DIVD CSIRT

2025

• CVE-2025-22366 - Mennekes smart/premium charges systems, Command injection in firmware upgrade
• CVE-2025-22367 - Mennekes smart/premium charges systems, Command injection in time setting
• CVE-2025-22368 - Mennekes smart/premium charges systems, Command injection in sCU firmware update
• CVE-2025-22369 - Mennekes smart/premium charges systems, Arbitrary file download using ReadFile endpoint
• CVE-2025-22370 - Mennekes smart/premium charges systems, SQL Injection in web configuration interface
• CVE-2025-22371 - SQL-injection in admin_login_handler allows unauthenticated user to log in as an administrator in SicommNet BASEC
• CVE-2025-22372 - Insecure password storage in SicommNet BASEC
• CVE-2025-22373 - XSS, HTML and Style injection on login page
• CVE-2025-22374 - SSRF in CyberAudit-Web videx-legacy-ssl
• CVE-2025-22375 - Authentication Bypass in CyberAudit-Web
• CVE-2025-29756 - MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters

2024

• CVE-2024-21875 - DoS attack when broadcasting billboard messages
• CVE-2024-21876 - Unauthenticated Path Traversal via URL Parameter in Enphase IQ Gateway version < 8.2.4225
• CVE-2024-21877 - Insecure File Generation Based on User Input in Enphase IQ Gateway version 4.x to 8.x and < 8.2.4225
• CVE-2024-21878 - Command Injection through Unsafe File Name Evaluation in internal script in Enphase IQ Gateway v4.x to and including 8.x
• CVE-2024-21879 - URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway v4.x to v8.x and < v8.2.4225
• CVE-2024-21880 - URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway version 4.x <= 7.x
• CVE-2024-21881 - Upload of encrypted packages allows authenticated command execution in Enphase IQ Gateway v4.x and v5.x
• CVE-2024-27112 - SQL Injection in SOPlanning before 1.52.02
• CVE-2024-27113 - Insecure Direct Object Reference to export Database in SOPlanning before 1.52.02
• CVE-2024-27114 - Remote Code Execution through File Upload in SOPlanning before 1.52.02
• CVE-2024-27115 - Remote Code Execution through File Upload in SOPlanning before 1.52.02
• CVE-2024-27120 - Local File Inclusion in ComfortKey before version 24.1.2
• CVE-2024-43648 - Authenticated command injection via <redacted>.exe <redacted> parameter
• CVE-2024-43649 - Authenticated command injection via <redacted>.exe <redacted> parameter
• CVE-2024-43650 - Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station
• CVE-2024-43651 - Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station
• CVE-2024-43652 - Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station
• CVE-2024-43653 - Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station
• CVE-2024-43654 - Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station
• CVE-2024-43655 - Any authenticated users can execute OS commands as root using the <redacted>.sh CGI script.
• CVE-2024-43656 - A backup can be manipulated and then restored to create arbitrary files inside the <redacted> directory. A CGI script can be added to the web directory this way, allowing for full remote code execution.
• CVE-2024-43657 - When uploading new firmware, a shell script inside a firmware file is executed during its processing. This can be used to craft a custom firmware file with a custom script with arbitrary code, which will then be executed on the charging station.
• CVE-2024-43658 - Using the <redacted> action or <redacted>.sh script, arbitrary files and directories can be deleted using directory traversal.
• CVE-2024-43659 - Plaintext default credentials in firmware
• CVE-2024-43660 - Arbitrary file download using <redacted>.sh
• CVE-2024-43661 - Buffer overflow in <redacted>.so leads to DoS of OCPP service
• CVE-2024-43662 - Authenticated arbitrary file upload to /tmp/ and /tmp/upload/
• CVE-2024-43663 - Buffer overflow vulnerabilities in CGI scripts lead to segfault

2023

• CVE-2023-22577 - White Rabbit Switch - Password Disclosure Vulnerability
• CVE-2023-22578 - Sequalize - Default support for “raw attributes” when using parentheses
• CVE-2023-22579 - Sequalize - Unsafe fall-through in getWhereConditions
• CVE-2023-22580 - Sequalize - Bad query filtering leading to SQL errors
• CVE-2023-22581 - White Rabbit Switch - Unauthenticated remote code execution
• CVE-2023-22582 - Reflected Cross-Site Scripting in Danfoss AK-EM100
• CVE-2023-22583 - SQL Injection in Danfoss AK-EM 100
• CVE-2023-22584 - Cleartext credentials in Danfoss AK-EM 100
• CVE-2023-22585 - Reflected Cross-Site Scripting in Danfoss AK-EM 100
• CVE-2023-22586 - Local File Inclusion in Danfoss AK-EM 100
• CVE-2023-25911 - OS Command Injection in Danfoss AK-EM 100
• CVE-2023-25912 - Webreport disclosure to unauthorized actor in Danfoss AK-EM 100
• CVE-2023-25913 - Authentication Bypass in Danfoss AK-SM800A
• CVE-2023-25914 - Path Traversal in Danfoss AK-SM800A
• CVE-2023-25915 - Remote Command Execution in Danfoss AK-SM800A

2022

• CVE-2022-0564 - Qlik Sense Enterprise Domain User enumeration
• CVE-2022-2421 - Socket.io - Improper type validation in attachment parsing
• CVE-2022-2422 - Feathers - SQL injection via attribute aliases
• CVE-2022-24384 - Reflective XSS on SmarterTrack v100.0.8019.14010
• CVE-2022-24385 - Information disclosure via direct object access on SmarterTrack v100.0.8019.14010
• CVE-2022-24386 - Stored XSS in SmarterTrack v100.0.8019.14010
• CVE-2022-24387 - File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010
• CVE-2022-25151 - ITarian - Session cookie not protected by HttpOnly flag
• CVE-2022-25152 - ITarian - Any user with a valid session token can create and execute agent procedures and bypass mandatory approvals
• CVE-2022-25153 - ITarian - Local privilege escalation in Endpoint Manager agent on Windows
• CVE-2022-29822 - Feathers - Improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection
• CVE-2022-29823 - Feathers - Query “__proto__” is converted to real prototype
• CVE-2022-3901 - Visioweb.js - Prototype Pollution can results in XSS
• CVE-2022-41216 - Cloudflow - Local File Inclusion Vulnerability
• CVE-2022-41217 - Cloudflow - Unauthenticated file upload vulnerability
• CVE-2022-45049 - Reflected XSS in Axiell Iguana CMS
• CVE-2022-45050 - Reflected XSS in Axiell Iguana CMS
• CVE-2022-45051 - Reflected POST XSS in Axiell Iguana CMS
• CVE-2022-45052 - Local File Inclusion in Axiell Iguana CMS

2021

• CVE-2021-26471 - Unauthenticated remote command execution in Vembu products
• CVE-2021-26472 - Unauthenticated remote command execution with SYSTEM privileges in Vembu products
• CVE-2021-26473 - Unauthenticated arbitrary file upload and command execution in Vembu products
• CVE-2021-26474 - UNAUTHENTICATED SERVER SIDE REQUEST FORGERY IN VEMBU PRODUCTS
• CVE-2021-30116 - Unauthenticated credential leak and business logic flaw in Kaseya VSA <= v9.5.6
• CVE-2021-30117 - Authenticated SQL injection in Kaseya VSA < v9.5.6
• CVE-2021-30118 - Unauthenticated Remote Code Execution in Kaseya VSA < v9.5.5
• CVE-2021-30119 - Authenticated Authenticated reflective XSS in Kaseya VSA <= v9.5.6
• CVE-2021-30120 - 2FA bypass in Kaseya VSA <= v9.5.6
• CVE-2021-30121 - (Semi-)Authenticated local file inclusion in Kaseya VSA < v9.5.6
• CVE-2021-30201 - Unauthenticated XML External Entity vulnerability in Kaseya VSA < v9.5.6
• CVE-2021-32233 - SmarterTools SmarterMail before Build 7776 allows XSS.
• CVE-2021-32234 - SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution.
• CVE-2021-40385 - Privilege escalation in Kaseya Unitrends Backup Software before 10.5.5-2
• CVE-2021-40386 - Kaseya Unitrends Client/Agent through 10.5.5 allows remote attackers to execute arbitrary code
• CVE-2021-40387 - Kaseya Unitrends Backup Software before 10.5.5-2 authenticated RCE
• CVE-2021-42079 - SSRF vulnerability in OSNEXUS QuantaStor before 6.0.0.355
• CVE-2021-42080 - Reflected XSS vulnerability in OSNEXUS QuantaStor before 6.0.0.355
• CVE-2021-42081 - Authenticated Remote Command Execution vulnerability in OSNEXUS QuantaStor before 6.0.0.355
• CVE-2021-42082 - Local Privilege Escalation to root in OSNEXUS QuantaStor before 6.0.0.355
• CVE-2021-42083 - Authenticated Stored XSS in OSNEXUS QuantaStor 6.0.0.335
• CVE-2021-43977 - SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS.
• CVE-2021-4406 - Authenticated Remote COmmand Execution as root in OSNEXUS QuantaStor version 6.0.0.355 and others
• CVE-2022-0564 - Qlik Sense Enterprise Domain User enumeration