6 matches found
CVE-2022-31206
The Omron SYSMAC Nx product family PLCs NJ series, NY series, NX series, and PMAC series through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software which compiles IEC 61131-3 conformant POU code to native machine code for execution...
The vulnerability of microprogrammed software in PACsystems programmable logic controllers, related to insufficient verification of data authenticity, allows a intruder to execute arbitrary code.
The vulnerability of microprogrammed programmable logic controllers from PACsystems is related to insufficient verification of data authenticity. Exploiting this vulnerability could allow an attacker, operating remotely, to execute arbitrary code using a specially crafted file written in...
Vulnerability Spotlight: Unsafe deserialization vulnerabilities in CODESYS Development System
Patrick DeSantis discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the CODESYS Development System. The CODESYS Development System is the IEC 61131-3 programming tool for industrial control and automation technology,... This is only...
CODESYS Development System PackageManagement.plugin ExtensionMethods.Clone() Unsafe Deserialization vulnerability
Summary An unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this...
WAGO e!Cockpit authentication hard-coded encryption key vulnerability
Summary A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit, version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text. Test...
WAGO PFC 200 SERIES Multiple Vulnerabilities
Exploit for hardware platform in category local exploits VENDOR DESCRIPTION “The WAGO-I/O-SYSTEM is a flexible fieldbus-independent solution for decentralized automation tasks. With the relay, function and interface modules, as well as overvoltage protection, WAGO provides a suitable interface fo...