Artyom Kurbatov

#18148of 53,633
15Total CVSS
Vulnerabilities · 2
Medium
1
High
1
PT-2015-2901
10
2015-12-23
Saia Burgess · Pcd7.D4Xxd · CVE-2015-7911
**Name of the Vulnerable Software and Affected Versions** Saia Burgess PCD1.M0xx0 versions prior to 1.24.50 Saia Burgess PCD1.M2xx0 versions prior to 1.24.50 Saia Burgess PCD2.M5xx0 versions prior to 1.24.50 Saia Burgess PCD3.Mxx60 versions prior to 1.24.50 Saia Burgess PCD3.Mxxx0 versions prior to 1.24.50 Saia Burgess PCD7.D4xxD versions prior to 1.24.50 Saia Burgess PCD7.D4xxV versions prior to 1.24.50 Saia Burgess PCD7.D4xxWTPF versions prior to 1.24.50 Saia Burgess PCD7.D4xxxT5F versions prior to 1.24.50 Saia Burgess PCD3.T665 versions prior to 1.24.41 Saia Burgess PCD3.T666 versions prior to 1.24.41 **Description** The issue is caused by hardcoded credentials in the software, allowing remote attackers to obtain administrative access via an FTP session. This can be exploited by attackers to gain unauthorized access to the system. **Recommendations** For Saia Burgess PCD1.M0xx0 versions prior to 1.24.50, update to version 1.24.50 or later. For Saia Burgess PCD1.M2xx0 versions prior to 1.24.50, update to version 1.24.50 or later. For Saia Burgess PCD2.M5xx0 versions prior to 1.24.50, update to version 1.24.50 or later. For Saia Burgess PCD3.Mxx60 versions prior to 1.24.50, update to version 1.24.50 or later. For Saia Burgess PCD3.Mxxx0 versions prior to 1.24.50, update to version 1.24.50 or later. For Saia Burgess PCD7.D4xxD versions prior to 1.24.50, update to version 1.24.50 or later. For Saia Burgess PCD7.D4xxV versions prior to 1.24.50, update to version 1.24.50 or later. For Saia Burgess PCD7.D4xxWTPF versions prior to 1.24.50, update to version 1.24.50 or later. For Saia Burgess PCD7.D4xxxT5F versions prior to 1.24.50, update to version 1.24.50 or later. For Saia Burgess PCD3.T665 versions prior to 1.24.41, update to version 1.24.41 or later. For Saia Burgess PCD3.T666 versions prior to 1.24.41, update to version 1.24.41 or later.
PT-2015-6361
5.0
2015-09-18
Schneider Electric · Struxureware Building Expert Mpm · CVE-2015-3962
**Name of the Vulnerable Software and Affected Versions** Schneider Electric StruxureWare Building Expert MPM versions prior to 2.15 **Description** The issue concerns the lack of encryption for the client-server data stream, allowing remote attackers to discover credentials by sniffing the network. **Recommendations** For versions prior to 2.15, update to version 2.15 or later to enable encryption for the client-server data stream.