CWE-668

An information disclosure vulnerability exists within Dut Computer Control Engineering Co.’s PLC MAC1100.

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component “/public/index.php”.

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component “/nonecms/vendor”.

Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. This allows requests to be made and viewed by arbitrary origins.

The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. This applies to installations that have a TRANSFORM (MST) with the option to disable the installation of the Nomad module. An attacker may craft a .reg file in a specific location that will be able to write to any registry key as an elevated user.

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.