1659 matches found
CVE-2025-41709 Command injection in power analyzer via Modbus-TCP and Modbus-RTU
An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device...
CVE-2025-41709 Command injection in power analyzer via Modbus-TCP and Modbus-RTU
An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device...
CVE-2025-41709
An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device...
Janitza UMG 96RM-E 24V和Janitza UMG 96RM-E 230V 操作系统命令注入漏洞
Both Janitza UMG 96RM-E 24V and Janitza UMG 96RM-E 230V are multi-functional power quality analyzers produced by the German company Janitza. Both models have vulnerabilities related to operating system command injection. These vulnerabilities arise from defects in the power analyzer’s processing ...
CVE-2026-25105
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...
EUVD-2026-8977
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...
CVE-2026-25105
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...
CVE-2026-25105
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...
CVE-2026-25105
XWEB Pro is affected by an OS command injection vulnerability (CVE-2026-25105) in versions prior to 1.12.1. The flaw allows an authenticated attacker to achieve remote code execution by injecting malicious input into the Modbus command tool parameters in the debug route. Multiple sources (Red Hat...
CVE-2026-25105
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...
CVE-2026-25105 Copeland XWEB and XWEB Pro OS Command Injection
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...
CVE-2026-25105 Copeland XWEB and XWEB Pro OS Command Injection
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...
PT-2026-22276
Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description A flaw exists that allows a logged-in attacker to execute code remotely on a system. This is achieved by injecting malicious input into parameters of the Modbus command tool within a debug route. T...
Copeland多款产品 操作系统命令注入漏洞
The Copeland XWEB 500D PRO and Copeland XWEB 500B PRO are advanced commercial and industrial refrigeration monitoring and management systems from the American company Copeland. Several products of Copeland have vulnerabilities related to operating system command injection. This vulnerability stem...
ICSSPulse: A Modular LLM-Assisted Platform for Industrial Control System Penetration Testing
It is well established that industrial control systems comprise the operational backbone of modern critical infrastructures, yet their increasing connectivity exposes them to cyber threats that are difficult to study and remedy safely under real-time operational conditions. In this paper, we...
“Good enough” emulation: Fuzzing a single thread to uncover vulnerabilities
A Cisco Talos researcher worked around the limitations of hardware-level Code Read-out Protection RDP on the Socomec DIRIS M-70 gateway by pivoting from physical debugging to a "good enough" emulation approach. By focusing on emulating only the single thread responsible for Modbus protocol handli...
CVE-2022-50979
An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus RS485...
CVE-2022-50978
An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus TCP...
CVE-2022-50979
An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus RS485...
CVE-2022-50978
An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus TCP...