16 matches found
EUVD-2026-15402
From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account. Installations based on Panorama Suite 2022-SP1 22.50.005 are vulnerable unless update PS-2210-02-4079 or high...
EUVD-2024-55464
Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system...
EUVD-2019-16136
Malware in sbrugna...
EUVD-2019-16135
Malware in sbrugna...
EUVD-2021-14140
Malware in sbrugna...
EUVD-2018-9645
Malware in sbrugna...
EUVD-2018-5750
Malware in sbrugna...
EUVD-2018-5749
Malware in sbrugna...
EUVD-2021-14139
Malware in sbrugna...
EUVD-2021-14138
Malware in sbrugna...
CVE-2025-0960 AutomationDirect C-more EA9 HMI Classic Buffer Overflow
AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a denial-of-service condition or achieving remote code execution on the affected device...
AutomationDirect C-more EA9 HMI
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition or achieve remote code execution on the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...
CVE-2023-1049
A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI...
Hopscotch MagicWorks HMI wintab32 suffers from dll hijacking vulnerability
Shenzhen Hexin Automation Technology Co., Ltd. is a company that mainly deals with items such as PLC, HMI, servo, special control system, remote I/O and field network products. Hopsin MagicWorks HMI wintab32 has a dll hijacking vulnerability that can be exploited by attackers to execute malicious...
Wecon PI Studio HMI and PI Studio Buffer Overflow Vulnerability
Wecon PI Studio HMI and PI Studio are both HMI programming software from Wecon Technologies China. An out-of-bounds read vulnerability exists in Wecon PI Studio HMI version 4.1.9 and earlier and PI Studio version 4.2.34 and earlier, where the program fails to properly validate user-submitted data...
The vulnerability of Schneider Electric InTouch Machine Edition and InduSoft Web Studio HMI/SCADA systems lies in their authentication procedures, which allow attackers to execute arbitrary commands and gain full control over the server.
The vulnerability of Schneider Electric InTouch Machine Edition and InduSoft Web Studio HMI/SCADA systems is related to deficiencies in the authentication process for HMI clients. Exploiting this vulnerability allows a malicious actor to bypass the authentication process, execute arbitrary...