The vulnerability of Siemens Sinumerik programmable logic controllers lies in the improper assignment of permissions for the scripts executed by the system. This allows attackers to increase their privileges.

The vulnerability of Siemens Sinumerik programmable logic controllers is related to the incorrect assignment of permissions for the system’s scripts. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the web server of the microprogramming software for programmable logic controllers SIMATICS7-1500 and S7-1200 CPU family allows a hacker to redirect users to any desired URL address.

The vulnerability of the web server of the microprogramming software for programmable logic controllers SIMATICS7-1500 and S7-1200 CPUs is related to the redirection of URLs to unreliable websites. Exploiting this vulnerability allows an attacker to remotely redirect users to arbitrary URL...

The vulnerability of the CIP Message Handler component in Rockwell Automation’s programmable logic controllers ControlLogix 5580, CompactLogix 5380, Compact GuardLogix 5380 SIL 2, Compact GuardLogix 5380 SIL 3, CompactLogix 5480, FactoryTalk Logix Echo allows a intruder to trigger a service failure.

The vulnerability of the CIP Message Handler component in Rockwell Automation’s programmable logic controllers ControlLogix 5580, CompactLogix 5380, Compact GuardLogix 5380 SIL 2, Compact GuardLogix 5380 SIL 3, CompactLogix 5480, and FactoryTalk Logix Echo is related to errors in processing input...

The vulnerability of microprogrammed software in programmable logic controllers such as ControlLogix 5580, GuardLogix 5580, CompactLogix 5380, CompactLogix 5480, CompactGuardLogix 5380, and 1756-EN4TR lies in insufficient validation of input data. This allows a malicious actor to trigger malfunctions during maintenance operations.

The vulnerability of microprogrammed software in programmable logic controllers such as ControlLogix 5580, GuardLogix 5580, CompactLogix 5380, CompactLogix 5480, Compact GuardLogix 5380, and 1756-EN4TR is related to insufficient validation of input data. Exploiting this vulnerability can allow an...

Siemens S7-200 SMART series uses unsafe random value vulnerability

The S7-200 SMART series is a series of miniature programmable logic controllers that control a variety of small automation applications. A use of insecure random values vulnerability exists in the Siemens S7-200 SMART series, which can be exploited by an attacker to create a denial of service...

Siemens SIMATIC S7-200 SMART Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

The vulnerability of the application software interface of the microprogramming system for programmable logic controllers AutomationDirect P3-550E allows a intruder to trigger a service failure.

The vulnerability of the application software interface for Microprogramming Systems, AutomationDirect P3-550E, is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the application software interface of the microprogramming system for programmable logic controllers AutomationDirect P3-550E allows a intruder to trigger a service failure.

The vulnerability of the application software interface for Microprogramming Systems, AutomationDirect P3-550E, is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the CurrDir component in the microprogramming software for programmable logic controllers AutomationDirect P3-550E allows a intruder to trigger a service failure.

The vulnerability of the CurrDir component in the AutomationDirect P3-550E programmable logic controllers is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure remotely...

Siemens SCALANCE W700产品系列安全漏洞

Siemens SCALANCE is a series of Ethernet switches from Siemens, Germany. It connects to industrial control system ICS devices, including programmable logic controllers PLCs and human machine interface HMI systems. A security vulnerability exists in the Siemens SCALANCE W700 product family that...

Siemens SCALANCE W700产品系列安全漏洞

Siemens SCALANCE is a series of Ethernet switches from Siemens, Germany. It connects to Industrial Control System ICS devices, including Programmable Logic Controllers PLCs and Human Machine Interface HMI systems. A security vulnerability exists in the Siemens SCALANCE W700 product family, which...

The vulnerability of the microprogramming software for UniLogic Studio series UniStream’s programmable logic controllers arises from incorrect restrictions on the path name to the restricted-access directory. This allows attackers to execute arbitrary code.

The vulnerability of the microprogramming software for UniLogic Studio programmable logic controllers of the UniStream series is related to an incorrect limitation on the path name of the restricted access directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary...

The vulnerability of the microprogramming software for UniLogic Studio programmable logic controllers of the UniStream series, related to deficiencies in authentication procedures, allows attackers to circumvent security restrictions.

The vulnerability of the microprogramming software for UniLogic Studio series UniStream is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow an attacker to circumvent security restrictions remotely...

Unitronics Unistream Unilogic Data Forgery Issue Vulnerability

Unitronics Unistream Unilogic is an integrated controller software platform from Unitronics for developing and programming the Unistream family of programmable logic controllers PLCs. A security vulnerability exists in Unitronics Unistream Unilogic versions prior to 1.35.227, which stems from the...

The vulnerability of the programming software for PLCs (programmable logic controllers), namely the Saia PG5 Controls Suite, arises from incorrect restrictions on XML links to external objects. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the programming software for PLCs programmable logic controllers, Saia PG5 Controls Suite, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

The vulnerability of the programming software for PLCs (programmable logic controllers), namely the Saia PG5 Controls Suite, arises from incorrect restrictions on XML links to external objects. This allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the programming software for PLCs programmable logic controllers, Saia PG5 Controls Suite, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

The vulnerability of microprogrammed software in programmable logic controllers and human-machine interfaces of the Unitronics Vision Series allows a perpetrator to gain administrative access to the device.

The vulnerability of microprogrammed software in programmable logic controllers and human-machine interfaces of the Unitronics Vision Series is related to the use of rigidly encoded credentials. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain administrative...

The vulnerability of the monitoring software for PLCCs from Fuji Electric, Tellus Lite V-Simulator, arises from writing beyond the buffer boundaries, allowing a intruder to execute arbitrary code.

The vulnerability of the monitoring software for PLCCs from Fuji Electric, Tellus Lite V-Simulator, lies in the fact that it allows data to be written beyond the buffer boundaries. Exploiting this vulnerability could enable a hacker to execute arbitrary code...

The vulnerability of microprogrammed software in STARDOM FCN/FCJ programmable logic controllers, related to uncontrolled resource consumption, allows a intruder to trigger a service failure.

The vulnerability of the microprogrammed software in STARDOM FCN/FCJ programmable logic controllers is related to uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...

VulnCheck KEV: CVE-2023-6448

Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands...