{"vulnerability": "CVE-2021-3459", "sightings": [{"uuid": "e5edf572-42d9-4a68-8639-7adef8fde42b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-34591", "type": "seen", "source": "https://t.me/cibsecurity/41515", "content": "\u203c CVE-2021-34591 \u203c\n\nIn Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-27T20:13:23.000000Z"}, {"uuid": "46bd54eb-4754-460a-8d9a-c8661c1d388d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-34590", "type": "seen", "source": "https://t.me/cibsecurity/41511", "content": "\u203c CVE-2021-34590 \u203c\n\nIn Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-27T20:13:18.000000Z"}, {"uuid": "0b91c852-af29-4300-85c6-6ed60bfb81d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-34598", "type": "seen", "source": "https://t.me/cibsecurity/32144", "content": "\u203c CVE-2021-34598 \u203c\n\nIn Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-10T14:36:17.000000Z"}, {"uuid": "3c65ffe4-5c55-4740-87ac-6947ba7b66f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-34593", "type": "seen", "source": "https://t.me/cibsecurity/31203", "content": "\u203c CVE-2021-34593 \u203c\n\nIn CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-26T14:14:57.000000Z"}, {"uuid": "65cc29dd-0049-4099-aca9-247a171cc5c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-34595", "type": "seen", "source": "https://t.me/cibsecurity/31197", "content": "\u203c CVE-2021-34595 \u203c\n\nA crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-26T14:14:51.000000Z"}, {"uuid": "65445580-2658-4863-8ebc-e0d65819bdbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-34597", "type": "seen", "source": "https://t.me/cibsecurity/31803", "content": "\u203c CVE-2021-34597 \u203c\n\nImproper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-04T13:24:41.000000Z"}, {"uuid": "3219d0e9-4fa2-4acc-b15a-16795340b2cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-34594", "type": "seen", "source": "https://t.me/cibsecurity/31802", "content": "\u203c CVE-2021-34594 \u203c\n\nTwinCAT OPC UA Server in TF6100 and TS6100 in product versions before 4.3.48.0 or with TcOpcUaServer versions below 3.2.0.194 are prone to a relative path traversal that allow administrators to create or delete any files on the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-04T13:24:40.000000Z"}, {"uuid": "fb4492dd-d25e-46dd-b135-e4a994ae2fb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2021-34593", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01", "content": "", "creation_timestamp": "2026-03-17T12:00:00.000000Z"}, {"uuid": "64d5cfee-f882-457a-88a8-7695a1653ac7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2021-34595", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01", "content": "", "creation_timestamp": "2026-03-17T12:00:00.000000Z"}, {"uuid": "d3df1286-6cbe-4593-8422-7c0754c701cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2021-34596", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01", "content": "", "creation_timestamp": "2026-03-17T12:00:00.000000Z"}, {"uuid": "fa7cdbbf-9b9d-4619-8ba4-0b7a1118e5f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-34592", "type": "seen", "source": "https://t.me/cibsecurity/41516", "content": "\u203c CVE-2021-34592 \u203c\n\nIn Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-27T20:13:24.000000Z"}, {"uuid": "09c36780-ace6-4c79-adce-3bb35cb816b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-34599", "type": "seen", "source": "https://t.me/cibsecurity/33176", "content": "\u203c CVE-2021-34599 \u203c\n\nAffected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the server to which the connection is made is not properly verified, the server connection is vulnerable to a man-in-the-middle attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-01T12:35:12.000000Z"}, {"uuid": "791e0253-8ed5-438f-8690-928682d77375", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-34596", "type": "seen", "source": "https://t.me/cibsecurity/31200", "content": "\u203c CVE-2021-34596 \u203c\n\nA crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-26T14:14:54.000000Z"}, {"uuid": "c5be775f-2e97-45ea-9ac5-9b4f26344ea8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-3459", "type": "seen", "source": "https://t.me/cibsecurity/27434", "content": "\u203c CVE-2021-3459 \u203c\n\nA privilege escalation vulnerability was reported in the MM1000 device configuration web server, which could allow privileged shell access and/or arbitrary privileged commands to be executed on the adapter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-17T20:15:53.000000Z"}]}