Lucene search
K

361 matches found

EUVD
EUVD
added 2025/10/24 12:30 a.m.6 views

EUVD-2025-35738

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target machine...

8.3CVSS6.8AI score0.00562EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/24 12:30 a.m.8 views

EUVD-2025-35740

A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and folders on the...

10CVSS6.7AI score0.00605EPSS
Exploits0References5
CVE
CVE
added 2025/10/23 10:21 p.m.11 views

CVE-2025-60023

CVE-2025-60023 describes a relative path traversal in AutomationDirect Productivity Suite v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine. Public advisories and ref...

6.3CVSS6.9AI score0.00465EPSS
Exploits0References4
NVD
NVD
added 2025/10/23 10:15 p.m.6 views

CVE-2025-58078

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target machine...

8.3CVSS0.00562EPSS
Exploits0References4
CVE
CVE
added 2025/10/23 10:9 p.m.17 views

CVE-2025-58078

CVE-2025-58078 pertains to AutomationDirect Productivity Suite 4.4.1.19, where a relative path traversal flaw in the ProductivityService PLC simulator allows an unauthenticated remote attacker to write arbitrary data to the target machine. The issue is described across multiple sources (NVD, Red ...

8.3CVSS6.9AI score0.00562EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/23 10:5 p.m.5 views

CVE-2025-58456 AutomationDirect Productivity Suite Relative Path Traversal

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read arbitrary files on the target machine...

8.2CVSS6.8AI score0.00566EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/23 12:0 a.m.6 views

PT-2025-43570

Name of the Vulnerable Software and Affected Versions Productivity Suite version v4.4.1.19 Description A flaw exists due to a binding to an unrestricted IP address in the ProductivityService PLC simulator. This allows an unauthenticated remote attacker to interact with the simulator. Successful...

10CVSS6.6AI score0.00605EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/10/15 9:54 a.m.7 views

CVE-2011-20002

A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family incl. SIPLUS variants All versions V2.0.2, SIMATIC S7-1200 CPU V2 family incl. SIPLUS variants All versions V2.0.2. Affected controllers are vulnerable to capture-replay in the communication with the engineering software. This...

8.3CVSS7.4AI score0.00288EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-30936

Malicious code in bioql PyPI...

8.7CVSS6.5AI score0.00287EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2021-9935

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01004EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/30 12:45 a.m.13 views

CVE-2025-56234

ATNA2000 from Nanda Automation Technology vendor has a denial-of-service vulnerability. For the processing of TCP RST packets, PLC ATNA2000 has a wide acceptable range of sequence numbers. It does not require the sequence number to exactly match the next expected sequence value, just to be within...

6.9AI score0.00312EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/29 12:0 a.m.4 views

CVE-2025-56234

ATNA2000 from Nanda Automation Technology vendor has a denial-of-service vulnerability. For the processing of TCP RST packets, PLC ATNA2000 has a wide acceptable range of sequence numbers. It does not require the sequence number to exactly match the next expected sequence value, just to be within...

6.5AI score0.00312EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/23 12:0 a.m.6 views

PT-2025-39225

Name of the Vulnerable Software and Affected Versions Click Plus PLC firmware version 3.60 Description An issue was found in the Click Plus PLC firmware version 3.60 related to the use of a weak cryptographic algorithm. The software utilizes an insecure implementation of the RSA encryption...

8.7CVSS6.3AI score0.00115EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.6 views

PT-2025-88: Cross‑site scripting and open redirect in Fastwel PLC web interface

The vulnerability was identified in Fastwel programmable controllers, versions 3.4.5.0 CPM810-03, 3.4.9.1 СPM723-01. The discovered vulnerability stems from the lack of user input filtering in the redirect parameter. Exploitation of the vulnerability allows a remote attacker to execute arbitrary...

8.6CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.7 views

PT-2025-86: Disclosure of confidential data via controller configuration request in Fastwel PLC web server

The vulnerability was identified in Fastwel programmable controllers, versions 3.4.5.0 CPM810-03, 3.4.9.1 СPM723-01. The discovered vulnerability can be exploited by an attacker to obtain administrator‑level privileges. Vulnerability status: Confirmed by vendor Date of vulnerability remediation:...

8.3CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.6 views

PT-2025-85: Insufficient access control in Fastwel PLC web server

The vulnerability was identified in Fastwel programmable controllers, versions 3.4.5.0 CPM810-03, 3.4.9.1 СPM723-01. Exploitation of the vulnerability allows an attacker with an unprivileged account to gain the access to protected information. Vulnerability status: Confirmed by vendor Date of...

8.6CVSS5.8AI score
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2025/09/02 6:0 p.m.5 views

An Earth-Shattering Kaboom: Bringing a Physical ICS Penetration Testing Environment to Life (Part 2)

Program Vulnerabilities and Manual Assessment This is the second in a three-part series on building and using a testing bench for Industrial Control Systems ICS. In this series, we will build a physical test bench, review program logic to find flaws, perform manual exploitation of commonly used I...

7.6AI score
Exploits0
CNNVD
CNNVD
added 2025/05/29 12:0 a.m.4 views

Mitsubishi Electric MELSEC iQ-F series 安全漏洞

The Mitsubishi Electric MELSEC iQ-F series is a programmable logic controller from Mitsubishi Electric Japan. A security vulnerability exists in the Mitsubishi Electric MELSEC iQ-F series that originates from insufficient input validation, which could result in a denial of service or CPU module...

9.1CVSS6.5AI score0.00694EPSS
Exploits0References4
CNVD
CNVD
added 2025/05/07 12:0 a.m.3 views

Delta Electronics ISPSoft Stack Buffer Overflow Vulnerability (CNVD-2025-12375)

Delta Electronics ISPSoft is a programmable logic controller PLC programming software from Delta Electronics. A stack buffer overflow vulnerability exists in Delta Electronics ISPSoft, which can be exploited by an attacker to execute arbitrary code using debugging logic when parsing CBDGL files...

9.8CVSS7.5AI score0.00349EPSS
Exploits0References1
CNVD
CNVD
added 2025/05/07 12:0 a.m.3 views

Delta Electronics ISPSoft Stack Buffer Overflow Vulnerability

Delta Electronics ISPSoft is a programmable logic controller PLC programming software from Delta Electronics. A stack buffer overflow vulnerability exists in Delta Electronics ISPSoft, which can be exploited by an attacker to execute arbitrary code while parsing a DVP file...

9.8CVSS7.5AI score0.00314EPSS
Exploits0References1
Rows per page
Query Builder