Analysing the Attack Surface of an Industrial Data Acquisition Device

Introduction The Data Station Plus from Red Lion Controls was handed to me to analyse the attack surface. The device is designed to connect to SCADA data acquisition devices over Modbus, Profibus, etc. by Serial or Ethernet connection. Data is collected and recorded to a local compact flash card...

The vulnerability of Modicon microprogrammed controllers, related to the use of the Modbus service provided by the REST API, allows a hacker to disclose protected information.

The vulnerability of Modicon controller’s microprogrammed software is related to the use of the Modbus service provided by the REST API. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

The vulnerability of Modicon microprogrammed controllers lies in the transmission of confidential information in open text using the Modbus TCP protocol during controller programming, allowing attackers to disclose the protected information.

The vulnerability of Modicon controllers’ microprogramming software lies in the transmission of confidential information as open text using the Modbus TCP protocol during controller programming. Exploiting this vulnerability can allow a remote attacker to disclose the protected information...

The vulnerability of the Modbus protocol implementation in the “Communication Server” software of the EKRASMS-SP program suite for microprocessor-based EKRA 200 terminals allows a perpetrator to execute any command they desire.

The vulnerability of the Modbus protocol implementation in the “Communication Server” software of the EKRASMS-SP suite for microprocessor-based EKRA 200 terminals exists due to insufficient filtering of symbols in file paths. Exploiting this vulnerability allows a malicious actor to execute...

Siemens En100 Improper Authentication

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...

Siemens Siprotec Exposure of Sensitive Information to an Unauthorized Actor

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...

Siemens Dnp3 Improper Input Validation

A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module All versions V4.33, Firmware variant PROFINET IO for EN100 Ethernet module All versions, Firmware variant Modbus TCP for EN100 Ethernet module All versions, Firmware variant DNP3 TCP for EN100 Ethernet...

Siemens En100 Improper Authentication

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...

Siemens Siprotec Unspecified Vulnerability

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...

Siemens En100 Missing Authentication for Critical Function

A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant All versions V4.30, EN100 Ethernet module DNP3 variant All versions V1.04, EN100 Ethernet module PROFINET IO variant All versions, EN100 Ethernet module Modbus TCP variant All versions, EN100 Ethernet module IEC 104...

Siemens En100 Unspecified Vulnerability

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...

Siemens Dnp3 Improper Input Validation

A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module All versions V4.33, Firmware variant PROFINET IO for EN100 Ethernet module All versions, Firmware variant Modbus TCP for EN100 Ethernet module All versions, Firmware variant DNP3 TCP for EN100 Ethernet...

Carel pCOWeb HVAC Modbus Interface Authentication Bypass

Advisory: Unauthenticated Access to Modbus Interface in Carel pCOWeb HVAC As part of it's features, the Carel pCOWeb card exposes a Modbus interface to the network. By design, Modbus does not provide authentication, allowing to control the affected system. Details ======= Product: HVAC units usin...

Schneider 140NOE77101 Ethernet Module MODBUS Protocol Denial of Service Vulnerability

The 140NOE77101 is an Ethernet communication module for the Quantum series of PLCs from Schneider. A denial of service vulnerability exists in the MODBUS protocol of the Schneider 140NOE77101 Ethernet Module, which can be exploited by an attacker to be a denial of service to the server...

Schneider Electric Modicon M580/BMENOC 0311/BMENOC 0321 Information Disclosure Vulnerability (CNVD-2019-44958)

The Modicon M580/BMENOC 0311/BMENOC 0321 are programmable logic controllers from Schneider Electric. An information disclosure vulnerability exists in the Modicon M580/BMENOC 0311/BMENOC 0321. An attacker could exploit this vulnerability to obtain sensitive information when using certain Modbus...

CVE-2019-6845

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum all firmware versions, which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol...

CVE-2019-6849

A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when using specific Modbus services provided by the REST API of the controller/communication module...

Design/Logic Flaw

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum all firmware versions, which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol...

Information disclosure

A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when using specific Modbus services provided by the REST API of the controller/communication module...

CVE-2019-6849

A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when using specific Modbus services provided by the REST API of the controller/communication module...