36 matches found
ABB Freelance 安全漏洞
ABB Freelance is a distributed control system developed by the Swiss company ABB. There is a security vulnerability in ABB Freelance, which stems from an authentication bypass exploit. The following versions are affected: Version 2013, Version 2013 SP1, Version 2016, Version 2016 SP1, Version 201...
EUVD-2022-34270
Malicious code in bioql PyPI...
EUVD-2022-34272
Malicious code in bioql PyPI...
CVE-2022-29965
The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface 23/TCP on M-series and SIS CSLS/LSNB/LSNG nodes is controlled by means of utility passwords. These passwords are...
CVE-2022-29964
The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350...
CVE-2022-29963
The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350...
Siemens Omnivise T3000 安全漏洞
The Omnivise T3000 is a distributed control system for fossil fuel and large renewable energy power plants. A code execution vulnerability exists in the Siemens Omnivise T3000 Application Server that could be exploited by a local, authenticated attacker to execute arbitrary code with elevated...
Siemens SIMATIC STEP 7 (TIA Portal) Deserialization Vulnerability
SIMATIC PCS neo is a distributed control system DCS. simatic STEP 7 TIA Portal is an engineering software for configuring and programming simatic controllers. totally Integrated Automation Portal TIA Portal is a PC software that offers the complete range of Siemens digital automation services, fr...
Unspecified Vulnerability in Siemens User Management Component (UMC)
Opcenter Quality is a quality management system QMS that enables organizations to safeguard compliance, optimize quality, reduce the cost of defects and rework, and achieve operational excellence by improving process stability. simatic pcs neo is a distributed control system DCS. the SINUMERIK...
Siemens User Management Component (UMC) Cross-Site Scripting Vulnerability
Opcenter Quality is a quality management system QMS that enables organizations to safeguard compliance, optimize quality, reduce the cost of defects and rework, and achieve operational excellence by improving process stability. simatic pcs neo is a distributed control system DCS. the SINUMERIK...
Siemens SIMATIC PCS neo has a loose cross domain policy vulnerability with untrusted domains
SIMATIC PCS neo is a distributed control system DCS. Siemens SIMATIC PCS neo suffers from a loose cross-domain policy vulnerability with an untrusted domain, which can be exploited by an attacker to trick a legitimate user into triggering unwanted behavior...
Siemens SIMATIC PCS neo Cross-Site Scripting Vulnerability
SIMATIC PCS neo is a distributed control system DCS. A cross-site scripting vulnerability exists in Siemens SIMATIC PCS neo, which can be exploited by an attacker to inject Javascript code into an application...
Siemens SIMATIC PCS neo (Administration Console) Information Disclosure Vulnerability
SIMATIC PCS neo Administration Console is a distributed control system DCS. An information disclosure vulnerability exists in Siemens SIMATIC PCS neo Administration Console, which can be exploited by an attacker to obtain credentials and impersonate an administrator user to gain administrator...
The vulnerability of the Foxboro.sys driver of the distributed system management software EcoStruxureTM Foxboro DCS Control Core Services allows a attacker to cause a service failure or execute arbitrary code.
The vulnerability of the Foxboro.sys driver, a microprogramming software component of the distributed control system EcoStruxureTM Foxboro DCS Control Core Services, is related to unvalidated array indexing. Exploiting this vulnerability can allow an attacker to cause service failures or execute...
Schneider Electric EcoStruxure Foxboro DCS 缓冲区错误漏洞
The Schneider Electric EcoStruxure Foxboro DCS is an innovative fault-tolerant, highly available control component from Schneider Electric, France. A buffer overflow vulnerability exists in Schneider Electric EcoStruxure Foxboro DCS Control Core Services, which originates from a boundary error wh...
Emerson DeltaV Distributed Control System Insufficient Verification of Data Authenticity (CVE-2022-30260)
Emerson DeltaV Distributed Control System DCS has insufficient verification of firmware integrity an inadequate checksum approach, and no signature. This affects versions before 14.3 of DeltaV M-series, DeltaV S-series, DeltaV P-series, DeltaV SIS, and DeltaV CIOC/EIOC/WIOC IO cards. This plugin...
CVE-2022-30317
Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access CDA EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell...
Authentication flaw
Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access CDA EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell...
Emerson DeltaV Distributed Control System Use of Hard-Coded Credentials (CVE-2022-29964)
The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350. - The Emerson DeltaV Distributed Control System DCS...
Emerson DeltaV Distributed Control System Use of Hard-Coded Credentials (CVE-2022-29962)
The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials but may often be disabled in production. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350. - The Emerson...