B&R Industrial Automation B&R APROL 跨站脚本漏洞

B&R Industrial Automation B&R APROL is a process control system from B&R Industrial Automation, Austria. A cross-site scripting vulnerability exists in B&R Industrial Automation B&R APROL versions prior to 4.4-00P5, which stems from improper input neutralization in the APROL Web Portal, and could...

B&R Industrial Automation B&R APROL 代码问题漏洞

B&R Industrial Automation B&R APROL is a process control system from B&R Industrial Automation of Austria. A code issue vulnerability exists in B&R Industrial Automation B&R APROL versions prior to 4.4-00P5, which stems from a server-side request forgery in the APROL Web Portal that could allow a...

Hitachi Energy PCU400

SUMMARY Hitachi Energy is aware of the multiple vulnerabilities related to various versions of OpenSSL library components used in PCU400 versions listed in this document below for IEC62351-3 secure for IEC104/DNP3 or PCULogger tool. These vulnerabilities if exploited, can cause confidentiality...

Hitachi Energy Service Suite

SUMMARY Hitachi Energy is aware of the multiple vulnerabilities related to open-source Apache Tomcat components that affect the Service Suite product versions listed in this document. An attacker successfully exploiting these vulnerabilities can cause confidentiality, integrity and availability...

Dante Discovery Process Control Vulnerability

Dante Discovery contains a process control vulnerability in mDNSResponder.exe that all allows for a DLL sideloading attack. A local attacker can leverage this vulnerability in the Dante Application Library to execute arbitrary code...

CVE-2024-6422

An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data...

Security update for pcp

This update for pcp fixes the following issues: Upgrade to 6.2.0 bsc1217826 / PED8192: CVE-2024-45770: Fixed symlink race bsc1230552. CVE-2024-45769: Fixed pmstore corruption bsc1230551 CVE-2023-6917: Fixed local privilege escalation from pcp user to root bsc1217826. Bug fixes: Reintroduce libuv...

Schneider Modicon Remote START/STOP Command

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Schneider Modicon Remote START/STOP Command', 'Description' = %q The Schneider Modicon with Unity series of PLCs use Modbus function code 90 0x5a...

B&R APROL 安全漏洞

B&R Industrial Automation B&R APROL is a process control system from B&R Industrial Automation, Austria. A security vulnerability exists in B&R APROL that stems from the presence of an untrusted search path vulnerability that allows an authenticated, local attacker to execute arbitrary code with...

Hitachi Energy MicroSCADA Pro/X SYS600 (Update A)

SUMMARY Hitachi Energy is aware of the multiple vulnerabilities that affect the MicroSCADA Pro/X SYS600 product versions listed in this document. An attacker successfully exploiting these vulnerabilities can cause confidentiality, integrity and availability impacts. Please refer to the...

PT-2024-6590 · Rockwell Automation · Compactlogix +2

Name of the Vulnerable Software and Affected Versions: Rockwell Automation CompactLogix versions affected versions not specified Rockwell Automation ControlLogix versions affected versions not specified Rockwell Automation GuardLogix versions affected versions not specified Description: A...

Hitachi Energy UNEM

SUMMARY Hitachi Energy is aware of multiple internal reported vulnerabilities that affects the UNEM versions listed below. Please refer to the “Recommended Immediate Actions” for information about the remediation. 2. GENERAL MITIGATION FACTORS/WORKAROUNDS Recommended security practices and...

ROS-20240527-04

A vulnerability in the Git distributed version control system exists due to a process control issue. Exploitation of the vulnerability could allow an attacker to execute arbitrary code when cloning specially crafted local repositories A vulnerability in the Git distributed version control system ...

Hitachi Energy's RTU500 series Unrestricted Upload of File with Dangerous Type (CVE-2024-1532)

A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could enforce diagnostic texts being displayed as empty strings, if an authorized user uploads a specially crafted stb-language file. This plugin only works wit...

Siemens SIMATIC WinCC Denial of Service Vulnerability (CNVD-2024-17302)

SIMATIC PCS 7 is a process control system.SIMATIC WinCC is an automated data acquisition and monitoring SCADA system.SIMATIC WinCC Runtime Professional is used for operator visualization of the runtime platform for the control and monitoring of machines and equipment. A denial of service...

Hitachi Energy MACH SCM (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.9 ATTENTION : Exploitable remotely Vendor : Hitachi Energy Equipment : MACH SCM Vulnerabilities : Improper Control of Generation of Code, Improper Neutralization of Directives in Dynamically Evaluated Code 2. RISK EVALUATION Successful exploitation of...

processcontrolformacion.com Improper Access Control vulnerability OBB-3808474

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Softing OPC Security Vulnerability

Softing OPC is an OPC OLE for Process Control solution from Softing Germany. A security vulnerability exists in Softing OPC Suite version 5.25 and prior versions, which stems from incorrect access control. An attacker could exploit the vulnerability to obtain sensitive information via weak...

Hitachi Energy Relion 670/650/SAM600-IO Series (Update C)

SUMMARY Hitachi Energy is aware of the vulnerability CVE-2023-4518 that affects the Relion 670/650/SAM600-IO series that are listed below. An attacker successfully exploiting this vulnerability could cause operational disruptions of the devices. For immediate mitigation/workaround information,...

VulnCheck KEV: CVE-2022-23748

Dante Discovery contains a process control vulnerability in mDNSResponder.exe that all allows for a DLL sideloading attack. A local attacker can leverage this vulnerability in the Dante Application Library to execute arbitrary code...