Automation Software Vulnerabilities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Vendor

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

IBM API Connect71
WSO2 API Manager30
Schneider Electric U.motion Builder26
IBM Robotic Process Automation24
GNU wget21

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix396
Temporary Fix0
Workaround35
Unavailable6
Not Defined633

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High14
Functional1
Proof-of-Concept55
Unproven8
Not Defined992

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical7
Local93
Adjacent82
Network888

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High43
Low327
None700

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required263
None807

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base

≤10
≤20
≤314
≤482
≤5122
≤6198
≤7265
≤8192
≤9129
≤1068

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤315
≤485
≤5141
≤6212
≤7263
≤8167
≤9125
≤1062

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤21
≤329
≤4143
≤5152
≤6232
≤7177
≤8232
≤941
≤1063

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤32
≤416
≤542
≤683
≤7107
≤8194
≤992
≤10155

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤32
≤41
≤514
≤617
≤712
≤845
≤916
≤1026

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤51
≤63
≤73
≤85
≤92
≤105

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤81
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day

<1k180
<2k258
<5k359
<10k124
<25k129
<50k12
<100k5
≥100k3

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k731
<2k139
<5k95
<10k75
<25k29
<50k0
<100k1
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (550): 3scale API Management, Adobe Stock API, Allround Automations PL-SQL Developer, Amazon Elastic Load Balancing API Tools, American Auto-Matrix Aspect-Matrix Building Automation Front-End, American Auto-Matrix Aspect-Nexus Building Automation Front-End, Andrew Sterling Hanenkamp Rest API module, Apache Sling API, Apache Sling Commons Log, Apache Sling Servlets Post, Apache Sling XSS Protection API, API Platform, Apple Exposure Notification API, AutomatedShops WebC.cgi, Automatedsolutions Modbus, Automatedsolutions TCP Master OPC Server, Automated Logic WebCTRL, Automated Logic WebCTRL OEM, Automated Logic WebCtrl Server, Automated Solutions Modbus Slave ActiveX Control, Automation, automationbroker apb, AutomationDirect C-More Micro, AutomationDirect C-More Programming Software, AutomationDirect CLICK Programming Software, AutomationDirect DirectLOGIC, AutomationDirect GS Drives Configuration Software, AutomationDirect SIO-MB04ADS, AutomationDirect SIO-MB04DAS, AutomationDirect SIO-MB04RTDS, AutomationDirect SIO-MB04THMS, AutomationDirect SIO-MB08ADS-1, AutomationDirect SIO-MB08ADS-2, AutomationDirect SIO-MB08THMS, AutomationDirect SIO-MB12CDR, AutomationDirect SIO-MB16CDD2, AutomationDirect SIO-MB16ND3, AutomationDirect SL-SOFT SOLO, Automation Anywhere Automation 360, Automation Direct CLICK PLC CPU, Automation License Manager, Bitpay Insight-api, Blue Prism Robotic Process Automation, BMC BladeLogic Server Automation, BMC Server Automation, Broadcom CA Automic Automation, B&R Automation Runtime, B&R Automation Studio, B&R Industrial Automation APROL, CA API Developer Portal, CA API Gateway, CA Automic Workload Automation, CA Client Automation, CA Release Automation, CA Workload Automation AE, CASAP Automated Enrollment System, Cisco Business Process Automation, Cisco Cloud Network Automation Provisioner, Cisco Crosswork Change Automation, Cisco Tidal Enterprise Scheduler, Cisco Umbrella API, Cisco Workload Automation, CloudForms API, Cmsnx Automated Link Exchange Portal, CODESYS Automation Server, Code Coverage API Plugin, Compuware zAdviser API Plugin, Cortexa Automation 7202 Home Automation Controller, CVE Services API, DataFeedFile Dff Framework Api, Delta Electronics Automation TPEditor, Delta Electronics Delta Industrial Automation DOPSoft, Delta Electronics Delta Industrial Automation PMSoft, Delta Electronics Delta Industrial Automation Screen Editor, Delta Electronics Delta Robot Automation Studio, Delta Electronics Industrial Automation COMMGR, Delta Electronics Industrial Automation Screen Editor, Delta Industrial Automation CNCSoft, Delta Industrial Automation CNCSoft-B, Delta Industrial Automation CNCSoft ScreenEditor, Delta Industrial Automation DIAEnergie, Delta Industrial Automation DIALink, Delta Industrial Automation DOPSoft, Delta Industrial Automation TPEditor, Dillon Kane Tidal Workload Automation Agent, Divante storefront-api, Divante vue-storefront-api, Dolby Audio X2 API, Dolby DAX2 API, ECharts API Plugin, eGain Web Email API 11+, EMC RSA Authentication Agent API, EMC RSA Authentication Agent SDK, EMC RSA Authentication API, Emerson GE Automation Proficy Machine Edition, Emmanuel MyDomoAtHome REST API Domoticz ISS Gateway, Entity Api, Entity API module, Fatek Automation Communication Server, Fatek Automation FV Designer, Fatek Automation PLC Ethernet Module, Fatek Automation PM Designer V3, Fatek Automation WinProladder, Fortinet FortiDDoS API, GNU wget, Google API Search, Google Exposure Notification API, Google Sign-In with Google API C++ Client, Gravitee API Management, Greyware Automation Products Domain Time II, Harbor API, Hirschmann Automation Control HiOS, Hirschmann Automation HiSecOS, Hitachi Automation Director, Hitachi Command Suite, HM Courts & Tribunals ccd-data-store-api, HomeAutomation, Horner Automation Cscape, Horner Automation Cscape Csfont, Horner Automation Cscape EnvisionRV, HP Business Service Automation Essentials, HP Client Automation Enterprise, HP Client Automation Enterprise Infrastructure, HP Continuous Delivery Automation, HP Database, HP Middleware Automation, HP Network Automation, HP Persistent Accelerite Radia Client Automation, HP Radia Client Automation, HPE StorageWorks XP7 Automation Director, HPE Universal API Framework, IBM API Connect, IBM API Connect Developer Portal, IBM API Management, IBM Business Automation Content Analyzer on Cloud, IBM Business Automation Workflow, IBM Case Manager, IBM Cloud Automation Manager, IBM Cloud Pak for Automation, IBM Rational Automation Framework, IBM Robotic Process Automation, IBM Robotic Process Automation with Automation Anywhere, IBM Runbook Automation, IBM Tivoli Service Automation Manager, IBM Tivoli Workload Automation for AIX, IBM Workload Automation, IDAutomation PDF417 Barcode, ID Automation Linear Barcode, Igniterealtime Smack Api, Inductive Automation Ignition, Inductive Automation Ignition, Infinite Automation Mango Automation, Infinite Automation Systems Mango Automation, Intel Crypto API Toolkit, iPack SCADA Automation Software, JavaScript WebGL API, Karotz API, Lanling OA Landray Office Automation, larvitbase-api, LAVA Linaro Automated Validation Architecture, Liebert MultiLink Automated Shutdown, Linaro Automated Validation Architecture, Luxas98 logstash-management-api, Mathijs Koenraadt Search API Sorts, Microsoft Power Apps, Microsoft Power Automate, Microsoft Power BI, Micro Focus Data Center Automation Containerized Suite, Micro Focus Hybrid Cloud Management Containerized Suite, Micro Focus Network Automation, Micro Focus Network Operations Management Suite, Micro Focus Operations Bridge Containerized Suite, Micro Focus Secure API Manager, Micro Focus Service Management Automation, Micro Focus Service Management Automation Suite, Micro Focus Service Manager Automation, Micro Focus Application Automation Tools Plugin, Mitsubishi-automation Mitsubishi MX Component, Mitsubishi Electric Factory Automation, Mitsubishi Electric Factory Automation Engineering, Moxa, Moxa 5232-N, Moxa ActiveX SDK, Moxa Active OPC Server, Moxa AIG-300, Moxa Camera VPort 06EC-2V, Moxa DA-662C-16-LX, Moxa DACenter, Moxa Device Management, Moxa EDR-810, Moxa EDR-G902, Moxa EDR-G903, Moxa EDR 810, Moxa EDS, Moxa EDS-405A, Moxa EDS-408A, Moxa EDS-510A, Moxa EDS-G508E, Moxa EDS-G512E, Moxa EDS-G516E, Moxa G3100V2, Moxa IAW5000A, Moxa IKS, Moxa IKS-G6824A, Moxa ioAdmin Configuration Utility, Moxa ioLogik, Moxa ioLogik 2500, Moxa ioLogik 2542-HSPA, Moxa ioLogik E2200, Moxa IOxpress Configuration Utility, Moxa Ioxpress Configuration Utility, Moxa MDM Tool, Moxa MGate 5101-PBM-MN, Moxa MGate 5105-MB-EIP, Moxa MGate 5109, Moxa MGate MB3170, Moxa MGate MB3180, Moxa Mgate MB3180, Moxa MGate MB3270, Moxa MGate MB3280, Moxa MGate MB3480, Moxa MGate MB3660, Moxa MiiNePort, Moxa MX-AOPC Server, Moxa MXView, Moxa MXview Network Management, Moxa NPort, Moxa NPort 5110, Moxa NPort 5130, Moxa NPort 5150, Moxa NPort 5150A, Moxa NPort 5210, Moxa NPort 5230, Moxa NPort 5232, Moxa NPort IA5000A, Moxa NPort IA5150A, Moxa NPort IA5150A-IEX, Moxa NPort IA5150A-T, Moxa NPort IA5150A-T-IEX, Moxa NPort IA5150AI, Moxa NPort IA5150AI-IEX, Moxa NPort IA5150AI-T, Moxa NPort IA5150AI-T-IE, Moxa NPort IA5250A, Moxa NPort IA5250A-IEX, Moxa NPort IA5250A-T, Moxa NPort IA5250A-T-IEX, Moxa NPort IA5250AI, Moxa NPort IA5250AI-IEX, Moxa NPort IA5250AI-T, Moxa NPort IA5250AI-T-IE, Moxa NPort IA5450A, Moxa NPort IA5450A-T, Moxa NPort IA5450AI, Moxa NPort IA5450AI-T, Moxa NPort IAW5000A, Moxa NPort IAW5000A-IO, Moxa NPort W2x50A, Moxa NPort W2150A, Moxa NPort W2250A, Moxa OnCell, Moxa OnCell 5004, Moxa OnCell 5104, Moxa OnCell Central Manager, Moxa OnCell G3100-HSPA, Moxa OnCell G3110, Moxa OnCell G3111, Moxa OnCell G3150, Moxa OnCell G3151, Moxa OnCell G3211, Moxa OnCell G3251, Moxa OnCell G3470A-LTE, Moxa OnCell G3470A-LTE-EU, Moxa OnCell G3470A-LTE-EU-T, Moxa Oncell Gateway G3211, Moxa PT-7528, Moxa PT-7728, Moxa PT-7828, Moxa SoftCMS, Moxa SoftCMS Live Viewer, Moxa SoftNVR-IA Live Viewer, Moxa TAP-323-EU-CT-T, Moxa TAP-323-JP-CT-T, Moxa TAP-323-US-CT-T, Moxa ThingsPro, Moxa ThingsPro IIoT Gateway, Moxa TN-5900, Moxa UC-2100, Moxa UC-2100-W, Moxa UC-3100, Moxa UC-5100, Moxa UC-7408 LX-Plus, Moxa UC-8100, Moxa UC-8100-ME-T, Moxa UC-8100A-ME-T, Moxa UC-8200, Moxa UC-8410A, Moxa UC-8540, Moxa UC-8580, Moxa VPort 461, Moxa VPort ActiveX SDK, Moxa WAC-1001, Moxa WAC-1001-T, Moxa WAC-2004, Moxa WDR-3124A-EU, Moxa WDR-3124A-EU-T, Moxa WDR-3124A-US, Moxa WDR-3124A-US-T, Mulesoft, MuleSoft API Gateay, MuleSoft Mule Community Edition, MuleSoft Mule Enterprise Edition, Mulesoft API Gateway, mz-automation libIEC61850, MZ Automation lib60870.NET, MZ Automation libiec61850, MZ Automation libIEC61850, MZ Automation LibIEC61850, NetApp OnCommand API Services, NetApp OnCommand Workflow Automation, NetApp Service Level Manager, NETxAutomation NETxEIB, Nortek Linear eMerge 50P, Nortek Linear eMerge 5000P, Nortek Linear eMerge E3, Nortek Linear E3, Nortek Linear eMerge E3, OnCommand Workflow Automation, Openmoney API, Open Automation OAS, Open Automation OPC Systems.NET, Open Build Service API, Opsware Network Automation System, Optimalpayments Neteller Direct Payment Api, Oracle API Gateway, Oracle Policy Automation, Oracle Policy Automation Connector for Siebel, Oracle Siebel Core-Automation, Oracle Siebel Core - Automation, OSIsoft PI API, OSIsoft PI Asset Framework Client, OSIsoft PI Buffer Subsystem, OSIsoft PI Connector, OSIsoft PI Coresight, OSIsoft PI Data Archive, OSIsoft PI Data Collection Manager, OSIsoft PI Integrator for Business Analytics, OSIsoft PI Interface Configuration Utility, OSIsoft PI Software Development Kit, OSIsoft PI to OCS, OSIsoft PI Web API, OSIsoft PI Web API 2015 R2, OWASP Enterprise Security API, Panasonic Security API ActiveX SDK, Passbolt API, Persistent Systems Radia Client Automation, Phoenix Contact Automation Worx Software Suite, Phoenix Contact Classic Automation Worx Software Suite, Phoenix Contact PC Worx Automation Suite, PHP Scripts Mall API Based Travel Booking, Pipeline SCM API for Blue Ocean Plugin, Progress MOVEit Automation, Redgate SQL Change Automation Plugin, Redwood SAP Business Process Automation, Red Hat 3scale API Management, Red Hat 3scale API Management Platform, Red Hat Ansible Automation Platform, Red Hat Ansible Tower, Red Hat Decision Manager, Red Hat Process Automation, Red Hat Process Automation Manager, Rockwell Automation Arena, Rockwell Automation Connected Components Workbench, Rockwell Automation FactoryTalk Activation, Rockwell Automation FactoryTalk Alarms, Rockwell Automation Integrated Architecture Builder, Rockwell Automation PanelView Plus, Rockwell Automation RSLogix Micro Starter Lite, Rockwell Events, Rockwell RSLogix 500 Professional Edition, Rockwell RSLogix 500 Standard Edition, Rockwell RSLogix 500 Starter Edition, Rockwell RSLogix Micro Developer, Rockwellautomation 1756-ENBT series A, Rockwellautomation Ab Micrologix Controller, Rockwellautomation Ab Micrologix Controller 1100, Rockwellautomation Armor Compact GuardLogix 5370, Rockwellautomation CompactLogix 5370 L1, Rockwellautomation CompactLogix 5370 L2, Rockwellautomation CompactLogix 5370 L3, Rockwellautomation Compact GuardLogix 5370, Rockwellautomation FactoryTalk, Rockwellautomation FactoryTalk Diagnostics Viewer, Rockwellautomation RSLinx Classic, Rockwellautomation RSLogix, Rockwell Automation 0x, Rockwell Automation 1734-AENTR Series B, Rockwell Automation 1734-AENTR Series C, Rockwell Automation 1747-L5x, Rockwell Automation 1768 CompactLogix, Rockwell Automation 1769 CompactLogix, Rockwell Automation 5000 Logix Designer, Rockwell Automation Arena Simulation Software, Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Rockwell Automation Automation Connected Components Workbench, Rockwell Automation A Ethernet, Rockwell Automation CompactLogix 1768-EWEB, Rockwell Automation CompactLogix 5370, Rockwell Automation CompactLogix 5370 L1, Rockwell Automation CompactLogix 5370 L2, Rockwell Automation CompactLogix 5370 L3, Rockwell Automation CompactLogix 5380, Rockwell Automation CompactLogix 5480, Rockwell Automation CompactLogix GuardLogix, Rockwell Automation Compact GuardLogix 5370, Rockwell Automation Compact GuardLogix 5380, Rockwell Automation Connected Components Workbench, Rockwell Automation Connected Component Workbench, Rockwell Automation ControlFLASH, Rockwell Automation ControlFLASH Plus, Rockwell Automation Controllogix 1756-ENBT, Rockwell Automation ControlLogix 5550, Rockwell Automation ControlLogix 5560, Rockwell Automation ControlLogix 5570, Rockwell Automation ControlLogix 5580, Rockwell Automation DriveLogix 5730, Rockwell Automation Drives AOP, Rockwell Automation DriveTools SP, Rockwell Automation EtherNet-IP Web Server Module 1756-EWEB, Rockwell Automation FactoryTalk, Rockwell Automation FactoryTalk AssetCentre, Rockwell Automation FactoryTalk Asset Centre, Rockwell Automation FactoryTalk Diagnostics Viewer, Rockwell Automation FactoryTalk Linx, Rockwell Automation FactoryTalk Linx CommDTM, Rockwell Automation FactoryTalk Services Platform, Rockwell Automation FactoryTalk VantagePoint, Rockwell Automation FactoryTalk View SE, Rockwell Automation FactoryTalk View SEA, Rockwell Automation FlexLogix 1794-L34, Rockwell Automation Flex IO, Rockwell Automation GuardLogix 5560, Rockwell Automation GuardLogix 5570, Rockwell Automation GuardLogix 5580, Rockwell Automation IP Bridge, Rockwell Automation ISaGRAF, Rockwell Automation ISaGRAF Runtime, Rockwell Automation ISaGRAF Workbench, Rockwell Automation Logix Controllers, Rockwell Automation Logix Designer Studio 5000, Rockwell Automation Micro800, Rockwell Automation MicroLogix 1100, Rockwell Automation MicroLogix 1400, Rockwell Automation PanelView 5510, Rockwell Automation PLC5, Rockwell Automation PowerFlex 525 AC Drives, Rockwell Automation RSLinx Classic, Rockwell Automation RSLinx Enterprise, Rockwell Automation RSLinx Enterprise Software, Rockwell Automation RSLogix 500, Rockwell Automation RSLogix 1785-Lx, Rockwell Automation RSLogix 5000, Rockwell Automation Safety Instrumented Systems Workstation, Rockwell Automation SLC5, Rockwell Automation SoftLogix 5800, Rockwell Automation Studio 5000 Launcher, Rockwell Automation Studio 5000 Logix Designer, Rockwell Automation ThinManager ThinServer, Rockwell Automation Allen-Bradley Allen-Bradley CompactLogix 1769-L, Rockwell Automation Allen-Bradley Logix5000, Rockwell Automation Allen-Bradley MicroLogix, Rockwell Automation Allen-Bradley MicroLogix 1100, Rockwell Automation Allen-Bradley MicroLogix 1400, Rockwell Automation Allen-Bradley PowerMonitor 1000, Samsung Bluetooth API, Samsung RKP API, sanojtharindu caretakerr-api, SAP Business one License Service API, Schneider Electric Struxureware Building Operations Automation Server, Schneider Electric Touch Panel, Schneider Electric U.motion Builder, Schneider Electric U.motion Server, Search API Autocomplete Module, Secure Data Space SDS-API, service-api, Shipwire API Module, Siemens Automation License Manager, Siemens HomeControl for Room Automation, signotec signoPAD-API-Web, Softing Industrial Automation, SPBAS Business Automation Software, Sprecher Automation SPRECON-E Service Program, SQLi API, sravaniboinepelli AutomatedQuizEval, Storage API Module, Stripe API v1, Symantec Automated Support Assistant, Symantec Layer7 API Management OAuth Toolkit, Telos Automated Message Handling System, thinx-device-api IoT Device Management Server, Thomas Seidl Search API, TIBCO API Exchange Gateway, TIBCO API Exchange Gateway Distribution, TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric, TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Automation Services, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop Language Pack, TIBCO Spotfire Web Player Client, Trane Building Automation Controllers, Trend Micro Advanced Threat Scan Engine, Trend Micro Visua Scan API, uControl Smart Home Automation, Unified Automation OPC UA C++, UniverSIS API, Vmware Cloud Foundation, VMware Connectors, VMware Identity Manager, Vmware Identity Manager, VMware vCloud Automation Center, VMware VIX API, VMware vRealize Automation, Vmware vRealize Automation, VMware vRealize Operations Manager API, Vmware vRealize Suite Lifecycle Manager, VMware Workspace ONE Access, Vmware Workspace ONE Access, VMware vRealize Automation Plugin, W3C High Resolution Time API, Webhost Automation Helm Control Panel, Webhost Automation Helm Web Hosting Control Panel, WebHost Automation Host, WSO2 API Manager, WSO2 API manager, WSO2 API Manager Analytics, WSO2 API Microgateway, WSO2 Data Analytics Server, WSO2 Enterprise Integrator, WSO2 Identity Server, WSO2 Identity Server Analytics, WSO2 Identity Server as Key Manager, WSO2 IoT Server, WSO2 IS as Key Manager, WSO2 WSO2 Micro Integrator, Xstream API, Yordam Library Information Document Automation, Yordam Bilgi Teknolojileri University Library Automation System, ZIV Automation 4CCT-EA6-334126BF

PublishedBaseTempVulnerabilityProductExpRemCTICVE
12/02/20227.27.0Delta Industrial Automation DIALink path traversalDIALinkNot DefinedOfficial Fix1.42CVE-2022-2969
11/24/20228.88.4Moxa UC-8100A-ME-T unnecessary privilegesUC-8100A-ME-T/UC-2100/UC-2100-W/UC-3100/UC-5100/UC-8100/UC-8100-ME-T/UC-8100A-ME-T/UC-8200/AIG-300/UC-8410A/UC-8580/UC-8540/DA-662C-16-LXNot DefinedOfficial Fix0.00CVE-2022-3088
11/19/20224.34.1Linaro Automated Validation Architecture XMLRPC Request resource consumptionLinaro Automated Validation ArchitectureNot DefinedOfficial Fix0.03CVE-2022-44641
11/19/20226.36.0Linaro Automated Validation Architecture REST API Privilege EscalationLinaro Automated Validation ArchitectureNot DefinedOfficial Fix0.07CVE-2022-45132
11/17/20224.44.4IBM Business Automation Workflow Web UI cross site scriptingBusiness Automation WorkflowNot DefinedOfficial Fix0.06CVE-2022-38390
11/17/20223.13.0Microsoft Power Automate/Power Apps/Power BI SAS URI information disclosurePower Automate/Power Apps/Power BIProof-of-ConceptUnavailable0.07
11/15/20226.06.0Phoenix Contact Automation Worx Software Suite out-of-boundsAutomation Worx Software SuiteNot DefinedNot Defined0.03CVE-2022-3737
11/15/20227.06.9Phoenix Contact Automation Worx Software Suite File heap-based overflowAutomation Worx Software SuiteNot DefinedNot Defined0.00CVE-2022-3461
11/13/20225.55.3MZ Automation libiec61850 MMS File Services mms_client_files.c path traversallibiec61850Not DefinedOfficial Fix0.89CVE-2022-3976
11/04/20226.36.0IBM Robotic Process Automation Configuration permissionRobotic Process AutomationNot DefinedOfficial Fix0.10CVE-2022-43574
11/04/20224.34.1IBM Robotic Process Automation Mail Address information disclosureRobotic Process AutomationNot DefinedOfficial Fix0.03CVE-2022-42442
11/04/20224.34.1IBM Robotic Process Automation information disclosureRobotic Process AutomationNot DefinedOfficial Fix0.03CVE-2022-38710
11/04/20224.34.1IBM Business Automation Workflow information disclosureBusiness Automation WorkflowNot DefinedOfficial Fix0.06CVE-2022-35279
10/27/20225.05.0Yordam Library Information Document Automation cross site scriptingLibrary Information Document AutomationNot DefinedOfficial Fix0.05CVE-2021-45476
10/27/20226.46.4Rockwell Automation FactoryTalk Alarm/Events Service improper authenticationFactoryTalkNot DefinedNot Defined0.00CVE-2022-38744
10/27/20226.06.0Yordam Library Information Document Automation information disclosureLibrary Information Document AutomationNot DefinedOfficial Fix0.03CVE-2021-45475
10/20/20226.16.1Red Hat 3scale API Management improper validation framework3scale API ManagementNot DefinedNot Defined0.03CVE-2022-1414
10/19/20227.67.5Oracle Siebel Core-Automation Keyword Automation denial of serviceSiebel Core-AutomationNot DefinedOfficial Fix0.07CVE-2022-25647
10/18/20225.35.1Unified Automation OPC UA C++ denial of serviceOPC UA C++Not DefinedOfficial Fix0.13CVE-2022-37013
10/18/20225.35.1Unified Automation OPC UA C++ denial of serviceOPC UA C++Not DefinedOfficial Fix0.03CVE-2022-37012
10/18/20227.17.1Red Hat Decision Manager/Process Automation Business Central Console permissionsDecision Manager/Process AutomationNot DefinedNot Defined0.04CVE-2019-14841
10/18/20225.55.5Red Hat Decision Manager/Process Automation insufficiently protected credentialsDecision Manager/Process AutomationNot DefinedNot Defined0.09CVE-2019-14840
10/13/20227.57.4LAVA Linaro Automated Validation Architecture lava-server-gunicorn Service lavatable.py Privilege EscalationLinaro Automated Validation ArchitectureNot DefinedOfficial Fix0.07CVE-2022-42902
10/06/20226.36.0Rockwell Automation FactoryTalk VantagePoint sql injectionFactoryTalk VantagePointNot DefinedOfficial Fix0.08CVE-2022-3158
10/06/20227.57.4Rockwell Automation FactoryTalk VantagePoint SQL access controlFactoryTalk VantagePointNot DefinedOfficial Fix0.03CVE-2022-38743
10/06/20226.46.3IBM Robotic Process Automation Bot API unknown vulnerabilityRobotic Process AutomationNot DefinedOfficial Fix0.03CVE-2022-41294
10/06/20225.55.4IBM Robotic Process Automation Web UI cross site scriptingRobotic Process AutomationNot DefinedOfficial Fix0.92CVE-2022-38709
10/06/20225.25.1IBM Robotic Process Automation Client Proxy Configuration channel accessibleRobotic Process AutomationNot DefinedOfficial Fix0.04CVE-2022-36774
10/06/20225.55.4IBM Robotic Process Automation clickjackingRobotic Process AutomationNot DefinedOfficial Fix0.29CVE-2022-22503
10/05/20226.36.0Horner Automation Cscape FNT File uninitialized pointerCscapeNot DefinedOfficial Fix0.07CVE-2022-3377
10/05/20227.06.9Horner Automation Cscape FNT File uninitialized pointerCscapeNot DefinedOfficial Fix0.07CVE-2022-3378
10/05/20227.06.8Horner Automation Cscape FNT File out-of-bounds writeCscapeNot DefinedOfficial Fix0.06CVE-2022-3379
09/30/20225.55.4IBM Robotic Process Automation Upgrade Log log fileRobotic Process AutomationNot DefinedOfficial Fix0.04CVE-2022-39168
09/24/20228.78.7Rockwell Automation ThinManager ThinServer TFTP heap-based overflowThinManager ThinServerNot DefinedNot Defined0.04CVE-2022-38742
09/23/20225.25.1Yordam Bilgi Teknolojileri University Library Automation System cross site scriptingUniversity Library Automation SystemNot DefinedOfficial Fix0.03CVE-2022-2266
09/16/20229.89.6Delta Industrial Automation DIAEnergie hard-coded credentialsDIAEnergieNot DefinedOfficial Fix0.03CVE-2022-3214
09/10/20227.97.8MZ Automation libIEC61850 null pointer dereferencelibIEC61850Not DefinedOfficial Fix0.03CVE-2022-2973
09/10/20227.57.2MZ Automation libIEC61850 type confusionlibIEC61850Not DefinedOfficial Fix0.03CVE-2022-2971
09/10/20229.99.7MZ Automation libIEC61850 stack-based overflowlibIEC61850Not DefinedOfficial Fix0.03CVE-2022-2972
09/10/20229.99.7MZ Automation libIEC61850 memcpy stack-based overflowlibIEC61850Not DefinedOfficial Fix0.00CVE-2022-2970
09/01/20228.38.1AutomationDirect DirectLOGIC Installation uncontrolled search pathDirectLOGICNot DefinedOfficial Fix0.05CVE-2022-2006
09/01/20227.57.3AutomationDirect DirectLOGIC Packet resource consumptionDirectLOGICNot DefinedOfficial Fix0.00CVE-2022-2004
09/01/20227.97.8AutomationDirect DirectLOGIC CPU Serial Port cleartext transmissionDirectLOGICNot DefinedOfficial Fix0.00CVE-2022-2003
08/26/20228.07.9Nortek Linear eMerge E3 ReaderNo os command injectioneMerge E3Not DefinedOfficial Fix0.05CVE-2022-31499
08/26/20227.27.1Nortek Linear E3 test.txt hard-coded credentialsE3Not DefinedNot Defined0.03CVE-2022-31269
08/26/20222.62.5Nortek Linear eMerge E3 card_scan.php cross site scriptingLinear eMerge E3Not DefinedNot Defined0.03CVE-2022-31798
08/23/20225.85.7Gravitee API Management register path traversalAPI ManagementNot DefinedOfficial Fix0.04CVE-2019-25075
08/20/20224.34.1Delta Electronics Delta Robot Automation Studio XML Document xml external entity referenceDelta Robot Automation StudioNot DefinedOfficial Fix0.06CVE-2022-2759
08/19/20226.36.3Red Hat Ansible Automation Platform Account Settings access controlAnsible Automation PlatformNot DefinedNot Defined0.05CVE-2022-2568
08/17/20225.55.5automationbroker apb privileges assignmentapbNot DefinedNot Defined0.06CVE-2020-10728

1020 more entries are not shown

Interested in the pricing of exploits?

See the underground prices here!