1659 matches found
CVE-2024-41798
A vulnerability has been identified in SENTRON 7KM PAC3200 All versions. Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface could easily bypass this protection by brute-force attacks or by...
CVE-2024-41798
CVE-2024-41798 affects Siemens SENTRON 7KM PAC3200 (all versions). The vulnerability is improper authentication: the Modbus TCP interface is protected only by a 4-digit PIN, which can be bypassed via brute-force or by sniffing cleartext Modbus communications. Impact described as potential exposur...
Siemens SENTRON 7KM PAC3200 授权问题漏洞
The SENTRON PAC Meter is a power measurement device for precise energy management and transparent information acquisition. An authentication error vulnerability exists in the Siemens SENTRON PAC Meter, which can be exploited by an attacker to bypass authentication via brute force attack or by...
PT-2024-7770 · Siemens · Siemens Sentron 7Km Pac3200
Name of the Vulnerable Software and Affected Versions: Siemens SENTRON 7KM PAC3200 All versions Description: A vulnerability has been identified in the Modbus TCP interface of the Siemens SENTRON 7KM PAC3200, where affected devices only provide a 4-digit PIN to protect from administrative access...
Siemens SENTRON PAC3200 Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Schneider Modicon Ladder Logic Upload/Download
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Schneider Modicon Ladder Logic Upload/Download', 'Description' = %q The Schneider Modicon with Unity series of PLCs use Modbus function code 90...
Schneider Modicon Remote START/STOP Command
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Schneider Modicon Remote START/STOP Command', 'Description' = %q The Schneider Modicon with Unity series of PLCs use Modbus function code 90 0x5a...
CVE-2024-7567
A denial-of-service vulnerability exists via the CIP/Modbus port in the Rockwell Automation Micro850/870 2080 -L50E/2080 -L70E. If exploited, the CIP/Modbus communication may be disrupted for short duration...
CVE-2024-7567 Rockwell Automation Micro850/870 Vulnerable to denial-of-service Vulnerability via CIP/Modbus Port
A denial-of-service vulnerability exists via the CIP/Modbus port in the Rockwell Automation Micro850/870 2080 -L50E/2080 -L70E. If exploited, the CIP/Modbus communication may be disrupted for short duration...
CVE-2024-7567 Rockwell Automation Micro850/870 Vulnerable to denial-of-service Vulnerability via CIP/Modbus Port
A denial-of-service vulnerability exists via the CIP/Modbus port in the Rockwell Automation Micro850/870 2080 -L50E/2080 -L70E. If exploited, the CIP/Modbus communication may be disrupted for short duration...
Rockwell Automation Micro850/870
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : Micro850/870 Vulnerability : Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability may cause CIP/Modbus...
PT-2024-8939 · Rockwell Automation · Micro850/870
Name of the Vulnerable Software and Affected Versions: Rockwell Automation Micro850/870 versions 2080 -L50E/2080 -L70E Description: A denial-of-service issue exists due to uncontrolled resource consumption via the CIP/Modbus port. If exploited, this could disrupt CIP/Modbus communication for a...
New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure
Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems ICS-focused malware that has been used in a disruptive cyber attack targeting an energy company in the Ukrainian city of Lviv earlier this January. Industrial cybersecurity firm Dragos has dubbed the...
DEBIAN-CVE-2024-38534
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue...
CVE-2024-38534
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue...
UBUNTU-CVE-2024-38534
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue...
CVE-2024-38534
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue...
CVE-2024-38534 Suricata modbus: txs without responses are never freed
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue...
CVE-2024-38534 Suricata modbus: txs without responses are never freed
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue...
CVE-2024-38534
CVE-2024-38534 affects Suricata (network IDS/IPS/NSM). Crafted Modbus traffic can cause unlimited resource accumulation within a single flow, impacting availability. The documented remediation is to upgrade Suricata to version 7.0.6 or later and to set a limited stream.reassembly.depth to reduce ...