CVE-2018-8833

Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution...

The vulnerability of HMI/SCADA systems like InTouch Machine Edition and InduSoft Web Studio arises from buffer overflows in the stack. This allows attackers to escalate their privileges and execute arbitrary code.

The vulnerability of HMI/SCADA systems such as InTouch Machine Edition and InduSoft Web Studio arises due to buffer overflows in the stack. Exploiting this vulnerability allows a malicious actor to gain elevated privileges and execute arbitrary code...

Schneider Electric InduSoft Web Studio and InTouch Machine Edition Remote Code Execution Vulnerability

InduSoft Web Studio and InTouch Machine Edition are both an embedded HMI software package from Schneider Electric France. A remote code execution vulnerability exists in Schneider Electric InduSoft Web Studio and InTouch Machine Edition. InduSoft Web Studio provides the ability for the HMI client...

Advantech WebAccess Authentication Bypass Vulnerability

Advantech WebAccess is a set of HMI/SCADA software from Advantech based on browser architecture. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment. An authentication bypass vulnerability exists in Advantech...

Advantech WebAccess Elevation of Privilege Vulnerability

Advantech WebAccess is a set of HMI/SCADA software from Advantech based on browser architecture. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment. An elevation of privilege vulnerability exists in Advantec...

Advantech WebAccess nvA1Media Connect MediaUsername Stack Buffer Overflow Remote Code Execution Vulnerability

Advantech WebAccess is a set of HMI/SCADA software from Advantech based on browser architecture. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment. A stack buffer overflow remote code execution vulnerabilit...

PT-2017-3763 · Siemens · Hmi Mobile Panels +4

Name of the Vulnerable Software and Affected Versions: Siemens PROFINET DCP versions affected versions not specified SIMATIC HMI Multi Panels and HMI Mobile Panels affected versions not specified S7-300/S7-400 devices affected versions not specified Description: The issue is related to insufficie...

Sauter NovaWeb Web HMI Authentication Bypass Vulnerability

Sauter is a leading provider in the building, room automation, energy management and facility management sectors. An authentication bypass vulnerability exists in Sauter NovaWeb Web HMI, which can be exploited by an attacker to bypass security restrictions and perform unauthorized operations...

HMI/SCADA software webaccess 7.2/8.0/8.1 has 4 dll hijack vulnerabilities

WebAccess can build an information management platform for users and synchronize the efficiency of vertical market management development. There are 4 dll hijack vulnerabilities in the HMI/SCADA software webaccess, when bwopctool.dll, bwabout.dll, BwPAlarm.dll, and Webvsid.dll are loaded...

GE Proficy HMI SCADA CIMPLICITY Local Privilege Vulnerability

GE Proficy HMI SCADA CIMPLICITY is a client/server based HMI/SCADA solution. A security vulnerability exists in GE Proficy HMI SCADA CIMPLICITY that allows a local attacker to exploit the vulnerability to elevate privileges...

Ecava IntegraXor Privilege Bypass Vulnerability

Ecava IntegraXor is a set of Web-based tools for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor fails to properly check for user authorization when processing user access to sensitive web pages, allowing remote attackers to exploit the vulnerability to bypass security...

Ecava IntegraXor Cross-Site Scripting Vulnerability (CNVD-2016-02333)

Ecava IntegraXor is a set of Web-based tools for creating and running HMI interfaces for SCADA systems. A cross-site scripting vulnerability in Ecava IntegraXor for HMI operations using SCADA applications allows remote attackers to exploit the vulnerability to inject malicious script or HTML code...

Advantech WebAccess stack buffer overflow vulnerability (CNVD-2016-00434)

WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation devices in facility management systems, power stations and building automation systems. Multiple stack buffer overflow vulnerabilities exist in Advantech WebAccess versions...

The vulnerabilities of the software programs WinCC, Simatic NET PC-Software, Simatic Automation Tool, and Simatic HMI allow a perpetrator to successfully pass the authentication process.

The vulnerabilities of the WinCC software, Simatic NET PC-Software, Simatic Automation Tool, and Simatic HMI are related to deficiencies in password verification procedures. Exploiting these vulnerabilities can allow unauthorized users to successfully authenticate themselves by using the hash val...

Advantech WebAccess Heap Buffer Overflow Vulnerability

Advantech WebAccess is a set of HMI/SCADA software based on browser architecture from Advantech, China. A heap buffer overflow vulnerability exists in Advantech WebAccess. A local attacker could exploit this vulnerability to execute arbitrary code, which could also result in a denial of service...

Siemens SIMATIC and SIMATIC WinCC HMI Comfort Panels Denial of Service Vulnerability

Siemens SIMATIC WinCC is a complete Supervisory Control and Data Acquisition SCADA solution for industry, ranging from single-user systems to multi-user systems supporting redundant servers and remote Web client solutions. A security vulnerability in Siemens SIMATIC HMI Comfort Panels WinCC TIA...

Inductive Automation Ignition Cross-Site Scripting Vulnerability

Ignition is an updated version of FactoryPMI, the HMI/SCADA product offered by Inductive Automation. Ignition has a security vulnerability that can be exploited by an attacker to execute malicious content in a vulnerable web application. The server reads data directly from the HTTP request and th...

Siemens ICS Switches Hit With Buffer Overflow, Authentication Bugs

There are a number of serious vulnerabilities in the Siemens Ruggedcom WIN switches, including a remotely exploitable buffer overflow and a flaw that could allow an attacker to take actions on the device without authentication. The vulnerabilities affect several models of the Ruggedcom WIN...

Schneider Electric ETG3000 FactoryCast HMI Gateway Authentication Bypass Vulnerability

The Schneider Electric ETG3000 FactoryCast HMI Gateway is a Web-based SCADA system. An authentication bypass vulnerability exists in the Schneider Electric ETG3000 FactoryCast HMI Gateway, which can be exploited by an attacker to bypass the authentication mechanism and gain unauthorized access to...

CVE-2010-4597

Ecava IntegraXor HMI is affected by CVE-2010-4597 due to a stack-based buffer overflow in the save method of igcomm.dll (IntegraXor.Project ActiveX) prior to version 3.5.3900.10. An attacker could remotely trigger arbitrary code execution by sending a long string in the second argument. ICS-CERT ...