361 matches found
EUVD-2025-35738
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target machine...
EUVD-2025-35740
A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and folders on the...
CVE-2025-60023
CVE-2025-60023 describes a relative path traversal in AutomationDirect Productivity Suite v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine. Public advisories and ref...
CVE-2025-58078
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target machine...
CVE-2025-58078
CVE-2025-58078 pertains to AutomationDirect Productivity Suite 4.4.1.19, where a relative path traversal flaw in the ProductivityService PLC simulator allows an unauthenticated remote attacker to write arbitrary data to the target machine. The issue is described across multiple sources (NVD, Red ...
CVE-2025-58456 AutomationDirect Productivity Suite Relative Path Traversal
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read arbitrary files on the target machine...
PT-2025-43570
Name of the Vulnerable Software and Affected Versions Productivity Suite version v4.4.1.19 Description A flaw exists due to a binding to an unrestricted IP address in the ProductivityService PLC simulator. This allows an unauthenticated remote attacker to interact with the simulator. Successful...
CVE-2011-20002
A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family incl. SIPLUS variants All versions V2.0.2, SIMATIC S7-1200 CPU V2 family incl. SIPLUS variants All versions V2.0.2. Affected controllers are vulnerable to capture-replay in the communication with the engineering software. This...
EUVD-2025-30936
Malicious code in bioql PyPI...
EUVD-2021-9935
Malicious code in bioql PyPI...
CVE-2025-56234
ATNA2000 from Nanda Automation Technology vendor has a denial-of-service vulnerability. For the processing of TCP RST packets, PLC ATNA2000 has a wide acceptable range of sequence numbers. It does not require the sequence number to exactly match the next expected sequence value, just to be within...
CVE-2025-56234
ATNA2000 from Nanda Automation Technology vendor has a denial-of-service vulnerability. For the processing of TCP RST packets, PLC ATNA2000 has a wide acceptable range of sequence numbers. It does not require the sequence number to exactly match the next expected sequence value, just to be within...
PT-2025-39225
Name of the Vulnerable Software and Affected Versions Click Plus PLC firmware version 3.60 Description An issue was found in the Click Plus PLC firmware version 3.60 related to the use of a weak cryptographic algorithm. The software utilizes an insecure implementation of the RSA encryption...
PT-2025-88: Cross‑site scripting and open redirect in Fastwel PLC web interface
The vulnerability was identified in Fastwel programmable controllers, versions 3.4.5.0 CPM810-03, 3.4.9.1 СPM723-01. The discovered vulnerability stems from the lack of user input filtering in the redirect parameter. Exploitation of the vulnerability allows a remote attacker to execute arbitrary...
PT-2025-86: Disclosure of confidential data via controller configuration request in Fastwel PLC web server
The vulnerability was identified in Fastwel programmable controllers, versions 3.4.5.0 CPM810-03, 3.4.9.1 СPM723-01. The discovered vulnerability can be exploited by an attacker to obtain administrator‑level privileges. Vulnerability status: Confirmed by vendor Date of vulnerability remediation:...
PT-2025-85: Insufficient access control in Fastwel PLC web server
The vulnerability was identified in Fastwel programmable controllers, versions 3.4.5.0 CPM810-03, 3.4.9.1 СPM723-01. Exploitation of the vulnerability allows an attacker with an unprivileged account to gain the access to protected information. Vulnerability status: Confirmed by vendor Date of...
An Earth-Shattering Kaboom: Bringing a Physical ICS Penetration Testing Environment to Life (Part 2)
Program Vulnerabilities and Manual Assessment This is the second in a three-part series on building and using a testing bench for Industrial Control Systems ICS. In this series, we will build a physical test bench, review program logic to find flaws, perform manual exploitation of commonly used I...
Mitsubishi Electric MELSEC iQ-F series 安全漏洞
The Mitsubishi Electric MELSEC iQ-F series is a programmable logic controller from Mitsubishi Electric Japan. A security vulnerability exists in the Mitsubishi Electric MELSEC iQ-F series that originates from insufficient input validation, which could result in a denial of service or CPU module...
Delta Electronics ISPSoft Stack Buffer Overflow Vulnerability (CNVD-2025-12375)
Delta Electronics ISPSoft is a programmable logic controller PLC programming software from Delta Electronics. A stack buffer overflow vulnerability exists in Delta Electronics ISPSoft, which can be exploited by an attacker to execute arbitrary code using debugging logic when parsing CBDGL files...
Delta Electronics ISPSoft Stack Buffer Overflow Vulnerability
Delta Electronics ISPSoft is a programmable logic controller PLC programming software from Delta Electronics. A stack buffer overflow vulnerability exists in Delta Electronics ISPSoft, which can be exploited by an attacker to execute arbitrary code while parsing a DVP file...