Siemens SIMATIC S7-1500 系列产品输入验证错误漏洞

SIMATIC Drive Controller family products are machines designed for production automation, combining the functionality of the SIMATIC S7-1500 CPU and the SINAMICS S120 drive control.SIMATIC S7-1200 CPU family products are designed for discrete and continuous control in industrial environments such...

Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 Reusing a Nonce, Key Pair in Encryption (CVE-2017-7902)

A Reusing a Nonce, Key Pair in Encryption issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A an...

Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 Improper Restriction of Excessive Authentication Attempts (CVE-2017-7898)

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions;...

Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 Exposure of Sensitive Information to an Unauthorized Actor (CVE-2017-7899)

An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00...

The vulnerability of the module of central processors in programmable logic controllers such as MELIPC, MELSEC iQ-R, MELSEC Q, and MELSEC L allows a intruder to trigger a service failure.

The vulnerability of the microcontroller modules in programmable logic controllers such as MELIPC, MELSEC iQ-R, MELSEC Q, and MELSEC L is related to errors in processing input data length parameters. Exploiting this vulnerability can allow an attacker, operating remotely, to cause malfunctions...

The vulnerability of programmable logic controllers MELSEC iQ-R, MELSEC Q, and MELSEC L, related to uncontrolled resource consumption, allows a intruder to cause malfunctions during maintenance operations.

The vulnerability of the programmable logic controllers MELSEC iQ-R, MELSEC Q, and MELSEC L is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause malfunctions in the service provided by the controller, using...

The vulnerability of the microprogrammed logic controller ioLogik’s software, related to deficiencies in the authentication process, allows attackers to escalate their privileges within the system.

The vulnerability of microprogrammed software in programmable logic controllers like ioLogik is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow unauthorized individuals to enhance their privileges within the system through specially crafted requests...

The vulnerability of microprogrammed software in programmable logic controllers like ioLogik, related to deficiencies in access control, allows a intruder to gain access to the device.

The vulnerability of microprogrammed software in programmable logic controllers like ioLogik is related to deficiencies in access control. Exploiting this vulnerability can allow an intruder to gain access to the device...

The vulnerability of the programming software for PLCs (programmable logic controllers), EcoStruxure Control Expert, allows a intruder to bypass the authentication process.

The vulnerability of the programming software for PLCs programmable logic controllers, EcoStruxure Control Expert, is related to improper authentication. Exploiting this vulnerability can allow an attacker to bypass authentication processes...

The vulnerability of the programming software for PLCs (programmable logic controllers), EcoStruxure Control Expert, allows a intruder to bypass the authentication process.

The vulnerability of the programming software for PLCs programmable logic controllers, EcoStruxure Control Expert, lies in the absence of restrictions on the number of authentication attempts. Exploiting this vulnerability allows a malicious actor to bypass the authentication process remotely...

The vulnerability of the programming software for PLCs (programmable logic controllers), EcoStruxure Control Expert, allows a intruder to trigger a service failure.

The vulnerability of the EcoStruxure Control Expert programming tool for programmable logic controllers is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability could allow a malicious actor to trigger a service failure remotely...

isf

This is an Industrial Exploitation Framework ISF repository, a Python-based framework for exploitation and testing of industrial control systems ICS. The framework is similar to Metasploit and is designed to be used for penetration testing and vulnerability assessment of ICS devices. The reposito...

The vulnerability of microprogrammed software in programmable logic controllers such as CompactLogix 5370 L1, CompactLogix 5370 L2, CompactLogix 5370 L3, Compact GuardLogix 5370, ControlLogix 5570, and GuardLogix 5370, related to the execution of a loop with an unavailable exit condition, allows a intruder to cause a service failure.

The vulnerability of microprogrammed software in programmable logic controllers such as CompactLogix 5370 L1, CompactLogix 5370 L2, CompactLogix 5370 L3, Compact GuardLogix 5370, ControlLogix 5570, and GuardLogix 5370, related to the execution of a loop with an unreachable exit condition...

The vulnerabilities of microprogrammed software in programmable logic controllers such as CompactLogix 1768, CompactLogix 1769, CompactLogix 5370, CompactLogix 5380, CompactLogix 5480, ControlLogix 5550, ControlLogix 5560, ControlLogix 5570, ControlLogix 5580, DriveLogix 5560, DriveLogix 5730, DriveLogix 1794-L34, Compact GuardLogix 5370, Compact GuardLogix 5380, GuardLogix 5570, GuardLogix 5580, and SoftLogix 5800 stem from insufficient protection of registration data. This allows attackers to elevate their privileges and alter the configuration of vulnerable devices.

The vulnerabilities of microprogrammed software in programmable logic controllers such as CompactLogix 1768, CompactLogix 1769, CompactLogix 5370, CompactLogix 5380, CompactLogix 5480, ControlLogix 5550, ControlLogix 5560, ControlLogix 5570, ControlLogix 5580, DriveLogix 5560, DriveLogix 5730,...

Fuji Electric Tellus Lite V-Simulator 和 Fuji Electric V-Server Lite 缓冲区错误漏洞

Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric Japan.Fuji Electric Tellus Lite V-Simulator is a remote monitoring software for industrial environments. Fuji Electric V-Server Lite is a remote monitoring software for industrial environments...

isf

This is an offensive tool for ICS exploitation. It is a Python-based framework for exploiting Industrial Control Systems ICS, similar to Metasploit. The framework, known as ICSSploit, is a fork of the routersploit project and is designed for ICS exploitation. It includes various modules for...

NSA Urgently Warns on Industrial Cyberattacks, Triconex Critical Bug

The U.S. National Security Agency NSA and the Cybersecurity and Infrastructure Security Agency CISA have issued an alert warning that adversaries could be targeting critical infrastructure across the U.S. Separately, ICS-CERT issued an advisory on a critical security bug in the Schneider Electric...

Honeywell ControlEdge PLC and ControlEdge RTU Information Disclosure Vulnerability (CNVD-2020-37479)

Honeywell ControlEdge PLC and ControlEdge RTU are both products of Honeywell, Inc. The ControlEdge PLC is a programmable logic controller PLC.The ControlEdge RTU is a remote terminal unit RTU. An information disclosure vulnerability exists in the Honeywell ControlEdge PLC and RTU that can be...

Multiple Mitsubishi Electric Products Resource Management Error Vulnerability

The Misubishi Electric MELSEC iQ-R series is a programmable logic controller from Misubishi Electric. A resource management error vulnerability exists in several Mitsubishi Electric products. An attacker could cause a denial of service by sending a large amount of data to the MELSOFT transport po...

The vulnerability of the programming software for PLCs (programmable logic controllers), namely EcoStruxure Control Expert, is related to deficiencies in access control. This vulnerability allows a intruder to bypass the authentication process between EcoStruxure Control Expert and the PLC.

The vulnerability of the EcoStruxure Control Expert programming tool for programmable logic controllers is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to bypass the authentication process between the EcoStruxure Control Expert and the...