1659 matches found
CVE-2026-29972
Affected software: nanoMODBUS library (v1.22.0 and earlier as described). Vulnerability: a stack-based buffer overflow in recv_read_registers_res() within nanomodbus.c when performing nmbs_read_holding_registers() or nmbs_read_input_registers(). The code writes register data from the server respo...
CVE-2025-13605
3onedata modbus gateway device model GW1101-1DRS-485-TB-P hardware version V2.2.0 allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware...
CVE-2025-13605
The CVE-2025-13605 vulnerability affects the 3onedata GW1101-1D(RS-485)-TB-P Modbus gateway (hardware version V2.2.0). An authenticated user can execute arbitrary shell commands with root privileges by supplying a payload in the IP address field of the diagnosis test tools. This issue has a CVSSv...
CVE-2025-13605 Shell command injection in 3onedata GW1101-1D(RS-485)-TB-P modbus gateway
3onedata modbus gateway device model GW1101-1DRS-485-TB-P hardware version V2.2.0 allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware...
PT-2026-36808
Name of the Vulnerable Software and Affected Versions 3onedata modbus gateway device model GW1101-1DRS-485-TB-P hardware version V2.2.0 versions prior to 3.0.59B2024080600R4353 Description Authenticated users can execute arbitrary shell commands with root privileges. This is possible by providing...
Astra Linux – Vulnerability in libmodbus
An invalid pointer in the modbusreceive function of libmodbus v3.1.6 allows attackers to cause a Denial of Service DoS by sending a crafted message to the unit-test-server...
Wireshark 2.4.x < 2.4.1 Multiple Vulnerabilities (macOS)
The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.4.1. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.4.1 advisory. - In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite...
Advantech ADAM-6000 Use of Default Password (CVE-2008-5848)
The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remote attackers to obtain access through an HTTP session, and 1 monitor or 2 control the module's Modbus/TCP I/O activity. This plugin only works with Tenable.ot. Please visit...
Large Language Models As Explainable Cyberattack Detectors for Energy Industrial Control Systems
In modern energy systems, industrial control systems ICS and power-system SCADA require intrusion detection that is not only accurate but also auditable by operators. The ICS intrusion-detection landscape is currently dominated by established supervised detectors. In this paper, we study whether ...
[SECURITY] Fedora 44 Update: qt6-qtserialbus-6.10.3-1.fc44
Qt Serial Bus API provides classes and functions to access the various industrial serial buses and protocols, such as CAN, ModBus, and others...
CVE-2026-4436
A low-privileged remote attacker can send Modbus packets to manipulate register values that are inputs to the odorant injection logic such that too much or too little odorant is injected into a gas line...
EUVD-2026-21066
A low-privileged remote attacker can send Modbus packets to manipulate register values that are inputs to the odorant injection logic such that too much or too little odorant is injected into a gas line...
CVE-2026-4436
A low-privileged remote attacker can send Modbus packets to manipulate register values that are inputs to the odorant injection logic such that too much or too little odorant is injected into a gas line...
CVE-2026-4436
CVE-2026-4436 affects GPL Odorizers GPL750 (odorizer devices). A low-privileged remote attacker can send Modbus packets to manipulate registers that feed the odorant injection logic, potentially causing over- or under-injection of odorant into a gas line. Several sources (NVD/NIST, Red Hat, ENISA...
CVE-2026-4436 GPL Odorizers GPL750 Missing Authentication for Critical Function
A low-privileged remote attacker can send Modbus packets to manipulate register values that are inputs to the odorant injection logic such that too much or too little odorant is injected into a gas line...
CVE-2026-4436
A low-privileged remote attacker can send Modbus packets to manipulate register values that are inputs to the odorant injection logic such that too much or too little odorant is injected into a gas line...
CVE-2026-4436 GPL Odorizers GPL750 Missing Authentication for Critical Function
A low-privileged remote attacker can send Modbus packets to manipulate register values that are inputs to the odorant injection logic such that too much or too little odorant is injected into a gas line...
PT-2026-31719
Name of the Vulnerable Software and Affected Versions versions not specified Description A remote attacker with low privileges can manipulate Modbus register values used in odorant injection logic, potentially causing over or under-injection of odorant into a gas line. Attackers have exploited th...
GPL Odorizers GPL 访问控制错误漏洞
GPL Odorizers GPL is a series of gas odorization devices and gas processing control systems developed by the American company GPL. GPL Odorizers GPL has a access control vulnerability; this vulnerability allows low-privilege remote attackers to send Modbus data packets to manipulate register...
CVE-2025-41709
CVE-2025-41709 describes an unauthenticated command injection using Modbus-TCP/Modbus-RTU that grants read/write access on the affected device. Multiple sources (NVD, Red Hat, CVE listing, and vulnerability feeds) concur that the issue is remotely exploitable over network with a high severity (CV...