Filtered by vendor Danfoss
Subscriptions
Total
12 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-41452 | 1 Danfoss | 1 Ak-sm8xxa Series | 2025-08-23 | N/A |
| Post-authenticated external control of system web interface configuration setting vulnerability in Danfoss AK-SM8xxA Series prior to 4.3.1, which could allow for a denial of service attack induced by improper handling of exceptional conditions | ||||
| CVE-2025-41451 | 1 Danfoss | 1 Ak-sm8xxa Series | 2025-08-23 | N/A |
| Improper neutralization of alarm-to-mail configuration fields used in an OS shell Command ('Command Injection') in Danfoss AK-SM8xxA Series prior to version 4.3.1, leading to a potential post-authenticated remote code execution on an attacked system. | ||||
| CVE-2023-25914 | 1 Danfoss | 2 Ak-sm 800a, Ak-sm 800a Firmware | 2025-07-19 | 8.8 High |
| Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise. | ||||
| CVE-2023-25911 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2025-01-17 | 9.9 Critical |
| The Danfoss AK-EM100 web applications allow for an authenticated user to perform OS command injection through the web application parameters. | ||||
| CVE-2023-25915 | 1 Danfoss | 2 Ak-sm 800a, Ak-sm 800a Firmware | 2025-01-17 | 9.9 Critical |
| Due to improper input validation, an authenticated remote attacker could execute arbitrary commands on the target system. | ||||
| CVE-2023-25912 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2025-01-09 | 5.3 Medium |
| The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values. | ||||
| CVE-2023-22584 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2025-01-09 | 7.5 High |
| The Danfoss AK-EM100 stores login credentials in cleartext. | ||||
| CVE-2023-22585 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2025-01-09 | 9 Critical |
| The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting in the title parameter. | ||||
| CVE-2023-22583 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2025-01-09 | 10 Critical |
| The Danfoss AK-EM100 web forms allow for SQL injection in the login forms. | ||||
| CVE-2023-22586 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2025-01-09 | 7.7 High |
| The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter. | ||||
| CVE-2023-22582 | 1 Danfoss | 2 Ak-em100, Ak-em100 Firmware | 2025-01-09 | 9 Critical |
| The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting. | ||||
| CVE-2023-25913 | 1 Danfoss | 2 Ak-sm 800a, Ak-sm 800a Firmware | 2025-01-09 | 7.5 High |
| Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information. | ||||
Page 1 of 1.