Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-23796

Publication date:
13/02/2024
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2024

CVE-2024-23797

Publication date:
13/02/2024
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2024

CVE-2024-22042

Publication date:
13/02/2024
A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (conhost.exe) as a child process with SYSTEM privileges. This could be exploited by an attacker to perform a local privilege escalation attack.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2024

CVE-2023-50236

Publication date:
13/02/2024
A vulnerability has been identified in Polarion ALM (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
18/10/2024

CVE-2023-49125

Publication date:
13/02/2024
A vulnerability has been identified in Parasolid V35.0 (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
18/10/2024

CVE-2023-51440

Publication date:
13/02/2024
A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions). Affected products incorrectly validate TCP sequence numbers. This could allow an unauthenticated remote attacker to create a denial of service condition by injecting spoofed TCP RST packets.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2024

CVE-2023-48364

Publication date:
13/02/2024
A vulnerability has been identified in OpenPCS 7 V9.1 (All versions
Severity CVSS v4.0: HIGH
Last modification:
18/10/2024

CVE-2023-48363

Publication date:
13/02/2024
A vulnerability has been identified in OpenPCS 7 V9.1 (All versions
Severity CVSS v4.0: HIGH
Last modification:
18/10/2024

CVE-2024-22445

Publication date:
13/02/2024
<br /> Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application&amp;#39;s underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2024

CVE-2024-22454

Publication date:
13/02/2024
<br /> Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2024

CVE-2023-6815

Publication date:
13/02/2024
Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet.
Severity CVSS v4.0: Pending analysis
Last modification:
22/10/2024

CVE-2024-25914

Publication date:
13/02/2024
Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Mail.This issue affects SMTP Mail: from n/a through 1.3.20.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2024