CVE-2023-36859 — CVSS 8.8 (high): PiiGAB M-Bus SoftwarePack 900S does not correctly sanitize user input, which could allow an attacker to inject arbitrary commands.
CVE-2023-35120 — CVSS 8.8 (high): PiiGAB M-Bus is vulnerable to cross-site request forgery. An attacker who wants to execute a certain command could send a phishing mail to…
CVE-2023-32652 — CVSS 8.0 (high): PiiGAB M-Bus does not validate identification strings before processing, which could make it vulnerable to cross-site scripting attacks.
CVE-2023-34995 — CVSS 7.5 (high): There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the…
CVE-2023-35765 — CVSS 6.5 (medium): PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user to gain admin credentials.
CVE-2023-33868 — CVSS 5.9 (medium): The number of login attempts is not limited. This could allow an attacker to perform a brute force on HTTP basic authentication.