The vulnerability of the web server of the microprogramming software for the Modbus AutomationDirect MB-Gateway allows a perpetrator to gain unauthorized access to the device.

The vulnerability of the web server of the microprogramming-based Modbus AutomationDirect MB-Gateway software lies in the absence of an authentication mechanism for a critical function. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to the...

Danfoss AK-SM 8xxA Series 安全漏洞

Danfoss AK-SM 8xxA Series is a series of industrial-grade intelligent pressure sensors from Danfoss, Denmark, designed for refrigeration and air conditioning systems and supporting Modbus communication. A security vulnerability exists in Danfoss AK-SM 8xxA Series versions prior to 4.2, which stem...

Honeywell MB-Secure 安全漏洞

Honeywell MB-Secure is an industrial-grade network security solution from Honeywell USA designed for the Modbus protocol to provide communication protection and access control for industrial control systems ICS. A security vulnerability exists in Honeywell MB-Secure versions prior to V11.04 throu...

CVE-2024-10498

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could allow an unauthorized attacker to modify configuration values outside of the normal range when the attacker sends specific Modbus write packets to the device which could result in...

XINJE XL5E-16T 安全漏洞

The XINJE XL5E-16T is an enhanced Ethernet controller from China XINJE Corporation XINJE. A security vulnerability exists in the XINJE XL5E-16T version 3.7.2a, which originated from a vulnerability that allows an attacker to cause a denial of service via a specially crafted Modbus message...

Vulnerability fixed in Schneider Electric Modicon

Schneider Electric has fixed a vulnerability in devices that use the Modbus protocol. The vulnerability is in how devices using the Modbus protocol validate input. When an unauthenticated and customized Modbus packet is sent to the device, it can result in a denial-of-service, compromising both t...

Schneider Electric Modicon M340 缓冲区错误漏洞

The Schneider Electric Modicon M340 is a mid-range PLC Programmable Logic Controller for industrial processes and infrastructure from Schneider Electric France. The Schneider Electric Modicon M340 suffers from a buffer error vulnerability that originates from improperly restricted memory buffer...

PT-2024-34471 · Inovance · Inovance Hcplc Am402-Cpu1608Tptn +2

Name of the Vulnerable Software and Affected Versions: Inovance HCPLC AM401-CPU1608TPTN version 21.38.0.0 Inovance HCPLC AM402-CPU1608TPTN version 41.38.0.0 Inovance HCPLC AM403-CPU1608TN version 81.38.0.0 Description: A buffer overflow in the RecvSocketData function allows attackers to cause a...

PT-2024-9212 · Schneider Electric · Modicon M340 Cpu Bmxp34

Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon M340 CPU BMXP34 affected versions not specified Description: The issue is related to insufficient input validation in the Modbus protocol implementation of the Schneider Electric Modicon M340 CPU BMXP34 programmable...

The vulnerability of the Modbus TCP interface of the microprogramming software used in multifunctional measuring instruments for measuring electrical network parameters from Siemens SENTRON 7KM PAC3200 allows a perpetrator to circumvent existing security restrictions and gain unauthorized access to protected information.

The vulnerability of the Modbus TCP interface of Siemens SENTRON 7KM PAC3200 multifunctional measuring instruments for measuring electrical network parameters lies in improper authentication mechanisms. This includes insufficient security measures, such as a weak 4-digit PIN code, and the absence...

New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure

Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems ICS-focused malware that has been used in a disruptive cyber attack targeting an energy company in the Ukrainian city of Lviv earlier this January. Industrial cybersecurity firm Dragos has dubbed the...

SILA Embedded Solutions GmbH freemodbus Security Vulnerability

SILA Embedded Solutions Freemodbus is an open source Modbus protocol stack from SILA Embedded Solutions. A security vulnerability exists in SILA Embedded Solutions GmbH freemodbus version 2018-09-12, which stems from a buffer overflow vulnerability allows remote attackers to cause a denial of...

CVE-2023-35835

An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication such as an encryption key and persists permanently, including after enrollment and setup is complete. The WiF...

CVE-2023-35835

The CVE-2023-35835 issue affects SolaX Pocket WiFi (versions 3–3.001.02) where the device exposes a WiFi access point for initial configuration that lacks network authentication and remains active after setup, paired with an unauthenticated ModBus interface and a web-based configuration utility. ...

CVE-2022-2081

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to...

The vulnerability of the Modbus TCP protocol implementation in Schneider Electric Modicon programmable logic controllers allows a intruder to trigger a service failure.

The vulnerability of the Modbus TCP protocol implementation in Schneider Electric Modicon programmable logic controllers is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability could allow a malicious actor to cause malfunctions in the service operation...

CVE-2023-25619

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol...

The vulnerability of the MODBUS protocol implementation in Tofino Xenon Security Appliance, Tofino Argon Security Appliance, and EAGLE 20 Tofino allows attackers to circumvent existing security restrictions.

The vulnerability of the MODBUS protocol implementation in Tofino Xenon Security Appliance, Tofino Argon Security Appliance, and EAGLE 20 Tofino lies in security configuration errors. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions using specially...

CVE-2022-37300

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions former name of...

Hitachi Energy RTU500 安全漏洞

RTU500 is a series of industrial control components from Hitachi, Japan, mainly used in industrial control systems. A buffer overflow vulnerability exists in the Hitachi Energy RTU500 series CMU firmware HCI Modbus TCP function. The vulnerability, which originates when HCI Modbus TCP is enabled a...