CVE-2018-5400 The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices, resulting in an origin validation error

The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, "Hello World" over UDP ports 44444-44446 to the broadcast...

Auto-Maskin DCU 210E RP 210E and Marine Pro Observer App

Overview Auto-Maskin RP remote panels and DCU controls units are used to monitor and control ship engines. The units have several authentication and encryption vulnerabilities which can allow attackers to access the units and control connected engines. Description CWE 798: ​Use of Hard-Coded...

Schneider Electric Serial Modbus Driver Buffer Overflow

OVERVIEW Carsten Eiram of Risk-Based Security has identified a stack-based buffer overflow vulnerability in Schneider Electric’s Serial Modbus Driver that affects 11 Schneider Electric products. Schneider Electric has produced patches that mitigate this vulnerability. This vulnerability can be...

SEIG Modbus 3.4 Denial Of Service

Title: SEIG Modbus 3.4 - Denial of Service PoC Author: Alejandro Parodi Date: 2018-08-17 Vendor Homepage: https://www.schneider-electric.com Software Link: https://github.com/hdbreaker/Ricnar-Exploit-Solutions/tree/master/Medium/CVE-2013-0662-SEIG-Modbus-Driver-v3.34/VERSION%203.4 Version: v3.4...

SEIG Modbus 3.4 - Remote Code Execution

SEIG Modbus 3.4 - Remote Code Execution Title: SEIG Modbus 3.4 - Remote Code Execution Author: Alejandro Parodi Date: 2018-08-17 Vendor Homepage: https://www.schneider-electric.com Software Link:...

SEIG Modbus 3.4 - Denial of Service Exploit

Exploit for windows platform in category dos / poc Title: SEIG Modbus 3.4 - Denial of Service PoC Author: Alejandro Parodi Vendor Homepage: https://www.schneider-electric.com Software Link:...

SEIG Modbus 3.4 - Denial of Service (PoC)

SEIG Modbus 3.4 - Denial of Service PoC Title: SEIG Modbus 3.4 - Denial of Service PoC Author: Alejandro Parodi Date: 2018-08-17 Vendor Homepage: https://www.schneider-electric.com Software Link:...

SEIG Modbus 3.4 Remote Code Execution

Title: SEIG Modbus 3.4 - Remote Code Execution Author: Alejandro Parodi Date: 2018-08-17 Vendor Homepage: https://www.schneider-electric.com Software Link: https://github.com/hdbreaker/Ricnar-Exploit-Solutions/tree/master/Medium/CVE-2013-0662-SEIG-Modbus-Driver-v3.34/VERSION%203.4 Version: v3.4...

SEIG Modbus 3.4 - Denial of Service (PoC)

Title: SEIG Modbus 3.4 - Denial of Service PoC Author: Alejandro Parodi Date: 2018-08-17 Vendor Homepage: https://www.schneider-electric.com Software Link: https://github.com/hdbreaker/Ricnar-Exploit-Solutions/tree/master/Medium/CVE-2013-0662-SEIG-Modbus-Driver-v3.34/VERSION%203.4 Version: v3.4...

SEIG Modbus 3.4 - Remote Code Execution

Title: SEIG Modbus 3.4 - Remote Code Execution Author: Alejandro Parodi Date: 2018-08-17 Vendor Homepage: https://www.schneider-electric.com Software Link: https://github.com/hdbreaker/Ricnar-Exploit-Solutions/tree/master/Medium/CVE-2013-0662-SEIG-Modbus-Driver-v3.34/VERSION%203.4 Version: v3.4...

Arbitrary Memory Read Vulnerability in Hologic LE5109L PLCs

HOLLIS Group is a professional automation company integrating R&D, production, sales and technical service. An arbitrary memory read vulnerability exists in the HELISE LE5109L PLC, which can be exploited to cause the value of any register in the PLC to be read arbitrarily by constructing a specif...

Arbitrary Memory Tampering Vulnerability in Hologic LE5109L PLCs

HOLLIS Group is a professional automation company integrating R&D, production, sales and technical service. A memory arbitrary tampering vulnerability exists in the HELISE LE5109L PLC, which can be exploited by an attacker to remotely tamper with PLC register values by constructing specific modbu...

Remote Controller Removal Vulnerability in HOLLYWOOD LE5109L PLCs

HOLLIS Group is a professional automation company integrating R&D, production, sales and technical service. A remote controller removal vulnerability exists in the Hologic LE5109L PLC, where an attacker can construct specific modbus packets to remotely remove all program and configuration...

ABB Panel Builder ModBus Beckhoff ClockDevice Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

ABB Panel Builder ModBus AC500 UserSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

ABB Panel Builder BeMod_BeckHoff Node1 Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB Panel Builder 800. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

CVE-2018-11451

A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module All versions V4.33, Firmware variant PROFINET IO for EN100 Ethernet module All versions, Firmware variant Modbus TCP for EN100 Ethernet module All versions, Firmware variant DNP3 TCP for EN100 Ethernet...

Design/Logic Flaw

A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module All versions V4.33, Firmware variant PROFINET IO for EN100 Ethernet module All versions, Firmware variant Modbus TCP for EN100 Ethernet module All versions, Firmware variant DNP3 TCP for EN100 Ethernet...

CVE-2018-11451

CVE-2018-11451 affects Siemens EN100 Ethernet Module and SIPROTEC 5 relays and is due to improper input validation. A specially crafted packet sent to port 102/tcp can cause a denial-of-service condition, affecting network availability. A manual restart is required to restore EN100 module functio...

CVE-2018-11452

CVE-2018-11452 affects Siemens EN100 Ethernet Module firmware variants (IEC 61850, PROFINET IO, Modbus TCP, DNP3 TCP, IEC104). The root cause is an improper handling of crafted packets to port 102/TCP that can trigger a Denial-of-Service condition when oscillographs are running, compromising avai...