIsoft PI Data Archive, OSIsoft PI Data Collection Manager, OSIsoft PI Integrator for Business Analytics, OSIsoft PI Interface Configuration Utility, OSIsoft PI Software Development Kit, OSIsoft PI to OCS, OSIsoft PI Web API, OSIsoft PI Web API 2015 R2, OWASP Enterprise Security API, Panasonic Security API ActiveX SDK, Passbolt API, Persistent Systems Radia Client Automation, Phoenix Contact Classic Automation Worx Software Suite, PHP Scripts Mall API Based Travel Booking, Progress MOVEit Automation, Redgate SQL Change Automation Plugin, Redwood SAP Business Process Automation, Red Hat 3scale API Management Platform, Rockwell Automation Arena, Rockwell Automation Connected Components Workbench, Rockwell Automation FactoryTalk Activation, Rockwell Automation FactoryTalk Alarms, Rockwell Automation Integrated Architecture Builder, Rockwell Automation PanelView Plus, Rockwell Automation RSLogix Micro Starter Lite, Rockwell Events, Rockwell RSLogix 500 Professional Edition, Rockwell RSLogix 500 Standard Edition, Rockwell RSLogix 500 Starter Edition, Rockwell RSLogix Micro Developer, Rockwellautomation 1756-ENBT series A, Rockwellautomation Ab Micrologix Controller, Rockwellautomation Ab Micrologix Controller 1100, Rockwellautomation Armor Compact GuardLogix 5370, Rockwellautomation CompactLogix 5370 L1, Rockwellautomation CompactLogix 5370 L2, Rockwellautomation CompactLogix 5370 L3, Rockwellautomation Compact GuardLogix 5370, Rockwellautomation FactoryTalk, Rockwellautomation FactoryTalk Diagnostics Viewer, Rockwellautomation RSLinx Classic, Rockwellautomation RSLogix, Rockwell Automation 0x, Rockwell Automation 1747-L5x, Rockwell Automation 5000 Logix Designer, Rockwell Automation Arena Simulation Software, Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Rockwell Automation A Ethernet, Rockwell Automation CompactLogix 1768-EWEB, Rockwell Automation CompactLogix 5370 L1, Rockwell Automation CompactLogix 5370 L2, Rockwell Automation CompactLogix 5370 L3, Rockwell Automation CompactLogix GuardLogix, Rockwell Automation Connected Components Workbench, Rockwell Automation ControlFLASH, Rockwell Automation ControlFLASH Plus, Rockwell Automation Controllogix 1756-ENBT, Rockwell Automation Drives AOP, Rockwell Automation DriveTools SP, Rockwell Automation EtherNet-IP Web Server Module 1756-EWEB, Rockwell Automation FactoryTalk Asset Centre, Rockwell Automation FactoryTalk Diagnostics Viewer, Rockwell Automation FactoryTalk Linx, Rockwell Automation FactoryTalk Linx CommDTM, Rockwell Automation FactoryTalk Services Platform, Rockwell Automation FactoryTalk View SE, Rockwell Automation FactoryTalk View SEA, Rockwell Automation Flex IO, Rockwell Automation IP Bridge, Rockwell Automation Logix Designer Studio 5000, Rockwell Automation Micro800, Rockwell Automation MicroLogix 1100, Rockwell Automation MicroLogix 1400, Rockwell Automation PanelView 5510, Rockwell Automation PLC5, Rockwell Automation PowerFlex 525 AC Drives, Rockwell Automation RSLinx Classic, Rockwell Automation RSLinx Enterprise, Rockwell Automation RSLinx Enterprise Software, Rockwell Automation RSLogix 500, Rockwell Automation RSLogix 1785-Lx, Rockwell Automation RSLogix 5000, Rockwell Automation SLC5, Rockwell Automation Studio 5000 Launcher, Rockwell Automation Studio 5000 Logix Designer, Rockwell Automation Allen-Bradley Allen-Bradley CompactLogix 1769-L, Rockwell Automation Allen-Bradley Logix5000, Rockwell Automation Allen-Bradley MicroLogix, Rockwell Automation Allen-Bradley MicroLogix 1100, Rockwell Automation Allen-Bradley MicroLogix 1400, Rockwell Automation Allen-Bradley PowerMonitor 1000, Samsung Bluetooth API, Samsung RKP API, Schneider Electric Struxureware Building Operations Automation Server, Schneider Electric Touch Panel, Schneider Electric U.motion Builder, Schneider Electric U.motion Server, Search API Autocomplete Module, Secure Data Space SDS-API, service-api, Shipwire API Module, Siemens Automation License Manager, Siemens HomeControl for Room Automation, signotec signoPAD-API-Web, Softing Industrial Automation, SPBAS Business Automation Software, Sprecher Automation SPRECON-E Service Program, SQLi API, Storage API Module, Stripe API v1, Symantec Automated Support Assistant, Telos Automated Message Handling System, thinx-device-api IoT Device Management Server, Thomas Seidl Search API, TIBCO API Exchange Gateway, TIBCO API Exchange Gateway Distribution, TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric, TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Automation Services, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop Language Pack, TIBCO Spotfire Web Player Client, Trane Building Automation Controllers, Trend Micro Advanced Threat Scan Engine, Trend Micro Visua Scan API, uControl Smart Home Automation, VMware Identity Manager, VMware vCloud Automation Center, VMware VIX API, VMware vRealize Automation, VMware vRealize Operations Manager API, VMware vRealize Automation Plugin, W3C High Resolution Time API, Webhost Automation Helm Control Panel, Webhost Automation Helm Web Hosting Control Panel, WebHost Automation Host, WSO2 API manager, WSO2 API Manager, WSO2 API Manager Analytics, WSO2 API Microgateway, WSO2 Data Analytics Server, WSO2 Enterprise Integrator, WSO2 Identity Server, WSO2 Identity Server Analytics, WSO2 IoT Server, WSO2 IS as Key Manager, Xstream API, ZIV Automation 4CCT-EA6-334126BF

PublishedBaseTempVulnerabilityProdExpRemCTICVE
10/23/20214.44.4IBM Business Automation Workflow Web UI cross site scriptingBusiness Automation WorkflowNot DefinedOfficial Fix0.36CVE-2021-29835
10/22/20214.94.8Trane Building Automation Controllers Form cross site scriptingBuilding Automation ControllersNot DefinedNot Defined0.14CVE-2021-42534
10/22/20213.53.4Automated Logic WebCTRL/WebCTRL OEM Login Portal cross site scriptingWebCTRL/WebCTRL OEMNot DefinedNot Defined0.50CVE-2021-31682
10/19/20217.57.2Oracle Siebel Core - Automation Eclipse Jetty denial of serviceSiebel Core - AutomationNot DefinedOfficial Fix0.00CVE-2021-28165
10/18/20214.44.4IBM Business Automation Workflow Web UI cross site scriptingBusiness Automation WorkflowNot DefinedOfficial Fix0.00CVE-2021-29878
10/18/20217.06.9Fatek Automation WinProladder Project File heap-based overflowAutomation WinProladderNot DefinedNot Defined0.00CVE-2021-38442
10/18/20213.83.8Fatek Automation WinProladder out-of-bounds readAutomation WinProladderNot DefinedNot Defined0.00CVE-2021-38440
10/18/20217.06.9Fatek Automation WinProladder Project File memory corruptionAutomation WinProladderNot DefinedNot Defined0.07CVE-2021-38436
10/18/20217.06.9Fatek Automation WinProladder Project File numeric errorAutomation WinProladderNot DefinedNot Defined0.00CVE-2021-38434
10/18/20217.06.9Fatek Automation WinProladder Project File stack-based overflowAutomation WinProladderNot DefinedNot Defined0.08CVE-2021-38430
10/18/20217.06.9Fatek Automation WinProladder Project File out-of-bounds writeAutomation WinProladderNot DefinedNot Defined0.00CVE-2021-38426
10/18/20217.06.9Fatek Automation WinProladder Project File use after freeAutomation WinProladderNot DefinedNot Defined0.00CVE-2021-38438
10/15/20219.89.6Fatek Automation Communication Server stack-based overflowAutomation Communication ServerNot DefinedNot Defined0.00CVE-2021-38432
10/12/20215.65.5Moxa MXview Network Management cleartext transmissionMXview Network ManagementNot DefinedNot Defined0.05CVE-2021-38460
10/12/20218.58.4Moxa MXview Network Management injectionMXview Network ManagementNot DefinedNot Defined0.05CVE-2021-38458
10/12/20217.57.4Moxa MXview Network Management hard-coded passwordMXview Network ManagementNot DefinedNot Defined0.00CVE-2021-38456
10/12/20218.68.5Moxa MXview Network Management access controlMXview Network ManagementNot DefinedNot Defined0.00CVE-2021-38454
10/12/20217.47.3Moxa MXview Network Management path traversalMXview Network ManagementNot DefinedNot Defined0.00CVE-2021-38452
09/10/20214.24.1Samsung Bluetooth API information disclosureBluetooth APINot DefinedOfficial Fix0.05CVE-2021-25453
09/08/20216.36.3Micro Focus Network Automation improper authenticationNetwork AutomationNot DefinedNot Defined0.00CVE-2021-38123
09/07/20213.53.4Moxa WAC-2004 Config Import Menu cross site scriptingWAC-2004/WAC-1001/WAC-1001-T/OnCell G3470A-LTE-EU/OnCell G3470A-LTE-EU-T/TAP-323-EU-CT-T/TAP-323-US-CT-T/TAP-323-JP-CT-T/WDR-3124A-EU/WDR-3124A-EU-T/WDR-3124A-US/WDR-3124A-US-TNot DefinedNot Defined0.00CVE-2021-39278
09/07/20215.55.5Moxa WAC-2004 web_importTFTP command injectionWAC-2004/WAC-1001/WAC-1001-T/OnCell G3470A-LTE-EU/OnCell G3470A-LTE-EU-T/TAP-323-EU-CT-T/TAP-323-US-CT-T/TAP-323-JP-CT-T/WDR-3124A-EU/WDR-3124A-EU-T/WDR-3124A-US/WDR-3124A-US-TNot DefinedNot Defined0.06CVE-2021-39279
08/31/20216.36.3Code Coverage API Plugin Java Object deserializationCode Coverage API PluginNot DefinedNot Defined0.05CVE-2021-21677
08/31/20216.36.0VMware vRealize Operations Manager API access controlvRealize Operations Manager APINot DefinedOfficial Fix0.00CVE-2021-22025
08/31/20214.34.1VMware vRealize Operations Manager API Object Reference Privilege EscalationvRealize Operations Manager APINot DefinedOfficial Fix0.00CVE-2021-22023

Might our Artificial Intelligence support you?

Check our Alexa App!