An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. This may allow remote code execution.

A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may allow remote code execution.

Unspecified vulnerability in the server in Certec EDV atvise before 2.1 allows remote attackers to cause a denial of service (daemon crash) via crafted requests to TCP port 4840.