Control
This hub aggregates every CVE we track for Control, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.
11
CVEs tracked
3
Critical
4
High
0
In CISA KEV
Severity distribution
HIGH4MEDIUM4CRITICAL3
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 11 most recently published vulnerabilities affecting Control.
- CVE-2023-25718In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as ins...9.8
- CVE-2023-25719ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflect...8.8
- CVE-2021-36763In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.7.5
- CVE-2021-33485CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.9.8
- CVE-2019-16515An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. Certain HTTP security headers are not used.6.5
- CVE-2019-16516An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with c...5.3
- CVE-2019-16514An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZI...7.2
- CVE-2019-16517An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This al...9.8
- CVE-2019-16512An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is stored XSS in the Appearance modifier.4.8
- CVE-2019-16513An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send API requests.8.8
- CVE-2014-3857Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via ...6.5
Product normalization is registry-driven with AI assist and human review. How it works