The vulnerability of HID Mercury programmable logic controllers’ microprogramming software, related to security mechanism failures, allows a intruder to alter the “notes” section on the web interface’s home page.

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software is related to security mechanism errors. Exploiting this vulnerability could allow a malicious actor to modify the “notes” section on the web interface’s home page using a specially created package...

CVE-2022-29519

Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware...

Hardcoded credentials

Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware...

Design/Logic Flaw

Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware...

CVE-2022-29519

Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware...

CVE-2022-34134

Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component /application/controllers/Users.php...

The vulnerability of the implementation of the Safety Builder protocol for Safety Manager controller devices allows a intruder to execute arbitrary code.

The vulnerability of the implementation of the Safety Builder protocol for Safety Manager controllers is related to insufficient verification of data authenticity. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code...

The vulnerabilities of embedded images of microprogrammed control systems for DeltaV M-series/S-series/P-series controllers, as well as the DeltaV/Ovation SIS emergency protection system, allow attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of embedded images of microprogrammed control systems for DeltaV M-series/S-series/P-series controllers, as well as of the emergency protection system DeltaV/Ovation SIS, is related to the transmission of data in an open manner. Exploiting this vulnerability can allow a maliciou...

The vulnerability of the BSAP/IP protocol implementation of the telemechanics controller ControlWave and the Bristol Babcock 33xx controller allows a perpetrator to disclose protected information.

The vulnerability of the BSAP/IP protocol implementation of the telemechanics controller ControlWave and the Bristol Babcock 33xx controller is related to insufficient encryption strength. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...

The vulnerability of the implementation of the ROC protocol for microprogrammed logic controllers FloBoss allows a intruder to gain unauthorized access to protected information.

The vulnerability of the ROC protocol implementation in FloBoss microprogrammed logic controllers is related to the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...

The vulnerability of the BSAP/IP protocol implementation of the telemechanics controller ControlWave and the Bristol Babcock 33xx controller allows a perpetrator to disclose protected information.

The vulnerability of the BSAP/IP protocol implementation of the telemechanics controller ControlWave and the Bristol Babcock 33xx controller is related to the transmission of critical information in open text. Exploiting this vulnerability can allow a malicious actor to disclose the protected...

The vulnerability of microprogrammed software in PACsystems programmable logic controllers, related to insufficient verification of data authenticity, allows a intruder to execute arbitrary code.

The vulnerability of microprogrammed programmable logic controllers from PACsystems is related to insufficient verification of data authenticity. Exploiting this vulnerability could allow an attacker, operating remotely, to execute arbitrary code using a specially crafted file written in...

The vulnerability of the Honeywell Modbus TCP protocol and the Safety Builder controller devices for emergency protection systems like Safety Manager, as well as the micro-programmed software for programmable logic controllers like Honeywell Experion PKS, allows a intruder to alter the device’s configuration.

The vulnerability of Honeywell Modbus TCP and Safety Builder controllers’ anti-disaster protection devices, such as Safety Manager and Honeywell Experion PKS programmable logic controllers, is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow an...

The vulnerability of embedded images of PACsystems programmable logic controllers allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of embedded images of PACsystems programmable logic controllers is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow an attacker operating remotely to gain access to confidential data, compromise its integrity, and even cause...

The vulnerability of the implementation of the SRTP protocol in microprogrammed software for programmable logic controllers PACsystems allows a intruder to gain unauthorized access to protected information.

The vulnerability of the SRTP protocol implementation in PACsystems microprogrammed logic controllers involves the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of microprogrammed logic controllers based on TOYOPUC software, related to insufficient verification of data authenticity, allows attackers to execute arbitrary code.

The vulnerability of microprogrammed programmable logic controllers based on TOYOPUC is related to insufficient verification of data authenticity. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code...

The vulnerability of the embedded images of microprogrammed logic controllers ACE1000 allows a hacker to execute arbitrary code.

The vulnerability of embedded images of microprogrammed logic controllers ACE1000 is related to deficiencies in the algorithm for calculating the check sum. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

The vulnerability of the microprogrammed software of the SYSMAC programmable logic controllers series CS1/CJ1/CP1/CP2 lies in the transmission of confidential information in open text, allowing an intruder to gain unauthorized access to the protected information.

The vulnerability of the microprogramming software used in SYSMAC programmable logic controllers of the CS1/CJ1/CP1/CP2 series is related to the transmission of confidential information in open text format. Exploiting this vulnerability can allow an unauthorized person to gain unauthorized access...

The vulnerability of the S-Bus protocol implementation in microprogrammed programmable logic controllers (PCD controllers) allows attackers to circumvent the “white list” restrictions and enhance their privileges.

The vulnerability of the S-Bus protocol implementation in microprogrammed programmable logic controllers PCD controllers is related to errors in processing the “white list”. Exploiting this vulnerability can allow an attacker to bypass the restrictions of the “white list” and enhance their...

The vulnerability of the microprogrammed logic controllers ACE1000, related to the use of rigidly encrypted account data for five SSH accounts, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the microprogrammed logic controllers ACE1000 relates to the use of rigidly encoded credentials for five SSH accounts. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...