English
Russian
Korean
Support
Search
Search
Solutions
Products
Services
Analytics
Partners
About
ICS/SCADA
Critical infrastructure on the frontline
Vulnerability Management
Stop being an easy target
Financial Services
Can your security keep up with you?
Protection from targeted attacks (anti-apt)
Early detection, rapid investigation
PT Industrial Cybersecurity Suite
PT ICS is an integrated platform for cyberthreat detection and response in industrial systems
Utilities
Industrial-grade cybersecurity
ERP Security
Take control of your ERP security
Security Compliance
Turn policies into protection
MaxPatrol 8
Vulnerability and compliance management system.
MaxPatrol SIEM
Knows your infrastructure, delivers pinpoint detection.
PT Application Firewall
Intelligent protection of business applications.
PT Application Inspector
Source code analysis tool.
PT ISIM
Cyberthreat detection and incident response in ICS.
PT Network Attack Discovery
NDR system to detect attacks on the perimeter and inside the network.
PT Sandbox
Advanced sandbox with customizable virtual environments
XSpider
Vulnerability scanner.
MaxPatrol VM
Next-generation vulnerability management system.
MaxPatrol SIEM All-in-One
Full-featured SIEM for mid-sized IT infrastructures.
PT MultiScanner
Multilayered protection against malware attacks.
PT BlackBox
Dynamic application security testing tool
ICS/SCADA Security Assessment
Full Range of ICS-specific Security Services
ATM Security Assessments
Uncover Your Weaknesses
Web Application Security Services
Black Box and White Box Analysis
Mobile Application Security Services
Security Analysis and Compliance Audit
Custom Application Security Services
Independent Expert Analysis of Your Source Code
Penetration Testing
A Comprehensive Approach
Forensic Services
Prevent Future Incidents
Advanced Border Control
Upgrade Your View of Perimeter Security
Threatscape
PT ESC Threat Intelligence
Cybersecurity glossary
Knowledge base
Clients
Press
News
Events
Contacts
Documents and Materials
Home
Analytics
Threatscape
Threatscape
All the following vulnerabilities were discovered either by Positive Research experts or by automated security products from Positive Technologies, including MaxPatrol and PT Application Inspector.
Medium
(5,0) CVSS: 3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/MAV:L/MAC:H/MPR:L/MUI:R/MS:C/MC:L/MI:L/MA:L
PT-2022-05: Stored Cross-Site Scripting (XSS)
Fix date:
December 3, 2022
Vector:
Remote
Systems affected:
NetAct v 20.1
Vendor:
Nokia
Medium
(5,0) CVSS: 3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/MAV:L/MAC:H/MPR:L/MUI:R/MS:C/MC:L/MI:L/MA:L
PT-2022-04: Cross Site Template Injection (CSTI)
Fix date:
December 3, 2022
Vector:
Remote
Systems affected:
NetAct v 20.1
Vendor:
Nokia
Medium
(5,0) CVSS: 3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/MAV:L/MAC:H/MPR:L/MUI:R/MS:C/MC:L/MI:L/MA:L
PT-2022-03: Stored Cross-Site Scripting (XSS)
Fix date:
December 3, 2022
Vector:
Remote
Systems affected:
NetAct v 20.1
Vendor:
Nokia
Medium
(5,8) CVSS: 3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/MAV:L/MAC:H/MPR:L/MUI:N/MS:U/MC:H/MI:L/MA:L
PT-2022-02: XML External Entity (XXE)
Fix date:
December 3, 2022
Vector:
Remote
Systems affected:
NetAct v 20.1
Vendor:
Nokia
Medium
(5,8) CVSS: 3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/MAV:L/MAC:H/MPR:L/MUI:N/MS:U/MC:H/MI:L/MA:L
PT-2022-01: XML External Entity (XXE)
Fix date:
December 3, 2022
Vector:
Remote
Systems affected:
NetAct v 20.1
Vendor:
Nokia
Medium
(5,3) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
PT-2021-15: Denial of Service when Processing File with Incorrect Header Content in FX5U(C) CPU and FX5UJ CPU modules
Fix date:
May 17, 2022
Vector:
Remote
Systems affected:
FX5U(C) CPU and FX5UJ CPU modules
Vendor:
Mitsubishi Electric
High
(8,6) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
PT-2021-14: Integer Overflow Resulting in Reading and Writing Outside Memory Range Allocated to Device
Fix date:
May 17, 2022
Vector:
Remote
Systems affected:
FX5U(C) CPU and FX5UJ CPU modules
Vendor:
Mitsubishi Electric
Medium
(6,8) CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
PT-2021-13: Access to sensitive PLC information in FX5U(C) CPU and FX5UJ CPU modules
Fix date:
March 31, 2022
Vector:
Remote
Systems affected:
FX5U(C) CPU and FX5UJ CPU modules
Vendor:
Mitsubishi Electric
Medium
(5,9) CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
PT-2021-12: Authentication pypass by capture-replay in FX5U(C) CPU and FX5UJ CPU modules
Fix date:
March 31, 2022
Vector:
Remote
Systems affected:
FX5U(C) CPU and FX5UJ CPU modules
Vendor:
Mitsubishi Electric
High
(7,4) CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
PT-2021-11: Possibility to access file 00000001.SYP with file password mechanism enabled in the FX5U(C) CPU and FX5UJ CPU modules
Fix date:
March 31, 2022
Vector:
Remote
Systems affected:
FX5U(C) CPU and FX5UJ CPU modules
Vendor:
Mitsubishi Electric
High
(7,4) CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
PT-2021-10: Possibility of authorization in the file password mechanism using the password hash value in the FX5U(C) CPU and FX5UJ CPU modules
Fix date:
March 31, 2022
Vector:
Remote
Systems affected:
FX5U(C) CPU and FX5UJ CPU modules
Vendor:
Mitsubishi Electric
Medium
(5,9) CVSS: 3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
PT-2021-09: Possibility of authorization in Remote Password mechanism using password hash
Fix date:
March 31, 2022
Vector:
Remote
Systems affected:
FX5U(C) CPU and FX5UJ CPU modules
Vendor:
Mitsubishi Electric
Medium
(5,9) CVSS: 3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
PT-2021-08: Possibility of authorization in Remote Password mechanism using password hash in FX5U(C) CPU and FX5UJ CPU modules
Fix date:
March 31, 2022
Vector:
Remote
Systems affected:
FX5U(C) CPU and FX5UJ CPU modules
Vendor:
Mitsubishi Electric
Medium
(5.3) CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
PT-2021-07: GPay payments above NoCVM limits, CryptoATC out of order
Fix date:
no patches available
Vector:
Local
Systems affected:
MasterCard Tokenisation Service (MDES)
Vendor:
MasterCard
Notification status:
October, 2021- Vendor notification date
Medium
(4.9) CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
PT-2021-06: Lack of integrity checks of the MCC field
Fix date:
no patches available
Vector:
Remote
Systems affected:
Visa Tokenisation Service (VTS)
MasterCard Tokenisation Service (MDES)
Vendor:
EMVCo, Visa, MasterCard
Notification status:
October, 2021- Vendor notification date
Medium
(4.1) CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
PT-2021-05: Lack of Amount/CVMResults fields checking for Public Transport Schemes
Fix date:
no patches available
Vector:
Local
Systems affected:
Visa Tokenisation Service (VTS)
MasterCard Tokenisation Service (MDES)
Vendor:
EMVCo
Notification status:
October, 2021- Vendor notification date
Medium
(4.9) CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
PT-2021-04: AAC/ARQC cryptogram confusion
Fix date:
no patches available
Vector:
Remote
Systems affected:
Visa Tokenisation Service (VTS)
MasterCard Tokenisation Service (MDES)
Vendor:
Visa Inc, MasterCard Inc.
Notification status:
October, 2021- Vendor notification date
Medium
(5.3) CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
PT-2021-03: Apple Pay authentication and fields validation issues
Fix date:
no patches available
Vector:
Local
Systems affected:
iOS/iPhone
Vendor:
Apple Inc
Notification status:
October, 2021- Vendor notification date
High
(6.8) CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS
Fix date:
no patches available
Vector:
Local
Systems affected:
RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM)
Vendor:
Diebold-Nixdorf
Notification status:
July, 2018 - Vendor notification date
High
(6.8) CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5
Fix date:
no patches available
Vector:
Local
Systems affected:
CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM)
Vendor:
Diebold-Nixdorf
Notification status:
July, 2018 - Vendor notification date
Severity level
All levels
High
Medium
Low
Date filters
Date range
Year
Year
All
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
Month
Month
All
January
February
March
April
May
June
July
August
September
October
November
December
Starts:
Year
Year
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
Month
Month
January
February
March
April
May
June
July
August
September
October
November
December
Ends:
Year
Year
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
Month
Month
January
February
March
April
May
June
July
August
September
October
November
December
Vendor
Company name
Company name
Systems affected
Software name
Software name
Show threats with CVE-ID
Reset filter
Editor’s Choice
May 26, 2023
Positive Research 2023
June 17, 2022
Positive Research 2022
June 7, 2021
Positive Research 2021
