190 matches found
CVE-2023-6943
Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1GOT1000 versions 1.325P and prior, GT Designer3 Version1GOT2000 versions 1.320J and prior, GX Works2 versions 1.11M...
Code injection
Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1GOT1000 all versions, GT Designer3 Version1GOT2000 all versions, GX Works2 version...
Authentication flaw
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1GOT1000 all versions, GT Designer3 Version1GOT2000 all versions, GX Works2 versions 1.11M and later, GX Works3 all...
CVE-2023-6943
Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1GOT1000 versions 1.325P and prior, GT Designer3 Version1GOT2000 versions 1.320J and prior, GX Works2 versions 1.11M...
CVE-2023-6942
CVE-2023-6942 is a Missing Authentication for Critical Function vulnerability affecting Mitsubishi Electric FA Engineering Software Products, including EZSocket (3.0–5.92), FR Configurator2, GT Designer3 (GOT1000 1.x up to 1.325P, GOT2000 1.x up to 1.320J), GX Works2 (1.11M+), GX Works3, MELSOFT ...
Mitsubishi Electric FA Engineering Software Products (Update D)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : EZSocket, FR Configurator2, GT Designer3 Version1GOT1000, GT Designer3 Version1GOT2000, GX Works2, GX Works3, MELSOFT Navigator, MT Works2, MX Component, MX...
PT-2024-1480 · Mitsubishi · Gx Works3 +8
Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric EZSocket versions 3.0 to 5.92 Mitsubishi Electric GT Designer3 Version1GOT1000 versions 1.325P and prior Mitsubishi Electric GT Designer3 Version1GOT2000 versions 1.320J and prior Mitsubishi Electric GX Works2 versions 1.1...
PT-2024-1401 · Mitsubishi · Mx +8
Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92 GT Designer3 Version1GOT1000 versions 1.325P and prior GT Designer3 Version1GOT2000 versions 1.320J and prior GX Works2 versions 1.11M and later GX Works3 versions 1.106L and prior...
CVE-2023-2685
A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started...
CVE-2023-2685
A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started...
Design/Logic Flaw
A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started...
CVE-2023-2685
CVE-2023-2685 affects AO-OPC server prior to version 3.2.1. The vulnerability stems from an unquoted directory path for the service entry, which could allow an attacker to start another application via the AO-OPC service, potentially running with system privileges. Exploitation is considered loca...
PT-2023-4120 · Unknown · Ao-Opc Server
Name of the Vulnerable Software and Affected Versions: AO-OPC server versions prior to 3.2.1 Description: A vulnerability was found in the AO-OPC server where the directory information for the service entry is not enclosed in quotation marks. This could allow potential attackers to call up anothe...
ABB Central Licensing System Uncontrolled Resource Consumption (CVE-2020-8475)
For the Central Licensing Server component used in ABB products ABB Ability System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to...
ABB Central Licensing System Permissions, Privileges, and Access Controls (CVE-2020-8476)
For the Central Licensing Server component used in ABB products ABB Ability System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to...
ABB Central Licensing System Improper Restriction of XML External Entity Reference (CVE-2020-8479)
For the Central Licensing Server component used in ABB products ABB Ability System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to...
ABB OPC Server for Incorrect Permission Assignment for Critical Resource (CVE-2021-22284)
Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M allows an attacker to execute arbitrary code in the node running the AC800M OPC Server. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
ABB Central Licensing System Improper Access Control (CVE-2020-8471)
For the Central Licensing Server component used in ABB products ABB Ability System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to...
ABB Central Licensing System Exposure of Sensitive Information to an Unauthorized Actor (CVE-2020-8481)
For ABB products ABB Ability System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody...
Hitachi Energy MicroSCADA Pro X SYS600
1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MicroSCADA Pro/X SYS600 Vulnerability: Improper Input Validation, Improper Privilege Management, Improper Access Control, Improper Handling of Unexpected Data Type. 2. RISK...