The vulnerability of the implementation of the Factory Interface Network Service (FINS) protocol in the microcomputer-based software for programmable logic controllers SYSMAC allows a intruder to gain unauthorized access to protected information and execute arbitrary commands.

The vulnerability of the Factory Interface Network Service FINS protocol implemented in SYSMAC programmable logic controllers is related to the absence of authentication. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to sensitive informati...

The vulnerability of Broadcom P225p NetXtreme-E dual-port 10Gb/25Gb Ethernet PCIe adapters and Broadcom NetXtreme-E family Ethernet controllers is related to buffer overflow in the stack. This allows attackers to trigger a service failure.

The vulnerability of Broadcom P225p NetXtreme-E dual-port 10Gb/25Gb Ethernet PCIe adapters and Broadcom NetXtreme-E family Ethernet controllers is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter and Broadcom NetXtreme-E family Ethernet controllers is related to access control bugs, allowing attackers to gain access to protected information.

The vulnerability of the Broadcom P225p NetXtreme-E dual-port 10Gb/25Gb Ethernet PCIe adapter and Broadcom NetXtreme-E family Ethernet controllers is related to access control bugs. Exploiting this vulnerability can allow attackers to gain access to protected information...

ABB Cylon FLXeon 9.3.4 Default Credentials Vulnerability

ABB Cylon FLXeon version 9.3.4 uses a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system. ABB Cylon FLXeon 9.3.4 Default Credentials Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon...

ABB Cylon FLXeon 9.3.4 Session Persistence Vulnerability

ABB Cylon FLXeon version 9.3.4 has an issue where user sessions on controllers remain active for up to seven days, even after a client-side logout. ABB Cylon FLXeon 9.3.4 Session Persistence Vulnerability Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FB...

ABB Cylon FLXeon 9.3.4 cert.js System Logs Information Disclosure Vulnerability

ABB Cylon FLXeon version 9.3.4 has an issue where an authenticated attacker can access sensitive information via the system logs page of ABB Cylon FLXeon controllers. The logs expose critical data, including the OpenSSL password for stored certificates. This information can be leveraged for furth...

ABB Cylon FLXeon 9.3.4 login.js Node Timing Attack

ABB Cylon FLXeon version 9.3.4 has a timing attack vulnerability in the authentication process due to an improper comparison of password hashes in login.js and uukl.js. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 login.js Node Timing Attack Vendor: ABB Ltd. Product web page: https://www.global.a...

ABB Cylon FLXeon 9.3.4 Session Persistence

ABB Cylon FLXeon version 9.3.4 has an issue where user sessions on controllers remain active for up to seven days, even after a client-side logout. ABB Cylon FLXeon 9.3.4 Session Persistence Vulnerability Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FB...

ABB Cylon FLXeon 9.3.4 Default Credentials

ABB Cylon FLXeon version 9.3.4 uses a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system. ABB Cylon FLXeon 9.3.4 Default Credentials Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon...

ABB Cylon FLXeon 9.3.4 (app.js) Insecure CORS Configuration

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

ABB Cylon FLXeon 9.3.4 serialConfig.js Denial of Service Exploit

ABB Cylon FLXeon version 9.3.4 is vulnerable to an authenticated JSON flooding attack, leading to uncontrolled resource consumption and a denial-of-service DoS condition. The /api/serialConfig endpoint allows an authenticated attacker to abuse an unrestricted loop to create a large number of JSON...

PT-2025-6314 · Microsoft · Digest Authentication +1

Name of the Vulnerable Software and Affected Versions: Microsoft Digest Authentication affected versions not specified Description: The issue allows remote attackers to execute arbitrary code and affect the system. It is noted that any authenticated attacker could trigger this issue on domain...

The vulnerability of microprogrammed software for programmable logic controllers ABB FBXi, FBVi, FBTi, and CBXi lies in the lack of origin verification in WebSockets. This allows attackers to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of microprogrammed programmable logic controllers ABB FBXi, FBVi, FBTi, and CBXi is related to the lack of origin verification in WebSockets. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to protected...

The vulnerability of microprogrammed software in programmable logic controllers ABB FBXi, FBVi, FBTi, and CBXi lies in the ability to disclose information through registration files in the log files. This allows attackers to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of microprogrammed logic controllers such as ABB FBXi, FBVi, FBTi, and CBXi relates to the disclosure of information through registration files in the log files. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access t...

The vulnerability of the ABB ASPECT-Enterprise system for managing technological processes, as well as the micro-program software used for controllers of the ABB MATRIX and NEXUS series, stems from the use of rigidly encrypted account data. This vulnerability allows a perpetrator to execute arbitrary codes.

The vulnerability of the ABB ASPECT-Enterprise system for managing technological processes, as well as the microsoftware used for controllers of the ABB MATRIX and NEXUS series, stems from the use of rigidly encoded account data. Exploiting this vulnerability could allow a malicious actor to...

ABB Cylon FLXeon 9.3.4 runtimeSetup.sh Hidden Backdoor Account Vulnerability

ABB Cylon FLXeon version 9.3.4 has a hidden administrative account cxpro that has write access permissions to the device. ABB Cylon FLXeon 9.3.4 runtimeSetup.sh Hidden Backdoor Account Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi...

CVE-2021-37204

A vulnerability has been identified in SIMATIC Drive Controller family All versions = V2.9.2 = V21.9 = V4.5.0 = V2.9.2 = V21.9 = V4.0 V4.0 SP1, SIPLUS TIM 1531 IRC All versions V2.3.6, TIM 1531 IRC All versions V2.3.6. An unauthenticated attacker could cause a denial-of-service condition in a PLC...

CVE-2020-16231

The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207, MX213, MX220, MC206, MC212, MC220, and MH230 hardware controllers, and affected end-of-life...

CVE-2024-23981

Wrap-around error in Linux kernel mode driver for some IntelR Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-1480

Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication...