Opc Security Vulnerabilities
A local attacker can gain administrative privileges by inserting an executable file in the path of the affected...
7.8CVSS
8.2AI Score
0.0004EPSS
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all.....
7.5CVSS
7.7AI Score
0.001EPSS
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2...
9.8CVSS
9.6AI Score
0.002EPSS
OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client's self-defined description...
5.3CVSS
5.3AI Score
0.0005EPSS
An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on...
7.5CVSS
7.5AI Score
0.0005EPSS
Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. The service executable could be changed or the service could be...
7.5CVSS
7.3AI Score
0.001EPSS
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to...
7.5CVSS
7.5AI Score
0.001EPSS
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak...
9.1CVSS
9.2AI Score
0.001EPSS
A vulnerability has been identified in Siemens OPC UA Modelling Editor (SiOME) (All versions < V2.8). Affected products suffer from a XML external entity (XXE) injection vulnerability. This vulnerability could allow an attacker to interfere with an application's processing of XML data and read.....
7.5CVSS
7.3AI Score
0.0004EPSS
The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by...
7.5CVSS
7.5AI Score
0.001EPSS
A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started...
7.2CVSS
6.2AI Score
0.0004EPSS
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause loss of confidentiality when replacing a project file on the local filesystem and after manual restart of the...
5.5CVSS
5.5AI Score
0.001EPSS
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to the software by a local...
5.5CVSS
5.2AI Score
0.0004EPSS
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server 1.7.6-537 [with vendor rollup]. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of...
7.5CVSS
7.5AI Score
0.003EPSS
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server 1.7.6-537. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
7.5CVSS
7.5AI Score
0.003EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack....
9.1CVSS
9.4AI Score
0.003EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack....
9.8CVSS
9.6AI Score
0.004EPSS
In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the...
7.8CVSS
7.7AI Score
0.0004EPSS
Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). This affects versions before 14.3 of DeltaV M-series, DeltaV S-series, DeltaV P-series, DeltaV SIS, and DeltaV CIOC/EIOC/WIOC IO...
7.8CVSS
7.6AI Score
0.001EPSS
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and prior allows a remote unauthenticated attacker to disclose sensitive information. As a result,...
8.6CVSS
7.7AI Score
0.006EPSS
An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free...
7.5CVSS
7.5AI Score
0.001EPSS
An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and matrix bounds in structure data...
7.5CVSS
7.7AI Score
0.001EPSS
Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified...
8.3AI Score
0.006EPSS
Stack-based buffer overflow in the web server in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute...
8.6AI Score
0.011EPSS
The DataSim and DataPid demonstration clients in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote servers to cause a denial of service (incorrect pointer access and client...
6.8AI Score
0.001EPSS
Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 do not properly handle exceptions, which allows remote attackers to cause a denial of service (application crash) or possibly execute...
8.2AI Score
0.004EPSS
Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed data in a formatted text....
6.8AI Score
0.001EPSS
MatrikonOPC SCADA DNP3 OPC Server 1.2.0 allows remote attackers to cause a denial of service (master-station daemon crash) via a malformed DNP3 TCP packet from the IP address of an...
6.8AI Score
0.002EPSS
All versions of package asneg/opcuastack are vulnerable to Denial of Service (DoS) due to a missing handler for failed casting when unvalidated data is forwarded to boost::get function in OpcUaNodeIdBase.h. Exploiting this vulnerability is possible when sending a specifically crafted OPC UA...
7.5CVSS
7.4AI Score
0.001EPSS
All versions of package asneg/opcuastack are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks...
7.5CVSS
7.5AI Score
0.001EPSS
Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as admin and password as admin. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the...
9.8CVSS
9.4AI Score
0.002EPSS
A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server...
7.5CVSS
7.4AI Score
0.003EPSS
A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server...
7.5CVSS
7.4AI Score
0.002EPSS
A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server...
7.5CVSS
7.4AI Score
0.002EPSS
Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may.....
5.7CVSS
5.3AI Score
0.001EPSS
The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file.....
7.2CVSS
7AI Score
0.002EPSS
Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference...
7.5CVSS
7.4AI Score
0.002EPSS
A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server...
7.5CVSS
7.4AI Score
0.003EPSS
The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure Integration Server...
7.2CVSS
7.4AI Score
0.001EPSS
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface (23/TCP) on M-series and SIS (CSLS/LSNB/LSNG) nodes is controlled by means of utility passwords. These...
5.5CVSS
5.3AI Score
0.004EPSS
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials (but may often be disabled in production). This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from...
5.5CVSS
5.2AI Score
0.004EPSS
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from...
5.5CVSS
5.2AI Score
0.004EPSS
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from...
5.5CVSS
5.2AI Score
0.004EPSS
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon...
7.5CVSS
7.4AI Score
0.001EPSS
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H)...
7.5CVSS
7.4AI Score
0.001EPSS
A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and...
7.5CVSS
7.3AI Score
0.001EPSS
A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module...
7.5CVSS
7.3AI Score
0.001EPSS
A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon...
5.5CVSS
5.2AI Score
0.001EPSS
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10...
7.5CVSS
7.4AI Score
0.001EPSS
A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and...
7.5CVSS
7.4AI Score
0.001EPSS