CVE-2024-20303

A vulnerability in the multicast DNS mDNS gateway feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. This vulnerability is due to improper management of mDNS client entries. An attacker...

CVE-2024-8935

CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the controller and the engineering workstation while a valid user is establishing a...

ABB Cylon FLXeon 9.3.4 login.js Unauthenticated Root Remote Code Execution Exploit

ABB Cylon FLXeon version 9.3.4 suffers from an unauthenticated remote code execution vulnerability with root privileges. Input passed through the login.js script for the password JSON parameter allows out-of-band command injection. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 login.js...

ABB Cylon FLXeon 9.3.4 cmds.js Authenticated Root Remote Code Execution

ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated root command execution via the cmds API. An authenticated attacker can execute arbitrary system commands with root privileges. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 cmds.js Authenticated Root Remote Code Execution Vendor: ABB Lt...

ABB Cylon FLXeon 9.3.4 timeConfig.js Authenticated Root Remote Code Execution Exploit

ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated remote root code execution via the /api/timeConfig endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating parameters such as tz, timeServerYN, and multiple timeDate fields. The vulnerability...

ABB Cylon FLXeon 9.3.4 (timeConfig.js) Authenticated Root Remote Code Execution

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

ABB Cylon FLXeon 9.3.4 (login.js) Unauthenticated Root Remote Code Execution

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

ABB FLXeon 日志信息泄露漏洞

The ABB FLXeon is a series of controllers from ABB Switzerland. ABB FLXeon version 9.3.4 and prior versions suffer from a log information disclosure vulnerability that stems from the application's inadequate protection of sensitive information and can be exploited by an attacker to obtain sensiti...

ABB FLXeon 安全漏洞

The ABB FLXeon is a series of controllers from ABB Switzerland. ABB FLXeon suffers from a security bypass vulnerability that stems from insufficient session management to prevent unauthorized HTTPS requests. No detailed vulnerability details are provided at this time...

Rockwell Automation GuardLogix 5580和Rockwell Automation GuardLogix 5380 安全漏洞

The Rockwell Automation GuardLogix 5580 and Rockwell Automation GuardLogix 5380 are both programmable logic controllers from Rockwell Automation. A security vulnerability exists in the Rockwell Automation GuardLogix 5580 and Rockwell Automation GuardLogix 5380. An attacker could exploit this...

CVE-2025-21663

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-tegra: Read iommu stream id from device tree Nvidia's Tegra MGBE controllers require the IOMMU "Stream ID" SID to be written to the MGBEWRAPAXIASID0CTRL register. The current driver is hard coded to use MGBE0's...

SUSE CVE-2025-21663

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-tegra: Read iommu stream id from device tree Nvidia's Tegra MGBE controllers require the IOMMU "Stream ID" SID to be written to the MGBEWRAPAXIASID0CTRL register. The current driver is hard coded to use MGBE0's...

CVE-2025-21663

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-tegra: Read iommu stream id from device tree Nvidia's Tegra MGBE controllers require the IOMMU "Stream ID" SID to be written to the MGBEWRAPAXIASID0CTRL register. The current driver is hard coded to use MGBE0's...

UBUNTU-CVE-2025-21663

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-tegra: Read iommu stream id from device tree Nvidia's Tegra MGBE controllers require the IOMMU "Stream ID" SID to be written to the MGBEWRAPAXIASID0CTRL register. The current driver is hard coded to use MGBE0's...

CVE-2025-21663 net: stmmac: dwmac-tegra: Read iommu stream id from device tree

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-tegra: Read iommu stream id from device tree Nvidia's Tegra MGBE controllers require the IOMMU "Stream ID" SID to be written to the MGBEWRAPAXIASID0CTRL register. The current driver is hard coded to use MGBE0's...

The vulnerability of the microprogrammed software used in Modicon M580 programmable logic controllers and the EVLink Pro AC charging stations relates to incorrect calculations of the size of the allocated buffer. This vulnerability allows a intruder to cause malfunctions in the equipment.

The vulnerability of the microprogrammed software used in Modicon M580 programmable logic controllers and the EVLink Pro AC charging stations is related to incorrect calculations of the size of the buffer space allocated. Exploiting this vulnerability allows a malicious actor to cause service...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-50603link is external Aviatrix Controllers OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber acto...

WAGO 750-8xx 安全漏洞

The WAGO wago 750-8xx is a series of programmable logic controllers from the German company WAGO. The devices are specifically designed for applications in industrial environments where digital algorithms operate electronic systems. A security vulnerability exists in the WAGO 750-8xx that stems...

Aviatrix Controllers OS Command Injection Vulnerability

Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloudtype for listflightpathdestinationinstances, or srccloudtype for flightpathconnectiontest...

CVE-2024-50954

The XINJE XL5E-16T and XD5E-24R-E programmable logic controllers V3.5.3b-V3.7.2a have a vulnerability in handling Modbus messages. When a TCP connection is established with the above series of controllers within a local area network LAN, sending a specific Modbus message to the controller can cau...