Kevinlab 4St L-Bems vulnerabilities
3 known vulnerabilities affecting kevinlab/4st_l-bems.
Total CVEs
3
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-37291P1CRITICALCVSS 9.8ExploitedPoCv1.0.02022-04-11
CVE-2021-37291 [CRITICAL] CWE-89 CVE-2021-37291: An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0
An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php.
nvd
CVE-2021-37292P3HIGHCVSS 7.2PoCv1.0.02022-04-11
CVE-2021-37292 [HIGH] CVE-2021-37292: An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.
An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account with admin highest privileges and obtain system control.
nvd
CVE-2021-37293P3MEDIUMCVSS 6.5v1.0.02022-04-11
CVE-2021-37293 [MEDIUM] CWE-22 CVE-2021-37293: A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEM
A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php.
nvd