Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12512PUBLISHED: 2021-01-22Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513PUBLISHED: 2021-01-22Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514PUBLISHED: 2021-01-22Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
CVE-2020-12525PUBLISHED: 2021-01-22M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
CVE-2020-12511PUBLISHED: 2021-01-22Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.
User Rank: Apprentice
7/14/2019 | 6:27:23 AM
1. Database
2. Application server (website)
3. User device
Today, most software today a password to reach the Application server, and the Application server has full access to the Database.
That means anyone who has access to the Application server, including a user on a poorly written software system, has full access to the Database.
I have written software (off and on) for 36 years. Please write software with this:
https://dls.97.double.in.th
(The site is under construction, but the Demo is complete.)