ABB AC500 V3 Multiple Vulnerabilities

SUMMARY ABB became aware of severe vulnerability in the products versions listed as affected in the advisory. An update is available that resolves these vulnerabilities. An attacker who successfully exploited these vulnerabilities could bypass the user management and read visualization files...

Siemens SIMATIC S7-1500 Reachable Assertion (CVE-2024-57924)

In the Linux kernel, the following vulnerability has been resolved: fs: relax assertions on failure to encode file handles Encoding file handles is usually performed by a filesystem encodefh method that may fail for various reasons. The legacy users of exportfsencodefh, namely, nfsd and...

Dahua IPC和Dahua SD 安全漏洞

Dahua IPC and Dahua SD are both products of Dahua, a Chinese company.Dahua IPC is a series of industrial controllers from Dahua.Dahua SD is a series of PTZ dome cameras. A security vulnerability exists in the Dahua IPC and Dahua SD. The vulnerability originates from a third-party malicious attack...

The vulnerability of the MQTT protocol implementation in the web interface of the microprogramming-based controller ABB RMC-100 and RMC-100-LITE allows a intruder to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the MQTT protocol implementation in the web interface of the microprogrammable controller ABB RMC-100 and RMC-100-LITE devices lies in the use of a rigidly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to bypass security restrictions and...

The vulnerability of the MQTT protocol implementation in the web interface of the microprogramming-based controller ABB RMC-100 and RMC-100-LITE allows a intruder to trigger a service failure.

The vulnerability of the MQTT protocol implementation in the web interface of the microprogramming-based controllers ABB RMC-100 and RMC-100-LITE lies in the fact that the operation data is written outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause...

📄 ABB Cylon FLXeon 9.3.5 bbmdList.js Authenticated Configuration Poisoning

The ABB Cylon FLXeon BACnet controller suffers from a configuration poisoning vulnerability in the put function of bbmdList.js, where the writeFile function is invoked to persist user-controlled data req.body.bipList and req.body.natList directly into sensitive configuration files /etc/bdt.txt an...

Siemens TeleControl Server Basic SQL注入漏洞

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that can be exploited by an attacker to cause remote code execution...

Siemens TeleControl Server Basic SQL注入漏洞

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that stems from an SQL injection in the ImportCertificate method, which can be exploited by an attacker to bypass authorization...

Siemens TeleControl Server Basic SQL注入漏洞

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that originates from a SQL injection in the internal method LockOpcSettings, which can be exploited by an attacker to bypass...

CVE-2024-8403

Improper Validation of Specified Type of Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET versions 1.100 to 1.200 and FX5-ENET/IP versions 1.100 to 1.104 allows a remote attacker to cause a Denial of Service condition in Ethernet communication of the products by...

Schneider Electric Modicon M340 缓冲区错误漏洞

The Schneider Electric Modicon M340 is a mid-range PLC Programmable Logic Controller for industrial processes and infrastructure from Schneider Electric France. The Schneider Electric Modicon M340 suffers from a buffer error vulnerability that originates from improperly constrained memory buffer...

Rockwell Automation 1756 缓冲区错误漏洞

The Rockwell Automation 1756 is a scalable controller solution from Rockwell Automation. It is capable of addressing a large number of I/O points. A security vulnerability exists in the Rockwell Automation 1756-EN4, which originates from a malicious user who may be able to assert a denial of...

WAGO 输入验证错误漏洞

WAGO is a 750-88x series programmable logic controller from WAGO, Germany. The device is designed for use in industrial environments where digital algorithms operate electronic systems. An input validation error vulnerability exists in the WAGO PFC200 Family, which can be exploited by an...

WAGO 缓冲区错误漏洞

WAGO is a 750-88x series programmable logic controller from WAGO, Germany. The device is a digital algorithmic operating electronics system designed specifically for applications in industrial environments. A buffer error vulnerability exists in the WAGO I/O-Check Service, which originates from a...

WAGO 安全漏洞

WAGO is a 750-88x series programmable logic controller from WAGO, Germany. The device is designed for use in industrial environments as an electronic system for the operation of digital algorithms. A security vulnerability exists in the WAGO I/O-Check Service that originates from an unauthenticat...

CVE-2021-22788

A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet Communication Modules:...

CVE-2021-22785

A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X...

WAGO 安全漏洞

WAGO is a 750-88x series programmable logic controller from WAGO, Germany. The device is an electronic system designed for the operation of digital algorithms for applications in industrial environments. A security vulnerability exists in the WAGO PFC200 device that can be exploited by an attacke...

WAGO 路径遍历漏洞

WAGO is a 750-88x series programmable logic controller from WAGO, Germany. The device is designed specifically for applications in industrial environments where digital algorithms operate electronic systems. A security vulnerability exists in the WAGO PFC200 device that can be exploited by an...

Schneider Electric Modicon M340 Path Traversal Vulnerability

The Schneider Electric Modicon M340 is a medium range PLC Programmable Logic Controller for industrial processes and infrastructure from Schneider Electric, France. A path traversal vulnerability exists in the Web Server on Modicon M340 that stems from improperly restricting the pathname of a...