Siemens Industrial Product Denial of Service Vulnerability

SIMATIC Drive Controllers for the automation of production machines combine the functionality of SIMATIC S7-1500 CPUs with that of SINAMICS S120 drive controls.SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller. Includes optional visualization features and...

The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers, such as Modicon M340 and Modicon Quantum/Premium, arises from the possibility of an operation exceeding the buffer limits. This allows a malicious actor to trigger a service failure.

The vulnerability of microprogrammed software in Schneider Electric Modicon M340 and Modicon Quantum/Premium programmable logic controllers lies in the execution of operations outside the buffer boundaries. Exploiting this vulnerability can allow a malicious actor to cause service failures by...

PT-2022-27942 · Allen Bradley · Micrologix 1400 +1

Name of the Vulnerable Software and Affected Versions: MicroLogix 1100 and 1400 controllers affected versions not specified Description: The issue is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver of the controllers. This may allow an attacker to accomplish...

Siemens SIMATIC Drive Controller 输入验证错误漏洞

SIMATIC Drive Controllers for the automation of production machines combine the functionality of SIMATIC S7-1500 CPUs with that of SINAMICS S120 drive controls.SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller. Includes optional visualization features and...

Siemens SIMATIC Drive Controller 输入验证错误漏洞

SIMATIC Drive Controllers for the automation of production machines combine the functionality of SIMATIC S7-1500 CPUs with that of SINAMICS S120 drive controls.SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller. Includes optional visualization features and...

Siemens SIMATIC Drive Controller 安全漏洞

SIMATIC Drive Controllers for the automation of production machines combine the functionality of SIMATIC S7-1500 CPUs with that of SINAMICS S120 drive controls.SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller. Includes optional visualization features and...

CVE-2022-37908

An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller...

CVE-2022-37904

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system...

CVE-2022-37905

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system...

CVE-2022-37905

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system...

CVE-2022-37904

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system...

Design/Logic Flaw

An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller...

Design/Logic Flaw

A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service DoS condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller...

CISA Releases Three Industrial Control Advisories

CISA has released three 3 Industrial Control Systems ICS advisories on 08 December 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories f...

Rockwell Automation Logix controllers

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: CompactLogix, Compact GuardLogix, ControlLogix, and GuardLogix controllers Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this...

EulerOS 2.0 SP8 : kernel (EulerOS-SA-2022-2796)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function areacacheget of the file...

PT-2024-11847 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a crash when replugging CSR fake controllers in the Linux kernel's Bluetooth component. It seems that fake CSR 5.0 clones can cause the suspend notifier to be...

[ZZ-004] During the deprecation period where both .eth registrar controllers are active, a crafted hack can be launched and cause the same malicious consequences of [ZZ-001] even if [ZZ-001] is properly fixed

Severity: High Status: Has not been reported Description, Specifically, according to the documentation, there will be a deprecation period that two types of .eth registrar controllers are active. Names can be registered as normal using the current .eth registrar controller. However, the new .eth...

3 New Vulnerabilities Affect OT Products from German Companies Festo and CODESYS

Researchers have disclosed details of three new security vulnerabilities affecting operational technology OT products from CODESYS and Festo that could lead to source code tampering and denial-of-service DoS. The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of...

Realtek RTL8111EP-CG and RTL8168FP-CG Trust Management Issue Vulnerability

The Realtek RTL8111EP-CG and Realtek RTL8168FP-CG are both Ethernet controllers. A trust management issue vulnerability exists in Realtek RTL8111EP-CG, RTL8111FP-CG Firmware versions prior to 3.0.0.2019090, which stems from the Dash feature having a hard-coded password that can be exploited by an...