PT-2022-5030

Name of the Vulnerable Software and Affected Versions SIMATIC Drive Controller family versions prior to V2.9.2 SIMATIC ET 200SP Open Controller CPU 1515SP PC versions prior to V21.9 SIMATIC ET 200SP Open Controller CPU 1515SP PC2 versions prior to V21.9 SIMATIC S7-1200 CPU family versions prior t...

The software for human-machine interfaces, WECON LeviStudioU, is vulnerable. An attacker can execute arbitrary code.

The vulnerability of the WECON LeviStudioU software for human-machine interface programming arises due to an overflow in the buffer in the dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the WECON LeviStudioU software for human-machine interfaces arises from buffer overflows in the stack-based mechanism, allowing attackers to execute arbitrary code.

The vulnerability of the WECON LeviStudioU software for human-machine interface programming arises due to a buffer overflow based on a stack. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

AutomationDirect C-more EA9 HMI 代码问题漏洞

AutomationDirect DirectLOGIC is a programmable logic controller from AutomationDirect, Inc. A code issue vulnerability exists in the AutomationDirect C-more EA9 HMI that stems from a security issue in the installation directory that could allow an attacker to execute code during installation and...

CVE-2022-29518

Screen Creator Advance2, HMI GC-A2 series, and Real time remote monitoring and control tool Screen Creator Advance2 versions prior to Ver.0.1.1.3 Build01, HMI GC-A2 seriesGC-A22W-CW, GC-A24W-CW, GC-A26W-CW, GC-A24, GC-A24-M, GC-A25, GC-A26, and GC-A26-J2, and Real time remote monitoring and contr...

KOYO Electronics Screen Creator Advance2 vulnerable to authentication bypass

Overview Screen Creator Advance2 provided by KOYO ELECTRONICS INDUSTRIES CO., LTD. is a screen development tool for KOYO ELECTRONICS's HMI. Screen Creator Advance2 contains an authentication bypass vulnerability CWE-807 due to the improper check for the Remote control setting's account names. KOY...

多款 Siemens 产品输入验证错误漏洞

SCALANCE X switches are used to connect to industrial components such as programmable logic controllers PLCs or human-machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions.Siemens SCALANCE X-300 Switch Family Devices are vulnerable to an input validati...

Siemens SCALANCE 安全漏洞

SCALANCE X switches are used to connect industrial components such as programmable logic controllers PLCs or human machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions. An access control error vulnerability exists in Siemens SCALANCE X-300 Switch Fami...

多款 Siemens 产品 缓冲区错误漏洞

SCALANCE X switches are used to connect to industrial components such as programmable logic controllers PLCs or human-machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions.A buffer overflow vulnerability exists in Siemens SCALANCE X-300 Switch Family...

mySCADA myPRO 操作系统命令注入漏洞

mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to inject arbitrary operating system commands via specific paramete...

Wecon Technologies LeviStudioU 缓冲区错误漏洞

Wecon Technologies LeviStudioU is a suite of HMI programming software from China's Wecon Technologies. A security vulnerability exists in WECON LeviStudioU, which can be exploited by attackers to remotely execute code...

mySCADA myPRO 操作系统命令注入漏洞

mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to inject arbitrary operating system commands via specific paramete...

Wecon Technologies LeviStudioU 缓冲区错误漏洞

Wecon Technologies LeviStudioU is a set of human-machine interface programming software from Wecon Technologies China. A security vulnerability exists in Wecon Technologies LeviStudioU, which can be exploited by attackers to execute code...

Mitsubishi Electric Got 输入验证错误漏洞

Mitsubishi Electric Got is an HMI touchscreen from Mitsubishi Electric Japan. An input validation error vulnerability exists in Mitsubishi Electric GOT, which can be exploited by an attacker to send malicious packets to rewrite the device and adversely affect the operation of the system...

The vulnerability of HMI/SCADA systems like xArrow arises from the possibility of running them with unverified registry keys with application-level privileges. This allows attackers to bypass existing security restrictions and enhance their privileges.

The vulnerability of HMI/SCADA systems like xArrow stems from the ability to execute commands through unverified registry keys with application-level privileges. Exploiting this vulnerability allows attackers to bypass existing security restrictions and enhance their privileges...

The vulnerability of the “bdate” parameter in the xhisvalue.htm component of the HMI/SCADA application xArrow allows attackers to perform cross-site scripting attacks.

The vulnerability of the “bdate” parameter in the xhisvalue.htm component of the HMI/SCADA application xArrow is related to the lack of measures taken to protect the web page structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

ECOA Building Automation System - Configuration Download Information Disclosure

Exploit Title: ECOA Building Automation System - Configuration Download Information Disclosure Date: 25.06.2021 Exploit Author: Neurogenesia Vendor Homepage: http://www.ecoa.com.tw ECOA Building Automation System Configuration Download Information Disclosure Vendor: ECOA Technologies Corp. Produc...

ECOA Building Automation System Directory Traversal Vulnerability

ECOA building automation systems suffer from directory traversal vulnerability that allows for content disclosure. Many versions are affected. ECOA Building Automation System Directory Traversal Content Disclosure Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected...

ECOA Building Automation System Path Traversal / Arbitrary File Upload Vulnerabilities

ECOA building automation systems suffer from path traversal and arbitrary file upload vulnerabilities. Many versions are affected. ECOA Building Automation System Path Traversal Arbitrary File Upload Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA E...

ECOA Building Automation System Path Traversal Arbitrary File Upload

Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...