Rockwell Automation ISaGRAF5 Runtime Uncontrolled Search Path Element (CVE-2020-25182)

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft...

Schneider Electric Cleartext Transmission of Sensitive Information in embedded Rockwell Automation ISaGRAF5 Runtime (CVE-2020-25178)

ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote...

Elcomplus SmartPPT 跨站脚本漏洞

Elcomplus SmartPPT is an integrated voice and data scheduling software from Elcomplus USA. A cross-site scripting vulnerability exists in SmartPPT SCADA Server version v1.4, which allows an authenticated attacker to inject arbitrary JavaScript into critical parameters...

CVE-2021-46662

creationtimestamp| type| source ---|---|--- 2022-04-17 20:59:51+00:00| seen| https://t.me/cibsecurity/36611 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

CVE-2022-27447

creationtimestamp| type| source ---|---|--- 2022-04-17 00:02:20+00:00| seen| https://t.me/cibsecurity/40769 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

CVE-2022-27448

creationtimestamp| type| source ---|---|--- 2022-04-14 16:19:05+00:00| seen| https://t.me/cibsecurity/40761 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

CVE-2022-27457

creationtimestamp| type| source ---|---|--- 2022-04-14 16:19:00+00:00| seen| https://t.me/cibsecurity/40758 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

CVE-2022-27445

creationtimestamp| type| source ---|---|--- 2022-04-14 16:18:55+00:00| seen| https://t.me/cibsecurity/40753 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

Feds: APTs Have Tools That Can Take Over Critical Infrastructure

Threat actors have built and are ready to deploy tools that can take over a number of widely used industrial control system ICS devices, which spells trouble for critical infrastructure providers—particularly those in the energy sector, federal agencies have warned. In a joint advisory, the...

CVE-2022-27381

creationtimestamp| type| source ---|---|--- 2022-04-13 00:17:09+00:00| seen| https://t.me/cibsecurity/40687 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

CVE-2022-27387

creationtimestamp| type| source ---|---|--- 2022-04-13 00:17:06+00:00| seen| https://t.me/cibsecurity/40685 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

Siemens TIA Administrator Denial of Service Vulnerability

SIMATIC PCS neo is a distributed control system DCS.TIA Administrator is a web-based framework.Siemens Network Planner SINETPLAN supports you as a planner of PROFINET-based automation systems.TIA Portal is a PC A denial of service vulnerability exists in Siemens TIA Administrator, which can be...

Siemens Mendix

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...

The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, allows a intruder to trigger a service failure.

The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a...

CVE-2022-21235

The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection...

GHSA-6635-C626-VJ4R Command Injection Vulnerability with Mercurial in VCS

URLs and local file paths passed to the Mercurial hg APIs that are specially crafted can contain commands which are executed by Mercurial if it is installed on the host operating system. The vcs package uses the underly version control system, in this case hg, to implement the needed functionalit...

Philips e-Alert

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: Philips Equipment: e-Alert Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an unauthorized actor to...

Cisco Secure Access Control System Java Deserialization Vulnerability

A vulnerability in Java deserialization used by Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software...

The vulnerability of the interactive graphical SCADA system, Interactive Graphical SCADA System (IGSS), related to reading data beyond the specified buffer, allows a intruder to trigger a service failure.

The vulnerability of the interactive graphical SCADA system, Interactive Graphical SCADA System IGSS, is related to the reading of data beyond the specified buffer. Exploiting this vulnerability can allow a malicious actor to cause a service failure...

The vulnerability of the authenticated user authentication mechanism in the Yokogawa CENTUM VP SCADA system allows a intruder to disclose the protected information.

The vulnerability of the predefined user authentication mechanism in the Yokogawa CENTUM VP SCADA system is related to deficiencies in the authentication procedures. Exploiting this vulnerability could allow an attacker, operating remotely, to disclose the protected information...