Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-27472
Publication date:
23/03/2022
A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2022

CVE-2021-27471
Publication date:
23/03/2022
The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the Connected Components Workbench software. User interaction is required for this exploit to be successful.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2022

CVE-2021-4148
Publication date:
23/03/2022
A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem.
Severity CVSS v4.0: Pending analysis
Last modification:
30/03/2022

CVE-2021-27476
Publication date:
23/03/2022
A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier.
Severity CVSS v4.0: Pending analysis
Last modification:
30/03/2022

CVE-2021-27422
Publication date:
23/03/2022
GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication.
Severity CVSS v4.0: Pending analysis
Last modification:
24/10/2022

CVE-2021-27456
Publication date:
23/03/2022
Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2022

CVE-2021-27460
Publication date:
23/03/2022
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. This vulnerability may allow a remote, unauthenticated attacker to gain full access to the FactoryTalk AssetCentre main server and all agent machines.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2022

CVE-2021-27462
Publication date:
23/03/2022
A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2022

CVE-2021-27464
Publication date:
23/03/2022
The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2022

CVE-2021-27466
Publication date:
23/03/2022
A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2022

CVE-2021-27468
Publication date:
23/03/2022
The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2022

CVE-2021-27470
Publication date:
23/03/2022
A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2022
Subscribe to Vulnerabilities