FANUC Robot Controllers Integer Coercion Error (CVE-2021-32996)

The FANUC R-30iA and R-30iB series controllers are vulnerable to integer coercion errors, which cause the device to crash. A restart is required. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable,...

FANUC Robot Controllers Out-of-Bounds Write (CVE-2021-32998)

The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. INIT START/restore from backup required. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for mo...

April 11, 2023—KB5025230 (OS Build 20348.1668)

April 11, 2023—KB5025230 OS Build 20348.1668 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when...

Remote code execution

codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a remote code execution RCE vulnerability via the component /controllers/api/user.php...

CVE-2023-26817

CVE-2023-26817 concerns CodeFever before 2023.2.7-commit-b1c2e7f, with a remote code execution flaw in the component /controllers/api/user.php. Multiple connected sources corroborate the RCE in this version range and cite a high impact (CVSS 3.1: 8.8, HIGH) with NETWORK attack vector and LOW priv...

The vulnerability of microprogrammed software in logic controllers for building and facility control systems, such as Schneider Electric’s spaceLYnk, Wiser for KNX (formerly homeLYnk), and FellerLYnk, allows attackers to alter the configuration of the system.

The vulnerability of microprogramming software for logic controllers used in building and facility control systems, such as Schneider Electric’s spaceLYnk, Wiser for KNX formerly homeLYnk, and FellerLYnk, is related to the exploitation of inter-site requests. Exploiting this vulnerability allows ...

The vulnerability of the microprogramming software for Schneider Electric’s spaceLYnk and Schneider Electric’s homeLYnk logic controllers allows a hacker to compromise the device during the initial setup process.

The vulnerability of the microprogramming software for Schneider Electric’s spaceLYnk and homeLYn logic controllers is related to the lack of protection for operational data. Exploiting this vulnerability allows a remote attacker to compromise the device during the initial setup process...

ABB Freelance controllers 安全漏洞

ABB Freelance controllers is an industrial automation control system from ABB designed to monitor and control industrial processes. A security vulnerability exists in ABB Freelance controllers. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the...

ABB Freelance controllers 安全漏洞

ABB Freelance controllers is an industrial automation control system from ABB designed to monitor and control industrial processes. A security vulnerability exists in ABB Freelance controllers. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the...

Wago Controllers OS Command Injection (CVE-2020-12522)

The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 750-81xx/xxx-xxx, Series PFC 200 750-82xx/xxx-xxx, Series Wago Touch Panel 600 Standard Line 762-4xxx, Series Wago Touch Panel 600 Advanced Line...

The vulnerability of Merten KNX programmable logic controllers is related to deficiencies in authentication procedures, allowing attackers to gain access to the devices.

The vulnerability of Merten KNX programmable logic controllers is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to the device...

The vulnerability of the server-side components of the web interface for controlling microprogrammed logic controllers like WAGO PFC100/PFC200, CC100, Edge Controller, as well as the microprogrammed software for sensor panels like WAGO Touch Panel 600, allows attackers to carry out cross-site scripting attacks.

The vulnerability in the server-side components of the web interface for controlling programmable logic controllers like WAGO PFC100/PFC200, CC100, Edge Controller, as well as the sensor panels such as WAGO Touch Panel 600, exists due to the lack of protective measures for the web page structure...

The vulnerability of the microprogramming software of Triconex Model 3009/3009X MP processors and the communication module Tricon Communications Module, related to insufficient testing of exceptional states, allows a intruder to trigger a service failure.

The vulnerability of the microprogramming software of the Triconex Model 3009/3009X MP processors and the Tricon Communications Module is related to insufficient testing of exceptional states. Exploiting this vulnerability can allow attackers to trigger service failures using specially crafted...

CVE-2023-21015

In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2023-21015

In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2023-21005

In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2023-21004

In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2023-21004

In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2023-21003

In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

Design/Logic Flaw

In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...