The vulnerability of the Modbus protocol implementation in microprogrammed software for programmable logic controllers like Modicon Quantum arises from incorrect code generation. This allows attackers to trigger malfunctions during maintenance operations.

The vulnerability of the Modbus protocol implementation in microprogrammed software for programmable logic controllers like Modicon Quantum is related to incorrect code generation. Exploiting this vulnerability could allow an attacker, operating remotely, to cause malfunctions in the system’s...

The vulnerability of the Modbus protocol implementation in microprogrammed software for programmable logic controllers like Modicon Quantum allows a intruder to trigger malfunctions in the equipment or unauthorized changes to its configuration.

The vulnerability of the Modbus protocol implementation in microprogrammed logic controllers like Modicon Quantum is related to errors in privilege management. Exploiting this vulnerability could allow an attacker to cause service failures or unauthorized changes to the PLC’s configuration...

CVE-2021-20592

Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions...

CVE-2021-20592

Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions...

Design/Logic Flaw

Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions...

CVE-2021-20592

Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and GT23 model communication driver versions 01.19.000 through 01.39.010 and GT SoftGOT2000 versions...

CVE-2021-20592

CVE-2021-20592 affects Mitsubishi Electric GOT2000 family: GOT2000 GT27/GT25/GT23 MODBUS/TCP Slave drivers (versions 01.19.000–01.39.010) and GT SoftGOT2000 (versions 1.170C–1.256S). Root cause is missing synchronization in the MODBUS/TCP communication path, allowing a remote unauthenticated atta...

Unspecified Vulnerability in Siemens Interniche IP Stack Low Voltage Devices

The SENTRON 3WA COM190 is an accessory module for 3WA circuit breakers providing connectivity via PROFINET IO and Modbus TCP.The SENTRON 3WL COM35 is an accessory module for 3WL circuit breakers providing connectivity via PROFINET IO and Modbus TCP.The SENTRON 7KM PAC The Switched Ethernet PROFIN...

HCC Embedded InterNiche 安全特征问题漏洞

The SENTRON 3WA COM190 is an accessory module for 3WA circuit breakers providing connectivity via PROFINET IO and Modbus TCP.The SENTRON 3WL COM35 is an accessory module for 3WL circuit breakers providing connectivity via PROFINET IO and Modbus TCP.The SENTRON 7KM PAC The Switched Ethernet PROFIN...

Mitsubishi Electric GOT2000 安全漏洞

The Mitsubishi Electric GOT2000 is a GOT2000 series graphical operator terminal from Mitsubishi Electric Japan. A security vulnerability exists in the Mitsubishi Electric GOT2000 that originates from stopping the product's communication function by quickly and repeatedly connecting and...

Mitsubishi Electric GOT2000 series and GT SoftGOT2000

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: GOT2000 series and GT SoftGOT2000 Vulnerability: Missing Synchronization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service...

CVE-2021-22772

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T200 Modbus SC2-04MOD-07000100 and earlier, Easergy T200 IEC104 SC2-04IEC-07000100 and earlier, and Easergy T200 DNP3 SC2-04DNP-07000102 and earlier that could cause unauthorized operation when authentication ...

Authentication flaw

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T200 Modbus SC2-04MOD-07000100 and earlier, Easergy T200 IEC104 SC2-04IEC-07000100 and earlier, and Easergy T200 DNP3 SC2-04DNP-07000102 and earlier that could cause unauthorized operation when authentication ...

CVE-2021-22772

CVE-2021-22772 affects Schneider Electric Easergy T200 series (Modbus SC2-04MOD-07000100, IEC104 SC2-04IEC-07000100, DNP3 SC2-04DNP-07000102 and earlier). Documented root cause: CWE-306 – Missing Authentication for Critical Function, enabling unauthorized operation when authentication is bypassed...

CVE-2021-22772

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T200 Modbus SC2-04MOD-07000100 and earlier, Easergy T200 IEC104 SC2-04IEC-07000100 and earlier, and Easergy T200 DNP3 SC2-04DNP-07000102 and earlier that could cause unauthorized operation when authentication ...

Schneider Electric Easergy T200产品访问控制错误漏洞

Schneider-electric Schneider Electric Easergy T200 is a remote control terminal for medium/low voltage substations from Schneider-electric, France. An access control error vulnerability exists in several Schneider Electric products due to a lack of valid authorized operation of the product and...

CVE-2021-22779

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, SCADAPack...

CVE-2021-22779

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, SCADAPack...

Design/Logic Flaw

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, SCADAPack...

CVE-2021-22779

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, SCADAPack...