processcontrolformacion.com Improper Access Control vulnerability OBB-3808474

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Softing OPC Security Vulnerability

Softing OPC is an OPC OLE for Process Control solution from Softing Germany. A security vulnerability exists in Softing OPC Suite version 5.25 and prior versions, which stems from incorrect access control. An attacker could exploit the vulnerability to obtain sensitive information via weak...

Hitachi Energy Relion 670/650/SAM600-IO Series (Update C)

SUMMARY Hitachi Energy is aware of the vulnerability CVE-2023-4518 that affects the Relion 670/650/SAM600-IO series that are listed below. An attacker successfully exploiting this vulnerability could cause operational disruptions of the devices. For immediate mitigation/workaround information,...

VulnCheck KEV: CVE-2022-23748

Dante Discovery contains a process control vulnerability in mDNSResponder.exe that all allows for a DLL sideloading attack. A local attacker can leverage this vulnerability in the Dante Application Library to execute arbitrary code...

CVE-2023-4487 GE Digital CIMPLICITY Process Control

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software...

CVE-2023-4487

CVE-2023-4487 affects GE Digital CIMPLICITY 2023. A process-control vulnerability could allow a local attacker to insert malicious configuration files into the web server execution path, escalating privileges and gaining full control of the HMI software. Affected product: CIMPLICITY 2023. Impact:...

CVE-2023-4487 GE Digital CIMPLICITY Process Control

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software...

GE Digital CIMPLICITY

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: GE Digital ​Equipment: CIMPLICITY ​Vulnerability: Process Control 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow a low-privileged local attacker to escalate privileges to SYSTEM. 3...

Hitachi Energy RTU500 series

1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Hitachi Energy ​Equipment: RTU500 series ​Vulnerabilities: Stack-based Buffer Overflow 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could cause a buffer overflow and reboot of...

The vulnerability of the Portmapper service in B&R Automation Runtime software for process control and management systems, related to initialization errors, allows a malicious actor to trigger a service failure.

The vulnerability of the Portmapper service in B&R Automation Runtime software for process control and management involves initialization errors. Exploiting this vulnerability can allow a malicious actor to trigger a service failure by sending SYN requests...

The vulnerability of the application software interface for process control and automation system monitoring software from Rockwell Automation’s Enhanced HIM allows a attacker to perform a CSRF attack.

The vulnerability of the application software interface for process control and automation system monitoring software from Rockwell Automation, Enhanced HIM, is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack...

CVE-2023-30562

A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs...

The vulnerabilities of Siemens SIMATIC PCS 7, SIMATIC S7-PM, and SIMATIC STEP 7 operating systems allow attackers to gain increased privileges.

The vulnerability of Siemens SIMATIC PCS 7, SIMATIC S7-PM, and SIMATIC STEP 7 process control systems is related to incorrect code generation. Exploiting this vulnerability can allow attackers to enhance their privileges remotely...

CVE-2023-25910

A vulnerability has been identified in SIMATIC PCS 7 All versions V9.1 SP2 UC04, SIMATIC S7-PM All versions V5.7 SP1 HF1, SIMATIC S7-PM All versions V5.7 SP2 HF1, SIMATIC STEP 7 V5 All versions V5.7. The affected product contains a database management system that could allow remote users with low...

WEM Memory usage limit doesn't work as expected on Windows 2022 Server

When the WEM agent runs on Windows Server 2022, the memory usage limit applied to specific processes might not work as expected...

SUSE CVE-2014-3576

The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service shutdown via a shutdown command...

AZL-26368 CVE-2023-1998 affecting package kernel for versions less than 5.15.111.1-1

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to...

Hitachi Energy Gateway Station

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Gateway Station GWS Vulnerabilities: NULL Pointer Dereference, Infinite Loop 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause affected modules to...

SUSE CVE-2011-0753

Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service memory corruption via a large number of concurrent signals...

SUSE CVE-2019-6444

An issue was discovered in NTPsec before 1.1.3. processcontrol in ntpcontrol.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl in ntpd...