CVE-2021-2011

creationtimestamp| type| source ---|---|--- 2021-01-20 18:40:43+00:00| seen| https://t.me/cibsecurity/22408 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

Reolink P2P Cameras

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Reolink Equipment: P2P protocol Vulnerabilities: Use of Hard-coded Cryptographic Key, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these...

Schneider Electric EcoStruxure Power Build-Rapsody (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Schneider Electric Equipment: EcoStruxure Power Build-Rapsody Vulnerability: Unrestricted Upload of File with Dangerous Type 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...

GE Reason RT43X Clocks

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: Reason RT43X Clocks Vulnerabilities: Code Injection, Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

Schneider Electric EcoStruxure Operator Terminal Expert runtime (Vijeo XD)

1. EXECUTIVE SUMMARY CVSS v3 7.4 Vendor: Schneider Electric Equipment: EcoStruxure Operator Terminal Expert Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability may allow unauthorized command execution by a local user of the Windows...

ZDCC VisualField suffers from localized power lifting vulnerability

VisualField VF for short system software is a software package for control system configuration and monitoring for the ECS-700 system. ZDCC VisualField is vulnerable to a local power lifting vulnerability that can be exploited by an attacker to gain control of the server...

Multiple Industrial Control System Vendors Warn of Critical Bugs

Industrial control system firms Real Time Automation and Paradox both warned of critical vulnerabilities Tuesday that opened systems up to remote attacks by adversaries. Flaws are rated 9.8 out of 10 in severity by the industry standard Common Vulnerability Scoring System. The Real Time Automatio...

Schneider Electric Schneider Electric Interactive Graphical SCADA System Buffer Error Vulnerability

The Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. The Interactive Graphical SCADA System suffers from a buffer error vulnerability that stems...

Schneider Electric Interactive Graphical SCADA System 缓冲区错误漏洞

Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. An out-of-bounds write vulnerability exists in Interactive Graphical SCADA System version...

Snakes and Ladder Logic

A click to a reverse shell in OpenPLC and ladder logic OR Why you shouldn’t run everything as root in PLC and RTUs. TL;DR Most of the RTU’s and PLC’s that run a Unix based OS that we test and, and some devices on Windows that we’ve tested on maritime engagements, run as root and/or admin. They al...

ICSA-20-315-01_OSIsoft PI Interface for OPC XML-DA

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: OSIsoft Equipment: PI Interface Vulnerability: Numeric Errors 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker-controlled OPC XML-DA Server to respond with a...

icsmaster

This repository is an offensive tool for ICS Industrial Control Systems security research. It contains a collection of resources, including papers, exploits, firmware, Nmap scripts, and tools, related to ICS security. The repository is organized into several sections, including a directory of...

Denial of Service Vulnerability in Honeywell DCS C300 Controller (CNVD-2020-67879)

The CC-PCNT02 is a controller for Honeywell DCS C300 systems that supports Ethernet communication. A denial of service vulnerability exists in the Honeywell DCS C300 controller that can be exploited by an attacker to cause a denial of service...

Denial of Service Vulnerability in Honeywell DCS C300 Controller (CNVD-2020-67880)

The CC-PCNT02 is a controller for Honeywell DCS C300 systems that supports Ethernet communication. A denial of service vulnerability exists in the Honeywell DCS C300 controller that can be exploited by an attacker to cause a denial of service...

CVE-2020-10291

Visual Components owned by KUKA is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a special license which can beobtained from a network license server. The network license server binds ...

CVE-2020-10292

Visual Components owned by KUKA is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a special license which can beobtained from a network license server. The network license server binds ...

Design/Logic Flaw

Visual Components owned by KUKA is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a special license which can beobtained from a network license server. The network license server binds ...

Stack overflow

Visual Components owned by KUKA is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a special license which can beobtained from a network license server. The network license server binds ...

CVE-2020-10291

CVE-2020-10291 concerns Visual Components’ network license server used by KUKA simulators. The server binds UDP port 5093 on all interfaces without authentication, exposing sensitive system information via RMS Sentinel’s license protocol. The disclosed data includes hardware/OS characteristics an...

CVE-2020-10292

CVE-2020-10292 affects Visual Components (KUKA) network license server used by Visual Components software. The RMS Sentinel license manager listens on UDP 5093 and exposes sensitive system information without authentication. A DoS is possible via an arbitrary pointer dereference in the decrypted ...