Memory corruption

JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory...

Honeywell Safety Manager 数据伪造问题漏洞

Honeywell Safety Manager is used by Honeywell to minimize accidents, maximize production uptime, reduce compliance costs, and manage plant safety. A data forgery issue vulnerability exists in all versions of Honeywell Safety Manager, which arises from the use of an unauthenticated Safety Builder...

Multiple vulnerabilities in IDEC PLCs

Overview Multiple PLCs provided by IDEC Corporation contain multiple vulnerabilities listed below. Unprotected transport of credentials CWE-523 - CVE-2021-37400 Plaintext storage of a password CWE-256 - CVE-2021-37401 Unprotected transport of credentials CWE-523 - CVE-2021-20826 Plaintext storage...

CVE-2021-20827

Plaintext storage of a password vulnerability in IDEC PLCs FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier allows an...

IDEC PLC安全漏洞

The IDEC PLC is a programmable controller. A security vulnerability exists in the IDEC PLC that could allow an attacker to obtain PLC web server user credentials from the communication between the PLC and the software. The following products and versions are affected: FC6A Series MICROSmart...

Mitsubishi Electric MELSEC iQ-R Series

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Corporation Equipment : MELSEC iQ-R Series CPU Module Vulnerability : Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this...

CLICK PLC CPU Modules 授权问题漏洞

CLICK PLC CPU Modules are Automation Direct's network devicesA single CLICK CPU Module can be connected to up to eight I/O modules to expand the number of system I/O and meet the needs of a specific application. An authorization issue vulnerability exists in Automation Direct CLICK PLC CPU Module...

MELSEC iQ-R Series CPU Modules vulnerable to uncontrolled resource consumption

Overview MELSEC iQ-R series CPU modules provided by Mitsubishi Electric Corporation contain an uncontrolled resource consumption vulnerability CWE-400. According to the developer, in case of "To Use or Not to Use Web Server Settings" in the parameter of CPU modules are set to "Not Use", this issu...

Mitsubishi Electric MELSEC iQ-R, Q, and L Series (Update E)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-R, Q, and L Series Vulnerability : Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a...

Modicon M340 BMX P34 CPU Module Detection

Binary data 35.prm...

Emerson 396879-11-0-3 ControlWave Micro CPU module Detection

Binary data 756502.prm...

Emerson 396359-25-6 ControlWave CPU module Detection

Binary data 756535.prm...

Denial of Service Vulnerability in S7 300 CPU319-3/CP343-1

Siemens China Ltd. is focused on electrification, automation and digitalization. A denial of service vulnerability exists in S7 300 CPU319-3/CP343-1, where an attacker can cause the PLC CPU module and CP module to go down, requiring a manual reboot of the PLC to recover. Other sub-function codes...

Schneider Electric Devices Detection (Modbus)

Modbus protocol-based detection of Schneider Electric devices. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...