Vulnerabilities (CVE)

Filtered by vendor Opto22 Subscribe
Filtered by product Snap Pac S1
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-40710 1 Opto22 2 Snap Pac S1, Snap Pac S1 Firmware 2024-11-21 N/A 6.8 MEDIUM
An adversary could cause a continuous restart loop to the entire device by sending a large quantity of HTTP GET requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b
CVE-2023-40709 1 Opto22 2 Snap Pac S1, Snap Pac S1 Firmware 2024-11-21 N/A 6.8 MEDIUM
An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b
CVE-2023-40708 1 Opto22 2 Snap Pac S1, Snap Pac S1 Firmware 2024-11-21 N/A 5.8 MEDIUM
The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10.3b. This could allow an adversary to access some device files.
CVE-2023-40707 1 Opto22 2 Snap Pac S1, Snap Pac S1 Firmware 2024-11-21 N/A 8.6 HIGH
There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don't set up complex credentials.
CVE-2023-40706 1 Opto22 2 Snap Pac S1, Snap Pac S1 Firmware 2024-11-21 N/A 8.6 HIGH
There is no limit on the number of login attempts in the web server for the SNAP PAC S1 Firmware version R10.3b. This could allow for a brute-force attack on the built-in web server login.