The vulnerability of the implementation of the Simple Network Management Protocol (SNMP) for microprogrammable network interface controllers in Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows a attacker to induce a service failure.

The vulnerability of the implementation of the Simple Network Management Protocol SNMP for microprogrammable network interface controllers in Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD is related to incorrect processing of additional values. Exploiting this...

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series systems lies in their unlimited resource distribution. This allows a intruder to trigger a system reboot.

The vulnerability of microprogrammed software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to trigger a system reboot remotely...

PT-2024-9203 · Abb · Abb Aspect +2

Name of the Vulnerable Software and Affected Versions: ABB ASPECT - Enterprise version 3.08.02 NEXUS Series version 3.08.02 MATRIX Series version 3.08.02 Description: The issue is related to Denial of Service vulnerabilities, which could potentially disrupt device services. It is associated with...

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack Overflow Code Execution Vulnerability

Fuji Electric Tellus Lite V-Simulator is a remote monitoring software for industrial environments developed by Fuji Electric Japan for collecting real-time data from PLCs, temperature controllers, inverters and other devices. Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack Overflow...

The vulnerability of the implementations of CIP/Modbus programmable logic controllers of the Micro850/870 series allows a intruder to trigger a service failure.

The vulnerability of CIP/Modbus programmable logic controllers of the Micro850/870 series lies in the uncontrollable consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

Phoenix Contact Classic Line Industrial Controllers Missing Authentication For Critical Function (CVE-2019-9201)

Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories. This plugin only works with Tenable.ot. Please visit...

K000148709: Multiple Intel Ethernet Controllers and Adapters vulnerabilities

Security Advisory Description CVE-2024-21806 Improper conditions check in Linux kernel mode driver for some IntelR Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an authenticated user to potentially enable denial of service via local access. CVE-2024-21807...

The vulnerability of CODESYS V3 microprogramming software for WAGO controllers allows a hacker to gain full access to the controller or cause a service failure.

The vulnerability of CODESYS V3 microprogramming software for WAGO controllers is related to the absence of authentication for a critical function. Exploiting this vulnerability could allow an attacker, operating remotely, to gain full access to the controller or cause service failures...

The vulnerability of GigaDevice’s GD32 microprogrammed software controllers, models GD32E23x, GD32F20x, GD32F1x0, GD32F4xx, GD32F30x, GD32C10x, GD32E10x, and GD32E50x, is related to deficiencies in access control. This allows a perpetrator to execute arbitrary shell commands.

The vulnerability of GigaDevice’s microprogrammed controllers, such as GD32E23x, GD32F20x, GD32F1x0, GD32F4xx, GD32F30x, GD32C10x, GD32E10x, and GD32E50x, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to execute arbitrary shell code in the SRA...

WAGO多款产品 安全漏洞

WAGO PFC100 and others are products of WAGO, Germany.WAGO PFC100 is a programmable logic controller PLC.WAGO CC100 0751-9x01 is a compact controller.WAGO Edge Controller 0752-8303/8000-0002 is a controller. A security vulnerability exists in a number of WAGO products. The vulnerability stems from...

The vulnerability of microprogrammed software in programmable logic controllers such as ControlLogix 5580, GuardLogix 5580, CompactLogix 5380, CompactLogix 5480, CompactGuardLogix 5380, and 1756-EN4TR lies in their uncontrolled resource consumption, which allows a intruder to trigger malfunctions during maintenance.

The vulnerability of microprogrammed software in programmable logic controllers such as ControlLogix 5580, GuardLogix 5580, CompactLogix 5380, CompactLogix 5480, CompactGuardLogix 5380, and 1756-EN4TR is related to uncontrolled resource consumption. Exploiting this vulnerability could allow a...

CVE-2024-8935

CVE-2024-8935 affects Schneider Electric Modicon M340, MC80, and Momentum Unity M1E. The issue is an Authentication Bypass by Spoofing enabling a Man-In-The-Middle attack during a controller–engineering workstation session, due to DH-based vulnerability that does not protect against MITM. Consequ...

CVE-2024-8935

CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the controller and the engineering workstation while a valid user is establishing a...

The vulnerability of the Create MyConfig (CMC) utility in Siemens Sinumerik programmable logic controllers allows a perpetrator to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the Create MyConfig CMC utility in Siemens Sinumerik programmable logic controllers is related to the disclosure of information through registration files in the log files. Exploiting this vulnerability can allow attackers to circumvent security restrictions and gain...

PT-2024-9215 · Schneider Electric · Modicon Mc80 Bmkc80 +2

Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon M340 CPU BMXP34, Modicon MC80 BMKC80, and Modicon Momentum Unity M1E Processor 171CBU affected versions not specified Description: The issue is related to the lack of message integrity checks during transmission ove...

The vulnerability of Siemens Sinumerik programmable logic controllers lies in the improper assignment of permissions for the scripts executed by the system. This allows attackers to increase their privileges.

The vulnerability of Siemens Sinumerik programmable logic controllers is related to the incorrect assignment of permissions for the system’s scripts. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the web server of the microprogramming software for programmable logic controllers SIMATICS7-1500 and S7-1200 CPU family allows a hacker to redirect users to any desired URL address.

The vulnerability of the web server of the microprogramming software for programmable logic controllers SIMATICS7-1500 and S7-1200 CPUs is related to the redirection of URLs to unreliable websites. Exploiting this vulnerability allows an attacker to remotely redirect users to arbitrary URL...

Code-Projects Wazifa System SQL注入漏洞

Wazifa System is a content management system. Wazifa System suffers from a SQL injection vulnerability that stems from a lack of validation of externally-entered SQL statements in the parameter to of the file /controllers/control.php. An attacker can exploit this vulnerability to execute illegal...

The vulnerability of the CIP Message Handler component in Rockwell Automation’s programmable logic controllers ControlLogix 5580, CompactLogix 5380, Compact GuardLogix 5380 SIL 2, Compact GuardLogix 5380 SIL 3, CompactLogix 5480, FactoryTalk Logix Echo allows a intruder to trigger a service failure.

The vulnerability of the CIP Message Handler component in Rockwell Automation’s programmable logic controllers ControlLogix 5580, CompactLogix 5380, Compact GuardLogix 5380 SIL 2, Compact GuardLogix 5380 SIL 3, CompactLogix 5480, and FactoryTalk Logix Echo is related to errors in processing input...

About the security content of macOS Sequoia 15.1

About the security content of macOS Sequoia 15.1 This document describes the security content of macOS Sequoia 15.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases...