243 matches found
Siemens SIMATIC S7 PLC Web Server
SUMMARY SIMATIC S7 PLCs contain multiple vulnerabilities in the web server that could allow an attacker to perform cross-site scripting attacks. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix...
CVE-2026-25293
Buffer overflow due to incorrect authorization in PLC FW...
CVE-2026-25293 Incorrect authorization in PLC FW
Buffer overflow due to incorrect authorization in PLC FW...
CVE-2026-25293
Buffer overflow due to incorrect authorization in PLC FW...
EUVD-2026-26992
Buffer overflow due to incorrect authorization in PLC FW...
CVE-2026-25293
CVE-2026-25293 : A buffer overflow due to incorrect authorization is reported in PLC FW. Affected component is the PLC firmware; the root cause is improper authorization checks leading to memory corruption. The CVSS 3.1 vector indicates adjacent access, no privileges required, no user interaction...
CVE-2026-6284
An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible...
EUVD-2026-23442
An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible...
CVE-2026-6284
An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible...
CVE-2026-6284
An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible...
EUVD-2024-17238
An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on t...
CVE-2024-1490
An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on t...
Contemporary Controls BASC 20T
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to enumerate the functionality of each component associated with the PLC, reconfigure, rename, delete, perform file transfers, and make remote procedure calls. 2. RECOMMENDED PRACTICES CISA recommends users...
CVE-2025-40943
Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious trace file is insufficiently sanitiz...
CVE-2026-24060
Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...
Mitsubishi Electric MELSEC iQ-F series 安全漏洞
The Mitsubishi Electric MELSEC iQ-F series is a programmable logic controller developed by Mitsubishi Electric, a Japanese company. The MELSEC iQ-F series contains security vulnerabilities, which stem from improper resource closure or release procedures. This could allow remote attackers to cause...
CVE-2026-24790
The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication...
CVE-2026-24790
The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication...
CVE-2026-24790
Technical details about CVE-2026-24790 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-24790 Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller Missing Authentication for Critical Function
The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication...