RSS   Vulnerabilities for 'Opc toolbox'   RSS

2021-04-02
 
CVE-2021-29661

CWE-79
 

 
Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it.

 
 
CVE-2021-29660

CWE-352
 

 
A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker.

 

 >>> Vendor: Softing 14 Products
Fg-x00 profibus firmware
Uagate si firmware
Uagate 840d firmware
Uagate mb firmware
OPC
Opc toolbox
Datafeed opc suite
Edgeconnector
Secure integration server
Th scope
Uagates
Uatoolkit embedded
Smartlink hw-dp
Opc ua c\+\+ software development kit


Copyright 2024, cxsecurity.com

 

Back to Top