Type Automation Software

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Vendor »

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector »

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication »

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction »

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index »

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume »

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities »

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (358): Adobe Stock API, Allround Automations PL-SQL Developer, Amazon Elastic Load Balancing API Tools, American Auto-Matrix Aspect-Matrix Building Automation Front-End, American Auto-Matrix Aspect-Nexus Building Automation Front-End, Andrew Sterling Hanenkamp Rest API module, Apache Sling API, Apache Sling Servlets Post, Apache Sling XSS Protection API, API Platform, Apple Exposure Notification API, AutomatedShops WebC.cgi, Automatedsolutions Modbus, Automatedsolutions TCP Master OPC Server, Automated Logic WebCTRL, Automated Solutions Modbus Slave ActiveX Control, Automation, AutomationDirect C-More Micro, AutomationDirect C-More Programming Software, AutomationDirect CLICK Programming Software, AutomationDirect GS Drives Configuration Software, AutomationDirect SL-SOFT SOLO, Automation License Manager, Bitpay Insight-api, Blue Prism Robotic Process Automation, BMC BladeLogic Server Automation, BMC Server Automation, B&R Automation Runtime, B&R Automation Studio, B&R Industrial Automation APROL, CA API Developer Portal, CA API Gateway, CA Automic Workload Automation, CA Client Automation, CA Release Automation, CA Workload Automation AE, Cisco Cloud Network Automation Provisioner, Cisco Crosswork Change Automation, Cisco Tidal Enterprise Scheduler, Cisco Umbrella API, Cisco Workload Automation, CloudForms API, Cmsnx Automated Link Exchange Portal, Code Coverage API Plugin, Cortexa Automation 7202 Home Automation Controller, DataFeedFile Dff Framework Api, Delta Electronics Automation TPEditor, Delta Electronics Delta Industrial Automation DOPSoft, Delta Electronics Delta Industrial Automation PMSoft, Delta Electronics Delta Industrial Automation Screen Editor, Delta Electronics Industrial Automation COMMGR, Delta Electronics Industrial Automation Screen Editor, Delta Industrial Automation CNCSoft, Delta Industrial Automation CNCSoft ScreenEditor, Delta Industrial Automation DOPSoft, Delta Industrial Automation TPEditor, Dillon Kane Tidal Workload Automation Agent, Divante storefront-api, Divante vue-storefront-api, Dolby DAX2 API, ECharts API Plugin, eGain Web Email API 11+, EMC RSA Authentication Agent API, EMC RSA Authentication Agent SDK, EMC RSA Authentication API, Emerson GE Automation Proficy Machine Edition, Entity Api, Entity API module, Fatek Automation FV Designer, Fatek Automation PLC Ethernet Module, Fatek Automation PM Designer V3, GNU wget, Google API Search, Google Exposure Notification API, Google Sign-In with Google API C++ Client, Harbor API, Hirschmann Automation Control HiOS, Hirschmann Automation HiSecOS, Hitachi Automation Director, Hitachi Command Suite, HM Courts & Tribunals ccd-data-store-api, Horner Automation Cscape, HP Business Service Automation Essentials, HP Client Automation Enterprise, HP Client Automation Enterprise Infrastructure, HP Continuous Delivery Automation, HP Database, HP Middleware Automation, HP Network Automation, HP Persistent Accelerite Radia Client Automation, HP Radia Client Automation, HPE StorageWorks XP7 Automation Director, HPE Universal API Framework, IBM API Connect, IBM API Connect Developer Portal, IBM API Management, IBM Business Automation Content Analyzer on Cloud, IBM Business Automation Workflow, IBM Cloud Automation Manager, IBM Rational Automation Framework, IBM Robotic Process Automation with Automation Anywhere, IBM Runbook Automation, IBM Tivoli Service Automation Manager, IBM Tivoli Workload Automation for AIX, IDAutomation PDF417 Barcode, ID Automation Linear Barcode, Igniterealtime Smack Api, Inductive Automation Ignition, Inductive Automation Ignition, Infinite Automation Mango Automation, Infinite Automation Systems Mango Automation, JavaScript WebGL API, Karotz API, larvitbase-api, Liebert MultiLink Automated Shutdown, Mathijs Koenraadt Search API Sorts, Micro Focus Data Center Automation Containerized Suite, Micro Focus Hybrid Cloud Management Containerized Suite, Micro Focus Network Automation, Micro Focus Network Operations Management Suite, Micro Focus Operations Bridge Containerized Suite, Micro Focus Service Management Automation, Micro Focus Service Management Automation Suite, Micro Focus Service Manager Automation, Mitsubishi-automation Mitsubishi MX Component, Moxa, Moxa 5232-N, Moxa ActiveX SDK, Moxa Active OPC Server, Moxa DACenter, Moxa Device Management, Moxa EDR-810, Moxa EDR-G902, Moxa EDR-G903, Moxa EDR 810, Moxa EDS, Moxa EDS-405A, Moxa EDS-408A, Moxa EDS-510A, Moxa EDS-G508E, Moxa EDS-G512E, Moxa EDS-G516E, Moxa G3100V2, Moxa IKS, Moxa IKS-G6824A, Moxa ioAdmin Configuration Utility, Moxa ioLogik, Moxa ioLogik 2500, Moxa ioLogik 2542-HSPA, Moxa ioLogik E2200, Moxa IOxpress Configuration Utility, Moxa Ioxpress Configuration Utility, Moxa MDM Tool, Moxa MGate 5105-MB-EIP, Moxa MGate MB3170, Moxa MGate MB3180, Moxa MGate MB3270, Moxa MGate MB3280, Moxa MGate MB3480, Moxa MGate MB3660, Moxa MiiNePort, Moxa MX-AOPC Server, Moxa MXView, Moxa NPort, Moxa NPort 5110, Moxa NPort 5130, Moxa NPort 5150, Moxa NPort 5150A, Moxa NPort 5210, Moxa NPort 5230, Moxa NPort 5232, Moxa NPort W2x50A, Moxa NPort W2150A, Moxa NPort W2250A, Moxa OnCell, Moxa OnCell 5004, Moxa OnCell 5104, Moxa OnCell Central Manager, Moxa OnCell G3100-HSPA, Moxa OnCell G3110, Moxa OnCell G3111, Moxa OnCell G3150, Moxa OnCell G3151, Moxa OnCell G3211, Moxa OnCell G3251, Moxa OnCell G3470A-LTE, Moxa Oncell Gateway G3211, Moxa PT-7528, Moxa PT-7728, Moxa PT-7828, Moxa SoftCMS, Moxa SoftCMS Live Viewer, Moxa SoftNVR-IA Live Viewer, Moxa ThingsPro, Moxa ThingsPro IIoT Gateway, Moxa UC-7408 LX-Plus, Moxa VPort 461, Moxa VPort ActiveX SDK, Mulesoft, MuleSoft API Gateay, MuleSoft Mule Community Edition, MuleSoft Mule Enterprise Edition, Mulesoft API Gateway, mz-automation libIEC61850, NetApp OnCommand API Services, NetApp OnCommand Workflow Automation, NetApp Service Level Manager, NETxAutomation NETxEIB, Nortek Linear eMerge 50P, Nortek Linear eMerge 5000P, Nortek Linear eMerge E3, OnCommand Workflow Automation, Open Automation OPC Systems.NET, Open Build Service API, Opsware Network Automation System, Optimalpayments Neteller Direct Payment Api, Oracle API Gateway, Oracle Policy Automation, Oracle Policy Automation Connector for Siebel, OSIsoft PI API, OSIsoft PI Asset Framework Client, OSIsoft PI Buffer Subsystem, OSIsoft PI Connector, OSIsoft PI Coresight, OSIsoft PI Data Archive, OSIsoft PI Data Collection Manager, OSIsoft PI Integrator for Business Analytics, OSIsoft PI Interface Configuration Utility, OSIsoft PI Software Development Kit, OSIsoft PI to OCS, OSIsoft PI Web API, OSIsoft PI Web API 2015 R2, OWASP Enterprise Security API, Panasonic Security API ActiveX SDK, Passbolt API, Persistent Systems Radia Client Automation, PHP Scripts Mall API Based Travel Booking, Progress MOVEit Automation, Redgate SQL Change Automation Plugin, Redwood SAP Business Process Automation, Red Hat 3scale API Management Platform, Rockwell Automation Arena, Rockwell Automation Connected Components Workbench, Rockwell Automation FactoryTalk Activation, Rockwell Automation FactoryTalk Alarms, Rockwell Automation Integrated Architecture Builder, Rockwell Automation PanelView Plus, Rockwell Automation RSLogix Micro Starter Lite, Rockwell Events, Rockwell RSLogix 500 Professional Edition, Rockwell RSLogix 500 Standard Edition, Rockwell RSLogix 500 Starter Edition, Rockwell RSLogix Micro Developer, Rockwellautomation 1756-ENBT series A, Rockwellautomation Ab Micrologix Controller, Rockwellautomation Ab Micrologix Controller 1100, Rockwellautomation Armor Compact GuardLogix 5370, Rockwellautomation CompactLogix 5370 L1, Rockwellautomation CompactLogix 5370 L2, Rockwellautomation CompactLogix 5370 L3, Rockwellautomation Compact GuardLogix 5370, Rockwellautomation FactoryTalk, Rockwellautomation FactoryTalk Diagnostics Viewer, Rockwellautomation RSLinx Classic, Rockwellautomation RSLogix, Rockwell Automation 0x, Rockwell Automation 1747-L5x, Rockwell Automation 5000 Logix Designer, Rockwell Automation Arena Simulation Software, Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Rockwell Automation A Ethernet, Rockwell Automation CompactLogix 1768-EWEB, Rockwell Automation CompactLogix 5370 L1, Rockwell Automation CompactLogix 5370 L2, Rockwell Automation CompactLogix 5370 L3, Rockwell Automation CompactLogix GuardLogix, Rockwell Automation Connected Components Workbench, Rockwell Automation ControlFLASH, Rockwell Automation ControlFLASH Plus, Rockwell Automation Controllogix 1756-ENBT, Rockwell Automation EtherNet-IP Web Server Module 1756-EWEB, Rockwell Automation FactoryTalk Asset Centre, Rockwell Automation FactoryTalk Linx, Rockwell Automation FactoryTalk Linx CommDTM, Rockwell Automation FactoryTalk Services Platform, Rockwell Automation FactoryTalk View SE, Rockwell Automation FactoryTalk View SEA, Rockwell Automation IP Bridge, Rockwell Automation Logix Designer Studio 5000, Rockwell Automation MicroLogix 1100, Rockwell Automation MicroLogix 1400, Rockwell Automation PanelView 5510, Rockwell Automation PLC5, Rockwell Automation PowerFlex 525 AC Drives, Rockwell Automation RSLinx Classic, Rockwell Automation RSLinx Enterprise, Rockwell Automation RSLinx Enterprise Software, Rockwell Automation RSLogix 500, Rockwell Automation RSLogix 1785-Lx, Rockwell Automation SLC5, Rockwell Automation Studio 5000 Launcher, Rockwell Automation Allen-Bradley Allen-Bradley CompactLogix 1769-L, Rockwell Automation Allen-Bradley Logix5000, Rockwell Automation Allen-Bradley MicroLogix, Rockwell Automation Allen-Bradley MicroLogix 1100, Rockwell Automation Allen-Bradley MicroLogix 1400, Rockwell Automation Allen-Bradley PowerMonitor 1000, Schneider Electric Struxureware Building Operations Automation Server, Schneider Electric Touch Panel, Schneider Electric U.motion Builder, Schneider Electric U.motion Server, Search API Autocomplete Module, Secure Data Space SDS-API, service-api, Shipwire API Module, Siemens Automation License Manager, Siemens HomeControl for Room Automation, signotec signoPAD-API-Web, Softing Industrial Automation, SPBAS Business Automation Software, Sprecher Automation SPRECON-E Service Program, SQLi API, Storage API Module, Stripe API v1, Symantec Automated Support Assistant, Telos Automated Message Handling System, thinx-device-api IoT Device Management Server, Thomas Seidl Search API, TIBCO API Exchange Gateway, TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric, TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Automation Services, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop Language Pack, TIBCO Spotfire Web Player Client, uControl Smart Home Automation, VMware Identity Manager, VMware vCloud Automation Center, VMware VIX API, VMware vRealize Automation, VMware vRealize Automation Plugin, W3C High Resolution Time API, Webhost Automation Helm Control Panel, Webhost Automation Helm Web Hosting Control Panel, WebHost Automation Host, WSO2 API Manager, WSO2 API manager, WSO2 API Manager Analytics, WSO2 API Microgateway, WSO2 Data Analytics Server, WSO2 Enterprise Integrator, WSO2 Identity Server, WSO2 Identity Server Analytics, WSO2 IoT Server, WSO2 IS as Key Manager, Xstream API

PublishedBaseTempVulnerabilityProdExpRemCTICVE
12/01/20206.36.3Automation Template classes injectionAutomationNot DefinedOfficial Fix0.75CVE-2020-14193
11/30/20203.13.1IBM Business Automation Workflow log fileBusiness Automation WorkflowNot DefinedNot Defined0.53CVE-2020-4900
11/27/20206.36.3B&R Industrial Automation APROL AprolSqlServer improper authenticationAPROLNot DefinedOfficial Fix0.31CVE-2019-19878
11/27/20205.55.5B&R Industrial Automation APROL AprolSqlServer pathname traversalAPROLNot DefinedOfficial Fix0.05CVE-2019-19877
11/27/20206.36.3B&R Industrial Automation APROL EnMon sql injectionAPROLNot DefinedOfficial Fix0.09CVE-2019-19876
11/27/20205.55.5B&R Industrial Automation APROL AprolCluster Script injectionAPROLNot DefinedOfficial Fix0.05CVE-2019-19875
11/27/20205.55.5B&R Industrial Automation APROL Web Interface injectionAPROLNot DefinedOfficial Fix0.05CVE-2019-19874
11/27/20204.34.3B&R Industrial Automation APROL AprolSqlServer DBMS improper authenticationAPROLNot DefinedOfficial Fix0.13CVE-2019-19873
11/27/20205.55.5B&R Industrial Automation APROL AprolLoader injectionAPROLNot DefinedOfficial Fix0.09CVE-2019-19872
11/27/20205.55.5B&R Industrial Automation APROL IosHttp Service/JSON interface unknown vulnerabilityAPROLNot DefinedOfficial Fix0.05CVE-2019-19869
11/26/20207.37.3Rockwell Automation FactoryTalk Linx Port Range heap-based buffer overflowFactoryTalk LinxNot DefinedNot Defined0.00CVE-2020-27251
11/16/20203.53.5IBM Business Automation Workflow Web UI cross site scriptingBusiness Automation WorkflowNot DefinedOfficial Fix0.05CVE-2020-4672
11/06/20206.56.5Moxa MXView permissionMXViewNot DefinedNot Defined0.35CVE-2020-13537
11/06/20206.66.6Moxa MXView permissionMXViewNot DefinedNot Defined0.53CVE-2020-13536
11/03/20208.08.0Moxa VPort 461 command injectionVPort 461Not DefinedNot Defined0.00CVE-2020-23639
10/30/20204.84.8WSO2 API Manager cross site scriptingAPI ManagerNot DefinedNot Defined0.00CVE-2020-27885
10/23/20204.84.6WSO2 API Manager publisher cross site scriptingAPI ManagerNot DefinedNot Defined0.00CVE-2020-17454
10/20/20203.73.6Oracle Policy Automation Connector for Siebel information disclosurePolicy Automation Connector for SiebelNot DefinedOfficial Fix0.00CVE-2020-9488
10/20/20203.73.6Oracle Policy Automation information disclosurePolicy AutomationNot DefinedOfficial Fix0.11CVE-2020-9488
10/20/20206.15.8Oracle Policy Automation Connector for Siebel cross site scriptingPolicy Automation Connector for SiebelNot DefinedOfficial Fix0.11CVE-2020-11022
10/20/20206.15.8Oracle Policy Automation cross site scriptingPolicy AutomationNot DefinedOfficial Fix0.11CVE-2020-11022
10/15/20206.46.1B&R Automation Runtime TFTP Service memory leakAutomation RuntimeNot DefinedOfficial Fix0.00CVE-2020-11637
09/21/20203.73.7IBM Business Automation Content Analyzer on Cloud Authorization Token missing encryptionBusiness Automation Content Analyzer on CloudNot DefinedNot Defined0.06CVE-2020-4315
09/18/20206.96.9HPE Universal API Framework sql injectionUniversal API FrameworkNot DefinedNot Defined0.09CVE-2020-24623
09/03/20205.95.9IBM API Connect API Manager privileges managementAPI ConnectNot DefinedNot Defined0.07CVE-2020-4638

Do you need the next level of professionalism?

Upgrade your account now!