CVE-2020-12042

Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access...

CVE-2020-12046

Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s firmware files’ signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files...

CVE-2020-10620

Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely...

CVE-2020-10616

Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts...

Opto 22 groov View Server 安全漏洞

Opto 22 groov View Server is an industrial automation remote monitoring software from Opto 22, USA. A security vulnerability exists in Opto 22 groov View Server that originates from the users endpoint returning all users and their API keys, which could lead to information disclosure...

Opto 22 GRV-EPIC and groov RIO

RISK EVALUATION Successful exploitation of this vulnerability could result in the execution of arbitrary shell commands with root privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...

Opto 22 groov RIO 操作系统命令注入漏洞

The Opto 22 groov RIO is an industrial remote I/O module from Opto 22 USA. An operating system command injection vulnerability exists in the Opto 22 groov RIO that stems from the unsafe use of header value build commands, which could lead to remote code execution...

EUVD-2020-4358

Malware in sbrugna...

EUVD-2015-1151

Malware in sbrugna...

EUVD-2020-3064

Malware in sbrugna...

EUVD-2020-4362

Malware in sbrugna...

EUVD-2018-6691

Malware in sbrugna...

EUVD-2020-3060

Malware in sbrugna...

EUVD-2015-1150

Malware in sbrugna...

CVE-2023-40709 Uncontrolled Resource Consumption in OPTO 22 SNAP PAC S1 Built-In Web Server

An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b...

CVE-2023-40709 Uncontrolled Resource Consumption in OPTO 22 SNAP PAC S1 Built-In Web Server

An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b...

CVE-2023-40707 Weak password requirements in OPTO 22 SNAP PAC S1 Built-in Web Server

There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don't set up complex credentials...

CVE-2023-40707 Weak password requirements in OPTO 22 SNAP PAC S1 Built-in Web Server

There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don't set up complex credentials...

CVE-2023-40706 Improper Restriction of Excessive Authentication Attempts in OPTO 22 SNAP PAC S1 Built-in Web Server

There is no limit on the number of login attempts in the web server for the SNAP PAC S1 Firmware version R10.3b. This could allow for a brute-force attack on the built-in web server login...

OPTO 22 SNAP PAC S1 安全漏洞

The OPTO 22 SNAP PAC S1 is a controller from OPTO 22 USA. A security vulnerability exists in the OPTO 22 SNAP PAC S1 R10.3b firmware version that stems from an improperly restricted built-in web server authentication attempt that does not mandate a complex password, which could lead to brute forc...