The vulnerability of the Modbus TCP protocol implementation in microprogrammed software for programmable logic controllers from Schneider Electric, such as Modicon M340, M580, MC80, Modicon Momentum MDI, Legacy Modicon Quantum, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Modbus TCP protocol implementation in microprogrammed logic controllers from Schneider Electric, such as Modicon M340, M580, MC80, Modicon Momentum MDI, and Legacy Modicon Quantum, is related to errors in information processing. Exploiting this vulnerability can allow an...

CVE-2021-22642

An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system...

The vulnerability of the Honeywell Modbus TCP protocol and the Safety Builder controller devices for emergency protection systems like Safety Manager, as well as the micro-programmed software for programmable logic controllers like Honeywell Experion PKS, allows a intruder to alter the device’s configuration.

The vulnerability of Honeywell Modbus TCP and Safety Builder controllers’ anti-disaster protection devices, such as Safety Manager and Honeywell Experion PKS programmable logic controllers, is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow an...

Hitachi Energy RTU500 输入验证错误漏洞

Hitachi Energy RTU500 is a series of industrial control components from Hitachi, Ltd Hitachi, Japan. The Hitachi Energy RTU500 suffers from an input validation error vulnerability that stems from a length information validation error carried in MBAP. An attacker could exploit the vulnerability by...

ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File CRUD

Summary Scadaflex II controllers are 100% web based for both configuration and user interface. No applications are required other than any standard web browser. They are easily supported by remote access over the Internet or a cellular link. Scadaflex II controllers support industry standard wire...

Schneider Electric Modicon Controllers Trust Boundary Violation (CVE-2018-7846)

A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller. This plugi...

Schneider Electric Modicon Code Injection (CVE-2019-6816)

In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unauthorized firmware modification with possible Denial of Service when using Modbus protocol. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

SCADAPack 代码问题漏洞

SCADAPack is a Schneider-electric intelligent field controller that combines the monitoring and communication capabilities of a Remote Terminal Unit RTU with the processing and data logging capabilities of a Programmable Logic Controller PLC to provide superior functionality for remote processes...

USN-5173-2: libmodbus vulnerabilities

USN-5173-1 fixed vulnerabilities in libmodbus. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that libmodbus incorrectly handled inputs. An attacker could possibly use this issue to cause a denial of service o...

USN-5173-1: libmodbus vulnerabilities

It was discovered that libmodbus incorrectly handled inputs. An attacker could possibly use this issue to cause a denial of service or other unspecified impact...

Debian: Security Advisory (DLA-2825-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2825-1] libmodbus security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2825-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz November 22, 2021 https://wiki.debian.org/LTS -...

The vulnerability of the Modbus protocol implementation in microprogrammed software for programmable logic controllers like Modicon Quantum arises from incorrect code generation. This allows attackers to trigger malfunctions during maintenance operations.

The vulnerability of the Modbus protocol implementation in microprogrammed software for programmable logic controllers like Modicon Quantum is related to incorrect code generation. Exploiting this vulnerability could allow an attacker, operating remotely, to cause malfunctions in the system’s...

The vulnerability of the Modbus protocol implementation in microprogrammed software for programmable logic controllers like Modicon Quantum allows a intruder to trigger malfunctions in the equipment or unauthorized changes to its configuration.

The vulnerability of the Modbus protocol implementation in microprogrammed logic controllers like Modicon Quantum is related to errors in privilege management. Exploiting this vulnerability could allow an attacker to cause service failures or unauthorized changes to the PLC’s configuration...

HCC Embedded InterNiche 安全特征问题漏洞

The SENTRON 3WA COM190 is an accessory module for 3WA circuit breakers providing connectivity via PROFINET IO and Modbus TCP.The SENTRON 3WL COM35 is an accessory module for 3WL circuit breakers providing connectivity via PROFINET IO and Modbus TCP.The SENTRON 7KM PAC The Switched Ethernet PROFIN...

Mitsubishi Electric GOT2000 安全漏洞

The Mitsubishi Electric GOT2000 is a GOT2000 series graphical operator terminal from Mitsubishi Electric Japan. A security vulnerability exists in the Mitsubishi Electric GOT2000 that originates from stopping the product's communication function by quickly and repeatedly connecting and...

CVE-2021-22772

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T200 Modbus SC2-04MOD-07000100 and earlier, Easergy T200 IEC104 SC2-04IEC-07000100 and earlier, and Easergy T200 DNP3 SC2-04DNP-07000102 and earlier that could cause unauthorized operation when authentication ...

Schneider Electric Easergy T200产品访问控制错误漏洞

Schneider-electric Schneider Electric Easergy T200 is a remote control terminal for medium/low voltage substations from Schneider-electric, France. An access control error vulnerability exists in several Schneider Electric products due to a lack of valid authorized operation of the product and...

isf

This is an Industrial Exploitation Framework ISF repository, a Python-based framework for exploitation and testing of industrial control systems ICS. The framework is similar to Metasploit and is designed to be used for penetration testing and vulnerability assessment of ICS devices. The reposito...

Phoenix Contact FL COMSERVER UNI 安全漏洞

The Phoenix Contact FL COMSERVER UNI is an interface converter from Phoenix Contac Phoenix Contact, Germany. Serial Device Server for Converting Serial 232/422/485 Interfaces to Ethernet A security vulnerability exists in the Phoenix Contact FL COMSERVER UNI, which stems from an invalid Modbus...