📄 Siklu EtherHaul Series EH-8010 / EH-1200 File Upload

PHP proof of concept for a critical vulnerability that exists in Siklu EtherHaul EH-8010 and EH-1200 devices running firmware versions 7.4.0 through 10.7.3. The rfpiped service exposed on TCP port 555 uses hardcoded AES-256-CBC encryption parameters static key and IV and lacks any authentication...

CVE-2023-4204

NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate...

A Comprehensive Study on Cyber Attack Vectors in EV Traction Power Electronics

Electric vehicles EVs have drastically changed the auto industry and developed a new era of technologies where power electronics play the leading role in traction management, energy conversion and vehicle control processes. Nevertheless, this is a digital transformation, and the cyber-attack...

EUVD-2023-54078

Malicious code in bioql PyPI...

EUVD-2022-45847

Malicious code in bioql PyPI...

Code Execution Vulnerabilities in Multiple Advantech Products

The Advantech WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN are all industrial automation controllers from Advantech of Taiwan, China. A code execution vulnerability exists in multiple Advantech products, which can be exploited by attackers to inject or modify firmware via the JTAG interface...

CVE-2023-42143

Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is updated with the manipulated firmware...

CVE-2022-30316

Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The...

CVE-2022-30314

Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The...

CVE-2022-30317

Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access CDA EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell...

Siemens VersiCharge AC Series EV Chargers

SUMMARY VersiCharge AC Series EV Chargers contain two vulnerabilities that could allow an attacker to gain control of the chargers through default Modbus port or execute arbitrary code by manipulating the M0 firmware. Siemens has released new versions for several affected products and recommends...

CVE-2025-0592

The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file and uploading it to the device...

CVE-2025-0592

The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file and uploading it to the device...

CVE-2025-0592 SICK Lector8xx and InspectorP8xx vulnerable for code execution

The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file and uploading it to the device...

CVE-2025-0592

CVE-2025-0592 affects SICK Lector8xx and SICK InspectorP8xx devices. Multiple connected sources indicate a remote, low-privilege attacker can execute arbitrary shell commands by manipulating firmware files and uploading them to the device. Reported affected versions include SICK Lector8xx prior t...

Vulnerability in SICK Lector8xx and SICK InspectorP8xx

SICK has found two vulnerabilities that affect the SICK Lector8xx and SICK InspectorP8xx. The vulnerabilities may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file or executing low-level functions. SICK is currently not aware of any public...

CVE-2022-42784

A vulnerability has been identified in LOGO! 12/24RCE 6ED1052-1MD08-0BA1 All versions = V8.3, LOGO! 12/24RCEo 6ED1052-2MD08-0BA1 All versions = V8.3, LOGO! 230RCE 6ED1052-1FB08-0BA1 All versions = V8.3, LOGO! 230RCEo 6ED1052-2FB08-0BA1 All versions = V8.3, LOGO! 24CE 6ED1052-1CC08-0BA1 All versio...

CVE-2023-42143

Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is updated with the manipulated firmware...

CVE-2022-42784

A vulnerability has been identified in LOGO! 12/24RCE 6ED1052-1MD08-0BA1 All versions = V8.3, LOGO! 12/24RCEo 6ED1052-2MD08-0BA1 All versions = V8.3, LOGO! 230RCE 6ED1052-1FB08-0BA1 All versions = V8.3, LOGO! 230RCEo 6ED1052-2FB08-0BA1 All versions = V8.3, LOGO! 24CE 6ED1052-1CC08-0BA1 All versio...

CVE-2022-42784

A vulnerability has been identified in LOGO! 12/24RCE 6ED1052-1MD08-0BA1 All versions = V8.3, LOGO! 12/24RCEo 6ED1052-2MD08-0BA1 All versions = V8.3, LOGO! 230RCE 6ED1052-1FB08-0BA1 All versions = V8.3, LOGO! 230RCEo 6ED1052-2FB08-0BA1 All versions = V8.3, LOGO! 24CE 6ED1052-1CC08-0BA1 All versio...