GCVE - cpe:2.3:a:danfoss:ak-em100:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:danfoss:ak-em100:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Danfoss (`4a381c1e-2f85-5f8c-b4e6-c3ced60eda9c`)
Product	Ak Em100 (`77c08370-bb7e-5ca9-a63c-7c75c16df96d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-25912`	vulnerable	2026-06-08 05:56:10.760517	Webreport disclosure to unauthorized actor in Danfoss AK-EM100 MEDIUM (5.3) The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values. Published: 2023-06-11T13:17:01.462Z Updated: 2025-01-09T07:56:42.597Z Open on db.gcve.eu Reference links https://csirt.divd.nl/CVE-2023-25912/ https://csirt.divd.nl/DIVD-2023-00021/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-25911`	vulnerable	2026-06-08 05:56:10.758713	Authenticated OS Command Injection in Danfoss AK-EM100 CRITICAL (9.9) The Danfoss AK-EM100 web applications allow for an authenticated user to perform OS command injection through the web application parameters. Published: 2023-06-11T13:17:02.850Z Updated: 2025-01-09T07:56:42.059Z Open on db.gcve.eu Reference links https://csirt.divd.nl/CVE-2023-25911/ https://csirt.divd.nl/DIVD-2023-00021/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-22586`	vulnerable	2026-06-08 05:54:26.531051	Local File Inclusion in Danfoss AK-EM100 HIGH (7.7) The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter. Published: 2023-06-11T13:17:01.615Z Updated: 2025-01-09T07:56:41.684Z Open on db.gcve.eu Reference links https://csirt.divd.nl/CVE-2023-22586/ https://csirt.divd.nl/DIVD-2023-00021/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-22585`	vulnerable	2026-06-08 05:54:26.530672	Reflected Cross-Site Scripting in Danfoss AK-EM100 CRITICAL (9) The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting in the title parameter. Published: 2023-06-11T13:17:01.771Z Updated: 2025-01-09T07:56:42.249Z Open on db.gcve.eu Reference links https://csirt.divd.nl/CVE-2023-22585/ https://csirt.divd.nl/DIVD-2023-00021/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-22584`	vulnerable	2026-06-08 05:54:26.530275	Cleartext credentials in Danfoss AK-EM100 HIGH (7.5) The Danfoss AK-EM100 stores login credentials in cleartext. Published: 2023-06-11T13:17:01.948Z Updated: 2025-01-09T07:56:42.422Z Open on db.gcve.eu Reference links https://csirt.divd.nl/CVE-2023-22584/ https://csirt.divd.nl/DIVD-2023-00021/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-22583`	vulnerable	2026-06-08 05:54:26.529846	SQL Injection in Danfoss AK-EM100 CRITICAL (10) The Danfoss AK-EM100 web forms allow for SQL injection in the login forms. Published: 2023-06-11T13:17:02.674Z Updated: 2025-01-09T07:56:41.855Z Open on db.gcve.eu Reference links https://csirt.divd.nl/CVE-2023-22583/ https://csirt.divd.nl/DIVD-2023-00021/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-22582`	vulnerable	2026-06-08 05:54:26.527857	Reflected Cross-Site Scripting in Danfoss AK-EM100 CRITICAL (9) The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting. Published: 2023-06-11T13:17:02.415Z Updated: 2025-01-09T07:56:41.506Z Open on db.gcve.eu Reference links https://csirt.divd.nl/CVE-2023-22582/ https://csirt.divd.nl/DIVD-2023-00021/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.