180 matches found
PT-2023-2953 · Horner Automation · Cscape
Name of the Vulnerable Software and Affected Versions: Horner Automation Cscape affected versions not specified Description: The issue is related to a lack of proper validation of user-supplied data when parsing project files, such as HMI files. This could lead to an out-of-bounds read, potential...
Contec CONPROSYS HMI System 安全漏洞
Contec CONPROSYS HMI System is an HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product based on HTML5 technology from Contec Japan. A security vulnerability exists in Contec CONPROSYS HMI System. An attacker could exploit the vulnerability to perform a SQL...
Contec CONPROSYS HMI System 授权问题漏洞
Contec CONPROSYS HMI System is an HTML5-based HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product from Contec Japan. An authorization issue vulnerability exists in CONPROSYS HMI System CHS, which arises from the use of password hashes instead of passwords f...
Contec CONPROSYS HMI System 跨站脚本漏洞
Contec CONPROSYS HMI System is an HTML5-based HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product from Contec Japan. A cross-site scripting vulnerability exists in CONPROSYS HMI System CHS, which can be exploited by an attacker to execute arbitrary script o...
PT-2022-5030
Name of the Vulnerable Software and Affected Versions SIMATIC Drive Controller family versions prior to V2.9.2 SIMATIC ET 200SP Open Controller CPU 1515SP PC versions prior to V21.9 SIMATIC ET 200SP Open Controller CPU 1515SP PC2 versions prior to V21.9 SIMATIC S7-1200 CPU family versions prior t...
The software for human-machine interfaces, WECON LeviStudioU, is vulnerable. An attacker can execute arbitrary code.
The vulnerability of the WECON LeviStudioU software for human-machine interface programming arises due to an overflow in the buffer in the dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the WECON LeviStudioU software for human-machine interfaces arises from buffer overflows in the stack-based mechanism, allowing attackers to execute arbitrary code.
The vulnerability of the WECON LeviStudioU software for human-machine interface programming arises due to a buffer overflow based on a stack. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
AutomationDirect C-more EA9 HMI 代码问题漏洞
AutomationDirect DirectLOGIC is a programmable logic controller from AutomationDirect, Inc. A code issue vulnerability exists in the AutomationDirect C-more EA9 HMI that stems from a security issue in the installation directory that could allow an attacker to execute code during installation and...
CVE-2022-29518
Screen Creator Advance2, HMI GC-A2 series, and Real time remote monitoring and control tool Screen Creator Advance2 versions prior to Ver.0.1.1.3 Build01, HMI GC-A2 seriesGC-A22W-CW, GC-A24W-CW, GC-A26W-CW, GC-A24, GC-A24-M, GC-A25, GC-A26, and GC-A26-J2, and Real time remote monitoring and contr...
KOYO Electronics Screen Creator Advance2 vulnerable to authentication bypass
Overview Screen Creator Advance2 provided by KOYO ELECTRONICS INDUSTRIES CO., LTD. is a screen development tool for KOYO ELECTRONICS's HMI. Screen Creator Advance2 contains an authentication bypass vulnerability CWE-807 due to the improper check for the Remote control setting's account names. KOY...
Siemens SCALANCE 安全漏洞
SCALANCE X switches are used to connect industrial components such as programmable logic controllers PLCs or human machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions. An access control error vulnerability exists in Siemens SCALANCE X-300 Switch Fami...
多款 Siemens 产品输入验证错误漏洞
SCALANCE X switches are used to connect to industrial components such as programmable logic controllers PLCs or human-machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions.Siemens SCALANCE X-300 Switch Family Devices are vulnerable to an input validati...
多款 Siemens 产品 缓冲区错误漏洞
SCALANCE X switches are used to connect to industrial components such as programmable logic controllers PLCs or human-machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions.A buffer overflow vulnerability exists in Siemens SCALANCE X-300 Switch Family...
mySCADA myPRO 操作系统命令注入漏洞
mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to inject arbitrary operating system commands via specific paramete...
mySCADA myPRO 操作系统命令注入漏洞
mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to inject arbitrary operating system commands via specific paramete...
Wecon Technologies LeviStudioU 缓冲区错误漏洞
Wecon Technologies LeviStudioU is a suite of HMI programming software from China's Wecon Technologies. A security vulnerability exists in WECON LeviStudioU, which can be exploited by attackers to remotely execute code...
Wecon Technologies LeviStudioU 缓冲区错误漏洞
Wecon Technologies LeviStudioU is a set of human-machine interface programming software from Wecon Technologies China. A security vulnerability exists in Wecon Technologies LeviStudioU, which can be exploited by attackers to execute code...
Mitsubishi Electric Got 输入验证错误漏洞
Mitsubishi Electric Got is an HMI touchscreen from Mitsubishi Electric Japan. An input validation error vulnerability exists in Mitsubishi Electric GOT, which can be exploited by an attacker to send malicious packets to rewrite the device and adversely affect the operation of the system...
The vulnerability of HMI/SCADA systems like xArrow arises from the possibility of running them with unverified registry keys with application-level privileges. This allows attackers to bypass existing security restrictions and enhance their privileges.
The vulnerability of HMI/SCADA systems like xArrow stems from the ability to execute commands through unverified registry keys with application-level privileges. Exploiting this vulnerability allows attackers to bypass existing security restrictions and enhance their privileges...
The vulnerability of the “bdate” parameter in the xhisvalue.htm component of the HMI/SCADA application xArrow allows attackers to perform cross-site scripting attacks.
The vulnerability of the “bdate” parameter in the xhisvalue.htm component of the HMI/SCADA application xArrow is related to the lack of measures taken to protect the web page structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...