CVE-2020-11496

Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access ...

CVE-2020-5602

Mitsubishi Electoric FA Engineering Software CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit EM Configurator Ver. 1.010L and earlier, GT Designer3 GOT2000 Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlie...

CVE-2020-5603

Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit EM Configurator Ver. 1.010L and earlier, GT Designer3 GOT2000 Ver...

Xxe

Mitsubishi Electoric FA Engineering Software CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit EM Configurator Ver. 1.010L and earlier, GT Designer3 GOT2000 Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlie...

CVE-2020-5602

Mitsubishi Electoric FA Engineering Software CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit EM Configurator Ver. 1.010L and earlier, GT Designer3 GOT2000 Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlie...

CVE-2020-5603

Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit EM Configurator Ver. 1.010L and earlier, GT Designer3 GOT2000 Ver...

CVE-2020-5602

CVE-2020-5602 is a vulnerability in Mitsubishi Electric Factory Automation software where an attacker can perform XML External Entity (XXE) attacks via unspecified vectors. Affected products span multiple tools (CPU Module Logging Configuration Tool, CW Configurator, EM Configurator/SDK, GT Desig...

CVE-2020-5603

CVE-2020-5603 concerns an Uncontrolled Resource Consumption DoS in Mitsubishi Electric Factory Automation software family (e.g., CPU Module Logging Configuration Tool, CW Configurator, EM Configurator, GT Designer3, GX LogViewer, GX Works2/3, MELFA-Works, MR/MT RT ToolBox tools, etc.). The root c...

Mitsubishi Electric Factory Automation Engineering Software Products

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: Factory Automation Engineering Software Products Vulnerabilities: Improper Restriction of XML External Entity Reference and Uncontrolled Resource Consumption 2. RISK...

ICSA-20-063-02_PHOENIX CONTACT Emalytics Controller ILC

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Phoenix Contact Equipment: Emalytics Controller ILC 2050 BIL Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability...

Siemens SIMATIC STEP 7 TIA Portal Vulnerabilities

OVERVIEW Aleksandr Timorin from Positive Technologies has identified authentication vulnerabilities in the Siemens SIMATIC STEP 7 TIA Portal application. Siemens has produced a service pack that mitigates these vulnerabilities. AFFECTED PRODUCTS The following Siemens products are affected: SIMATI...

Cyme ChartFX Client Server ActiveX Control Array Indexing Vulnerability

No description provided by source. Application: CYME Power Engineering Software Platforms: Windows Version: CYME version 5.0.12.663. Secunia: SA48430 PRL: 2012-29 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1 Introduction 2...

CYME ChartFX ActiveX ShowPropertiesDialog pageNumber indexing error

Added: 12/17/2012 BID: 55765 OSVDB: 85894 Background The CYME Power Engineering Software is a suite of applications for power engineers. It includes the ChartFX ActiveX control. Problem An indexing error in ChartFX.ClientServer.Core.dll of the ChartFX ActiveX Control allows command execution when...

CYME ChartFX ActiveX ShowPropertiesDialog pageNumber indexing error

Added: 12/17/2012 BID: 55765 OSVDB: 85894 Background The CYME Power Engineering Software is a suite of applications for power engineers. It includes the ChartFX ActiveX control. Problem An indexing error in ChartFX.ClientServer.Core.dll of the ChartFX ActiveX Control allows command execution when...

CYME ChartFX ActiveX ShowPropertiesDialog pageNumber indexing error

Added: 12/17/2012 BID: 55765 OSVDB: 85894 Background The CYME Power Engineering Software is a suite of applications for power engineers. It includes the ChartFX ActiveX control. Problem An indexing error in ChartFX.ClientServer.Core.dll of the ChartFX ActiveX Control allows command execution when...

CYME ChartFX ActiveX ShowPropertiesDialog pageNumber indexing error

Added: 12/17/2012 BID: 55765 OSVDB: 85894 Background The CYME Power Engineering Software is a suite of applications for power engineers. It includes the ChartFX ActiveX control. Problem An indexing error in ChartFX.ClientServer.Core.dll of the ChartFX ActiveX Control allows command execution when...