List of discovered vulnerabilities:
| CVE | Product | CWE (vuln type) | CVSSv3 Score |
|---|---|---|---|
| CVE-2024-32755 | Johnson Controls/Tyco’s Illustra Essentials Gen 4 IP Camera | Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) | 9.1 |
| CVE-2024-32932 | Johnson Controls/Tyco’s Illustra Essentials Gen 4 IP Camera | Storing Passwords in a Recoverable Format (web interface) | 6.8 |
| CVE-2024-32756 | Johnson Controls/Tyco’s Illustra Essentials Gen 4 IP Camera | Storing Passwords in a Recoverable Format (Linux users) | 6.8 |
| CVE-2024-32757 | Johnson Controls/Tyco’s Illustra Essentials Gen 4 IP Camera | Insertion of Sensitive Information in Log Files | 6.8 |
| CVE-2023-7234 | Integration Object’s OPC UA Server Toolkit | Improper Output Neutralization for Logs | 5.3 |
| CVE-2023-29444 | PTC’s Kepware KEPServerEX | Uncontrolled Search Path Element | 6.3 |
| CVE-2023-29445 | PTC’s Kepware KEPServerEX | Uncontrolled Search Path Element | 6.3 |
| CVE-2023-29446 | PTC’s Kepware KEPServerEX | Improper Input Validation | 4.7 |
| CVE-2023-29447 | PTC’s Kepware KEPServerEX | Insufficiently Protected Credentials | 5.7 |
| CVE-2023-0811 | Omron’s CJ1M PLC | Insufficiently Protected Credentials | 9.1 |
| CVE-2021-41544 | Siemens Software Center | Uncontrolled Search Path Element | 7.5 |
| CVE-2022-25634 | Siemens Software Center | Uncontrolled Search Path Element | 7.5 |
| CVE-2022-2003 | Automation Direct DL 06 PLCs | Exposure of Sensitive Information to an Unauthorized Actor | 7.5 |
| CVE-2022-2004 | Automation Direct DL 06 PLCs | Uncontrolled Resource Consumption | 7.5 |
| CVE-2022-2005 | Automation Direct C-More EA9 HMI | Cleartext Transmission of Sensitive Information | 7.8 |
| CVE-2022-2006 | Automation Direct C-More EA9 HMI | Uncontrolled Search Path Element | 7.8 |
| CVE-2016-2542 | AVEVA Edge HMI/SCADA Software | Uncontrolled Search Path Element | 7.5 |
| CVE-2021-42794 | AVEVA Edge HMI/SCADA Software | Exposure of Sensitive Information to an Unauthorized Actor | 5.3 |
| CVE-2021-42796 | AVEVA Edge HMI/SCADA Software | Improper Access Controls | 9.8 |
| CVE-2021-42797 | AVEVA Edge HMI/SCADA Software | Path Traversal (Windows UNC injection) | 8.6 |
| CVE-2022-34755 | Schneider Electric’s Easergy Builder | Uncontrolled Search Path Element | 6.3 |
| CVE-2021-22775 | Schneider Electric’s GP-Pro Ex | Uncontrolled Search Path Element | 7.8 |
| CVE-2021-31218 | VIPA’s WinPLC7 PLC Programming Software | Stack-based Buffer Overflow | 7.8 |
| CVE-2021-31219 | VIPA’s WinPLC7 PLC Programming Software | Uncontrolled Search Path Element | 7.8 |