The vulnerability of the Foxboro.sys driver of the distributed system management software EcoStruxureTM Foxboro DCS Control Core Services allows a attacker to cause a service failure or execute arbitrary code.

The vulnerability of the Foxboro.sys driver, a microprogramming software component of the distributed control system EcoStruxureTM Foxboro DCS Control Core Services, is related to unvalidated array indexing. Exploiting this vulnerability can allow an attacker to cause service failures or execute...

CVE-2023-3670

creationtimestamp| type| source ---|---|--- 2023-07-28 12:29:20+00:00| seen| https://t.me/cibsecurity/67361 2026-03-17 12:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01...

The vulnerabilities of the microprogramming software for Honeywell Experion PKS programmable logic controllers, the measurement and computing controllers Experion LX, and the distribution control system Experion PlantCruise allow a intruder to execute arbitrary code.

The vulnerability of microprogrammed software in Honeywell Experion PKS programmable logic controllers, as well as in measurement and control controllers Experion LX, and the distribution control system Experion PlantCruise, is related to buffer overflow in dynamic memory. Exploiting this...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2023-2424)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Emerson ROC800 Series RTU and DL8000 Preset Controller

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION : Exploitable remotely/low attack complexity Vendor : Emerson Equipment : ROC800-Series RTU; including ROC800, ROC800L, and DL8000 Preset Controllers Vulnerability : Authentication Bypass 2. RISK EVALUATION Successful exploitation of this vulnerability...

Code injection

On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash...

PT-2023-26409 · Crestron · Crestron 3-Series Control Systems

Name of the Vulnerable Software and Affected Versions: Crestron 3-Series Control Systems versions prior to 1.8001.0187 Description: The issue allows an attacker to cause a crash by crafting and sending a specific BACnet packet. Recommendations: For Crestron 3-Series Control Systems versions prior...

The vulnerability of the access control system for the virtual environment, previously known as Citrix Secure Access (formerly Citrix Gateway), is related to improper code generation. This allows a malicious individual to execute arbitrary code.

The vulnerability of the access control system for the virtual environment, previously known as Citrix Secure Access formerly Citrix Gateway, is related to incorrect code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by having the user navigate to a...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2023-2332)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Hitachi Energy Relion 670, 650, SAM600-IO Series (Update A)

SUMMARY Hitachi Energy is aware of the vulnerability CVE-2022-4304 in the OSS component OpenSSL, that affects the Relion 670, 650, SAM600-IO versions that are listed below. An attacker successfully exploiting this vulnerability could send trial messages to the server and record the time taken to...

Hitachi Energy GMS600

SUMMARY Hitachi Energy is aware of the vulnerability, CVE-2022-4304 in the OSS component OpenSSL, that affects the GMS600 versions that are listed below. An attacker successfully exploiting this vulnerability could send trial messages to the server and record the time taken to process them...

The vulnerability of the web interface of the ABB My Control System platform, related to the insecure storage of confidential information, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the web interface of the ABB My Control System platform relates to the insecure storage of confidential information. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

Eaton 9000X Drive Stack-Based Buffer Overflow (CVE-2018-8847)

Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Schneider Electric EcoStruxure Foxboro DCS 缓冲区错误漏洞

The Schneider Electric EcoStruxure Foxboro DCS is an innovative fault-tolerant, highly available control component from Schneider Electric, France. A buffer overflow vulnerability exists in Schneider Electric EcoStruxure Foxboro DCS Control Core Services, which originates from a boundary error wh...

Siemens SIMATIC WinCC Local Code Execution Vulnerability

SIMATIC WinCC is a supervisory control and data acquisition SCADA system. A local code execution vulnerability exists in Siemens SIMATIC WinCC, which can be exploited by an attacker to inject arbitrary code and escalate privileges...

Schneider Electric EcoStruxure Foxboro DCS 输入验证错误漏洞

The Schneider Electric EcoStruxure Foxboro DCS is an innovative fault-tolerant, highly available control component from Schneider Electric, France. An input validation error vulnerability exists in Schneider Electric EcoStruxure Foxboro DCS Control Core Services, which stems from incorrect...

EulerOS 2.0 SP5 : kernel (EulerOS-SA-2023-2152)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack...

The vulnerability of the Advantech WebAccss/SCADA SCADA system, related to the unlimited loading of dangerous type files, allows a intruder to execute arbitrary code.

The vulnerability of the Advantech WebAccss/SCADA SCADA system is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2023-2866

If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server...

Horner Automation Cscape 缓冲区错误漏洞

Horner Automation Cscape is a suite of programming software for industrial control system development from Horner Automation, USA. A buffer error vulnerability exists in Horner Automation Cscape v9.90 SP8 and Cscape EnvisionRV v4.70, which stems from a lack of proper validation of user-supplied...