CVE-2022-1068

The CVE-2022-1068 issue affects Modbus Tools Modbus Slave (Version 7.4.2 and earlier). The vulnerability is a stack-based buffer overflow in the registration field, which can cause the application to crash when a long string is entered. Mitigation per multiple sources: Modbus Tools has fixed the ...

Modbus Slave 缓冲区错误漏洞

Modbus Slave is a device simulator for PLCs, primarily for PLC programming. Modbus Slave has a security vulnerability that stems from susceptibility to a stack-based buffer overflow in the registration field. This can cause the program to crash when long strings are used...

Modbus Tools Modbus Slave

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity/public exploits are available Vendor: Modbus Tools Equipment: Modbus Slave Vulnerability : Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the application when inputting a...

CVE-2021-27424

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information...

CVE-2021-27424

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information...

Information disclosure

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information...

CVE-2021-27424 GE UR family exposure of sensitive information to an unauthorized actor

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information...

CVE-2021-27424

GE UR family devices running firmware prior to 8.1x expose a Last-key pressed MODBUS register that can disclose unauthorized information. The issue affects UR firmware versions before 8.1x (web server, MODBUS memory map exposure as part of the communications guide) and is reflected in CVE-2021-27...

CVE-2021-27424 GE UR family exposure of sensitive information to an unauthorized actor

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information...

Vulnerabilities fixed in Schneider Electric Ecostruxure Control Expert

Vulnerabilities have been fixed in the Schneider Electric Ecostruxure Control Expert. The vulnerabilities allow an unauthenticated malicious person able to cause a denial-of-service cause. To exploit these vulnerabilities, a malicious party must be able to intercept specific Modbus data and...

CVE-2022-24323

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product:...

CVE-2022-24322

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software when an attacker is able to intercept and manipulate specific Modbus response data...

CVE-2022-24323

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product:...

CVE-2022-24323

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product:...

CVE-2022-24322

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software when an attacker is able to intercept and manipulate specific Modbus response data...

Design/Logic Flaw

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software when an attacker is able to intercept and manipulate specific Modbus response data...

Design/Logic Flaw

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product:...

CVE-2022-24322

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software when an attacker is able to intercept and manipulate specific Modbus response data...

CVE-2022-24322

CVE-2022-24322 affects Schneider Electric EcoStruxure Control Expert (V15.0 SP1 and prior). The flaw is CWE-119: improper restriction of operations within buffer bounds, enabling disruption of communication between Modicon controllers and engineering software when an attacker intercepts and manip...

Schneider Electric EcoStruxure Control Experta 缓冲区错误漏洞

Schneider Electric EcoStruxure Control Expert formerly Unity Pro is a suite of programming software for Schneider Electric logic controller products from Schneider Electric, France. A security vulnerability exists in Schneider Electric EcoStruxure Control Expert V15.0 SP1 and earlier versions tha...