CVE-2022-33971

Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow ...

CVE-2022-28709

Improper access control in the firmware for some IntelR E810 Ethernet Controllers before version 1.6.1.9 may allow a privileged user to potentially enable denial of service via local access...

CVE-2022-25922

Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions...

CVE-2022-30997

Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware...

CVE-2022-29962

The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials but may often be disabled in production. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350...

CVE-2022-28148

The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows...

CVE-2022-48325

Multiple Cross Site Scripting XSS vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: 1 year, 2 oldSenha, 3 novaSenha, 4 termo, 5 nome, 6 cnpj, 7 ie, 8 cep, 9 logradouro, 10 numero, 11 bairro, 12 cidade, 13 uf, 14 telefone, 15 email, 16 id,...

CVE-2022-1797

A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownloa...

CVE-2022-39272

Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields .spec.interv...

CVE-2021-20611

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120ENCPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series R16/32/64MTCPU, MELSEC...

CVE-2021-20826

Unprotected transport of credentials vulnerability in IDEC PLCs FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier allows...

CVE-2021-20827

Plaintext storage of a password vulnerability in IDEC PLCs FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier allows an...

CVE-2021-38448

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software...

CVE-2021-32926

When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to authenticate to the controller Micro800: Al...

CVE-2020-8691

A logic issue in the firmware of the IntelR Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access...

CVE-2020-7543

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium see security notifications for affected versions, that could cause denial of service when a specially crafted Read Physical Memo...

CVE-2020-7488

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers...

CVE-2020-6980

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol SMTP account data is saved in RSLogix 500, a local attacker with access to a...

CVE-2020-12296

Uncontrolled resource consumption in some IntelR ThunderboltTM controllers may allow an authenticated user to potentially enable denial of service via local access...

CVE-2020-24505

Insufficient input validation in the firmware for the IntelR 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access...