WAGO 访问控制错误漏洞

WAGO 750-88x Series and so on are products of WAGO, Germany.WAGO 750-88x Series is a 750-88x series programmable logic controller.WAGO 750-87x Series is a 750-87x series programmable logic controller.WAGO Series PFC100 is a programmable logic controller. a programmable logic controller. An access...

Mitsubishi Electric MELSEC iQ-R、iQ-L Series和MELIPC Series 安全漏洞

Mitsubishi Electric MELSEC iQ-R series and so on are products of Mitsubishi Electric Japan.Mitsubishi Electric MELSEC iQ-R series is a programmable logic controller.Mitsubishi Electric MELSEC iQ-L series is a series of programmable logic controller.Mitsubishi Electric MELSEC iQ-L series is a seri...

Omron CX-Programmer 缓冲区错误漏洞

Omron CX-Programmer is a PLC Programmable Logic Controller programming software from Omron, Japan. A security vulnerability exists in Omron CX-Programmer version v.9.77 and prior versions, which stems from an out-of-bounds write issue...

The vulnerability of microprogrammed software in programmable logic controllers SIMATIC S7-1200 and S7-1500 is related to insufficient protection of registration data, allowing attackers to gain full access to the device.

The vulnerability of microprogrammed software in programmable logic controllers SIMATIC S7-1200 and S7-1500 is related to insufficient protection of registration data. Exploiting this vulnerability can allow an intruder to gain full access to the device...

PT-2022-6339 · Unknown · Mklogic-500

Name of the Vulnerable Software and Affected Versions: MKLogic-500 affected versions not specified Description: The issue is related to insufficient control of parameters used in the configuration of programmable logic controllers, which is set up via FTP. This could allow a remote attacker to...

Fuji Electric D300win 缓冲区错误漏洞

Fuji Electric D300win is a PLC product and solution from Fuji Electric Japan. The Fuji Electric D300win suffers from a buffer error vulnerability that stems from susceptibility to out-of-bounds reads, which can be exploited by an attacker to leak sensitive data from process memory...

CVE-2022-2788

Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering...

LS ELECTRIC PLC and XG5000 Encryption Problem Vulnerability

LS ELECTRIC PLC is a programmable logic controller from LS ELECTRIC, a South Korean company. LS ELECTRIC PLC and XG5000 are vulnerable to an encryption issue that could be exploited by an attacker to decrypt credentials and gain full access to the affected programmable logic controller PLC...

LS ELECTRIC PLC and XG5000 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor : LS ELECTRIC, LS Industrial Systems LSIS Co. Ltd Equipment: LS ELEC PLC and XG5000 Vulnerability: Inadequate Encryption Strength 2. UPDATE This updated advisory is a follow-up to the original advisory...

Emerson Proficy Machine Edition 路径遍历漏洞

Emerson Proficy Machine Edition is an application from Emerson, Inc. an automation solution. A security vulnerability exists in Emerson Proficy Machine Edition versions 9.80 and earlier, which stems from an easy ZipSlip attack via the uploader program, which allows an attacker to plant a maliciou...

Emerson Proficy Machine Edition 代码问题漏洞

Emerson Proficy Machine Edition is a software application from Emerson Electric USA, Inc. An automation solution. A code issue vulnerability exists in Emerson Proficy Machine Edition 9.00 and prior versions that originates from uploading any file written to the PLC logical folder to a connected P...

The vulnerability of the programming software for PLCs (programmable logic controllers), namely EcoStruxure Control Expert, arises from the execution of operations beyond the buffer boundaries in memory. This vulnerability allows a malicious actor to cause system failures.

The vulnerability of the EcoStruxure Control Expert programming tool for programmable logic controllers involves the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause a service failure...

The vulnerability of the SNMP protocol implementation in the microprogramming software for Schneider Electric Modicon M340 programmable logic controllers allows a intruder to trigger a maintenance failure.

The vulnerability of the SNMP protocol implementation in microprogrammed software for Schneider Electric Modicon M340 programmable logic controllers is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by sendi...

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software, related to security mechanism failures, allows a intruder to cause a service failure.

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software is related to security mechanism errors. Exploiting this vulnerability allows a malicious actor to cause service failure by loading arbitrary firmware files remotely...

Omron SYSMAC CS/CJ/CP Series 和 NJ/NX Series 数据伪造问题漏洞

Omron SYSMAC CS/CJ/CP Series and Omron SYSMAC NJ/NX Series are products of Omron Corporation, Japan.Omron SYSMAC CS/CJ/CP Series is a series of programmable controllers.Omron SYSMAC NJ/NX Series is a series of machine automation controllers. Omron SYSMAC NJ/NX Series is a series of machine...

The vulnerability of microprogrammed software for PACsystems programmable logic controllers, related to data transmission between the browser and the PLC using the HTTP protocol, allows a intruder to gain unauthorized access to protected information.

The vulnerability of PACsystems programmable logic controllers’ microprogramming software is related to the transmission of data between the browser and the PLC using the HTTP protocol. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

Omron SYSMAC CS/CJ/CP Series and NJ/NX Series

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Omron Equipment: SYSMAC CS/CJ/CP Series and NJ/NX Series Vulnerabilities: Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity, Plaintext Storage of a Password...

Critical Security Flaws Identified in CODESYS ICS Automation Software

CODESYS has released patches to address as many as 11 security flaws that, if successfully exploited, could result in information disclosure and a denial-of-service DoS condition, among others. "These vulnerabilities are simple to exploit, and they can be successfully exploited to cause...

Secheron SEPCOS Control and Protection Relay 安全漏洞

Secheron SEPCOS Control and Protection Relay is a relay from Secheron. Control and protect your DC panels and contact lines from short circuits and other electrical faults, and benefit from enhanced communication capabilities.A security vulnerability exists in the Secheron SEPCOS Control and...

PT-2022-3083 · Honeywell · Honeywell Controledge

Name of the Vulnerable Software and Affected Versions: Honeywell ControlEdge versions through R151.1 Description: The issue is related to the use of hard-coded credentials in the Honeywell ControlEdge programmable logic controllers. This could allow a remote attacker to gain elevated privileges...