CVE-2017-13764

In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation...

KLA11096 Denial of service vulnerability in Wireshark

An unspecified vulnerability was found in Modbus dissector in Wireshark. By exploiting this vulnerability malicious users can cause a denial of service. This vulnerability can be exploited remotely via a specially designed packet, which is injected onto the wire, or by convincing a user to read a...

Siemens SIPROTEC 4 and SIPROTEC Compact (Update C)

CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication UPDATE INFORMATION This updated advisory is a follow-up to the updated...

CVE-2017-7905

A Weak Cryptography for Passwords issue was discovered in General Electric GE Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Versio...

Command injection

A Weak Cryptography for Passwords issue was discovered in General Electric GE Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Versio...

CVE-2017-7905

A Weak Cryptography for Passwords issue was discovered in General Electric GE Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Versio...

Design/Logic Flaw

A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks...

Authentication flaw

An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download...

CVE-2017-6032

A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks...

CVE-2017-6034

An authentication bypass by capture-replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download...

CVE-2017-7905

A Weak Cryptography for Passwords issue was discovered in General Electric GE Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Versio...

CVE-2017-6034

CVE-2017-6034 affects Schneider Electric Modicon Modbus Protocol. The vulnerability is an Authentication Bypass by Capture-Replay, enabling an attacker to replay sensitive Modbus commands (run/stop/upload/download) with cleartext traffic and network access. The issue is associated with the Modico...

CVE-2017-6032

CVE-2017-6032 concerns Schneider Electric Modicon Modbus Protocol: a session-related weakness in Modbus that may allow brute-force-style access. Affected component: Modbus protocol in Schneider Electric Modicon PLCs; impact described as potential exposure of control commands with low to moderate ...

CVE-2017-6034 Schneider Electric Modicon Modbus Protocol Authentication Bypass by Capture-replay

An authentication bypass by capture-replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download...

CVE-2017-6034 Schneider Electric Modicon Modbus Protocol Authentication Bypass by Capture-replay

An authentication bypass by capture-replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download...

CVE-2017-6032

A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks...

VulnCheck KEV: CVE-2015-5374

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant...

Advantech MESR901 Detection

Detection of Advantech MESR901 Industrial Modbus Copper Ethernet to Serial Gateway. The script sends a connection request to the server and attempts to detect Advantech MESR901 Modbus Gateway devices and to extract its firmware version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text...

Advantech B + B SmartWorx MESR901 Authentication Bypass Vulnerability

Advantech B + B SmartWorx MESR901 is a Modbus gateway. An authentication bypass vulnerability exists in Advantech B + B SmartWorx MESR901. An attacker can exploit the vulnerability to carry out authentication mechanisms and perform unauthorized operations, leading to further attacks...

Advantech B+B SmartWorx MESR901

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Advantech B+B SmartWorx Equipment: MESR901 Vulnerability: Use of Client-Side Authentication AFFECTED PRODUCTS The following versions of MESR901, a Modbus gateway, are affected: MESR901 firmware versions 1.5.2 and prio...