Threatscape

All the following vulnerabilities were discovered either by Positive Research experts or by automated security products from Positive Technologies, including MaxPatrol and PT Application Inspector.
Medium (6,8) CVSS: 3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
PT-2022-05: Stored Cross-Site Scripting (XSS)
Fix date: December 3, 2022
Vector: Remote
Systems affected: NetAct v 20.1
Vendor: Nokia
Medium (6,8) CVSS: 3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
PT-2022-04: Cross Site Template Injection (CSTI)
Fix date: December 3, 2022
Vector: Remote
Systems affected: NetAct v 20.1
Vendor: Nokia
Medium (6,8) CVSS: 3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
PT-2022-03: Stored Cross-Site Scripting (XSS)
Fix date: December 3, 2022
Vector: Remote
Systems affected: NetAct v 20.1
Vendor: Nokia
Medium (6,5) CVSS: 3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
PT-2022-02: XML External Entity (XXE)
Fix date: December 3, 2022
Vector: Remote
Systems affected: NetAct v 20.1
Vendor: Nokia
Medium (6,5) CVSS: 3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
PT-2022-01: XML External Entity (XXE)
Fix date: December 3, 2022
Vector: Remote
Systems affected: NetAct v 20.1
Vendor: Nokia
Medium (5,3) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
PT-2021-15: Denial of Service when Processing File with Incorrect Header Content in FX5U(C) CPU and FX5UJ CPU modules
Fix date: May 17, 2022
Vector: Remote
Systems affected: FX5U(C) CPU and FX5UJ CPU modules
Vendor: Mitsubishi Electric
High (8,6) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
PT-2021-14: Integer Overflow Resulting in Reading and Writing Outside Memory Range Allocated to Device
Fix date: May 17, 2022
Vector: Remote
Systems affected: FX5U(C) CPU and FX5UJ CPU modules
Vendor: Mitsubishi Electric
Medium (6,8) CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
PT-2021-13: Access to sensitive PLC information in FX5U(C) CPU and FX5UJ CPU modules
Fix date: March 31, 2022
Vector: Remote
Systems affected: FX5U(C) CPU and FX5UJ CPU modules
Vendor: Mitsubishi Electric
Medium (5,9) CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
PT-2021-12: Authentication pypass by capture-replay in FX5U(C) CPU and FX5UJ CPU modules
Fix date: March 31, 2022
Vector: Remote
Systems affected: FX5U(C) CPU and FX5UJ CPU modules
Vendor: Mitsubishi Electric
High (7,4) CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
PT-2021-11: Possibility to access file 00000001.SYP with file password mechanism enabled in the FX5U(C) CPU and FX5UJ CPU modules
Fix date: March 31, 2022
Vector: Remote
Systems affected: FX5U(C) CPU and FX5UJ CPU modules
Vendor: Mitsubishi Electric
High (7,4) CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
PT-2021-10: Possibility of authorization in the file password mechanism using the password hash value in the FX5U(C) CPU and FX5UJ CPU modules
Fix date: March 31, 2022
Vector: Remote
Systems affected: FX5U(C) CPU and FX5UJ CPU modules
Vendor: Mitsubishi Electric
Medium (5,9) CVSS: 3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
PT-2021-09: Possibility of authorization in Remote Password mechanism using password hash
Fix date: March 31, 2022
Vector: Remote
Systems affected: FX5U(C) CPU and FX5UJ CPU modules
Vendor: Mitsubishi Electric
Medium (5,9) CVSS: 3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
PT-2021-08: Possibility of authorization in Remote Password mechanism using password hash in FX5U(C) CPU and FX5UJ CPU modules
Fix date: March 31, 2022
Vector: Remote
Systems affected: FX5U(C) CPU and FX5UJ CPU modules
Vendor: Mitsubishi Electric
Medium (5.3) CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
PT-2021-07: GPay payments above NoCVM limits, CryptoATC out of order
Fix date: no patches available
Vector: Local
Systems affected: MasterCard Tokenisation Service (MDES)
Vendor: MasterCard
Notification status: October, 2021- Vendor notification date
Medium (4.9) CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
PT-2021-06: Lack of integrity checks of the MCC field
Fix date: no patches available
Vector: Remote
Systems affected: Visa Tokenisation Service (VTS)
MasterCard Tokenisation Service (MDES)
Vendor: EMVCo, Visa, MasterCard
Notification status: October, 2021- Vendor notification date
Medium (4.1) CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
PT-2021-05: Lack of Amount/CVMResults fields checking for Public Transport Schemes
Fix date: no patches available
Vector: Local
Systems affected: Visa Tokenisation Service (VTS)
MasterCard Tokenisation Service (MDES)
Vendor: EMVCo
Notification status: October, 2021- Vendor notification date
Medium (4.9) CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
PT-2021-04: AAC/ARQC cryptogram confusion
Fix date: no patches available
Vector: Remote
Systems affected: Visa Tokenisation Service (VTS)
MasterCard Tokenisation Service (MDES)
Vendor: Visa Inc, MasterCard Inc.
Notification status: October, 2021- Vendor notification date
Medium (5.3) CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
PT-2021-03: Apple Pay authentication and fields validation issues
Fix date: no patches available
Vector: Local
Systems affected: iOS/iPhone
Vendor: Apple Inc
Notification status: October, 2021- Vendor notification date
High (6.8) CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS
Fix date: no patches available
Vector: Local
Systems affected: RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM)
Vendor: Diebold-Nixdorf
Notification status: July, 2018 - Vendor notification date
High (6.8) CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5
Fix date: no patches available
Vector: Local
Systems affected: CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM)
Vendor: Diebold-Nixdorf
Notification status: July, 2018 - Vendor notification date
Severity level
Date filters
Date range
Year
Month
Starts:
Year
Month
Ends:
Year
Month
Vendor
Company name
Systems affected
Software name
Reset filter
Editor’s Choice