XINJE XD5E和XINJE XL5E 安全漏洞

XINJE XD5E and XINJE XL5E are both products of China XINJE Corporation.XINJE XD5E is a PLC.XINJE XL5E is a PLC. A security vulnerability exists in the XINJE XD5E and XINJE XL5E version 3.5.3b that originates from a vulnerability that allows an attacker to cause a denial of service via a specially...

The vulnerability of microprogrammed software in Mitsubishi Electric’s M800V/M80V Series, M800/M80/E80 Series, C80 Series, and M700V/M70V/E70V Series programmable logic controllers is related to incorrect input of configuration data. This vulnerability allows a malicious actor to cause malfunctions during maintenance operations.

The vulnerability of microprogrammed software in Mitsubishi Electric’s M800V/M80V Series, M800/M80/E80 Series, C80 Series, M700V/M70V/E70 Series programmable logic controllers is related to incorrect input of configuration data. Exploiting this vulnerability can allow an attacker, operating...

The vulnerability of the microprogrammed logic controller (PLC) Advantech ADAM-5630 software, which stems from the use of weak encryption algorithms, allows a hacker to expose user account information.

The vulnerability of the microprogrammed logic controller PLC Advantech ADAM-5630 software is related to the use of weak encryption algorithms. Exploiting this vulnerability could allow an intruder to obtain user credentials...

JTEKT Kostac PLC Programming Software 安全漏洞

JTEKT Kostac PLC Programming Software is a PLC programmer software for personal computers from JTEKT Japan. A security vulnerability exists in JTEKT Kostac PLC Programming Software version 1.6.14.0 and earlier versions, which originates from allowing out-of-bounds writes to memory...

PT-2024-30295 · Automationdirect · Directlogic H2-Dm1E +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns a session hijacking attack targeting the application layer's control mechanism. This mechanism manages authenticated sessions between...

CODESYS OSCAT Basic Library 缓冲区错误漏洞

CODESYS OSCAT Basic Library is an open source library from CODESYS Corporation, known as the Open Source Community for Automation Technology. A buffer error vulnerability exists in CODESYS OSCAT Basic Library versions prior to 3.3.5, which stems from the presence of an out-of-bounds read...

PT-2024-37920 · Unknown · Oscat Basic Library

Name of the Vulnerable Software and Affected Versions: OSCAT Basic Library affected versions not specified Description: The issue is an Out-of-Bounds read vulnerability that allows a local, unprivileged attacker to access limited internal data of the PLC, which may lead to a crash of the affected...

CVE-2024-41716

Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user credentials of the PLC or Operator Interfaces. As a result, an attacker may be able to manipulate...

WindLDR and WindO/I-NV4 store sensitive information in cleartext

Overview PLC programming software "WindLDR" and Operator Interfaces' Touchscreen Programming Software "WindO/I-NV4" provided by IDEC Corporation store sensitive information in cleartext form CWE-312. Yuki Meguro of Toinx Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

The vulnerability of microprogrammed logic controllers from Unitronics Vision PLC, related to incorrect handling of exceptional states, allows a intruder to trigger a malfunction in maintenance operations.

The vulnerability of microprogrammed logic controllers from Unitronics Vision PLC lies in the improper handling of exceptional states. Exploiting this vulnerability can allow an attacker to cause malfunctions in the system remotely...

The vulnerability of the access control mechanism in Siemens LOGO programmable logic controllers allows a intruder to execute arbitrary commands.

The vulnerability of the access control mechanism in Siemens LOGO programmable logic controllers is related to the absence of authentication for critical functions. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the application software interface of the microprogramming system for programmable logic controllers AutomationDirect P3-550E allows a intruder to trigger a service failure.

The vulnerability of the application software interface for Microprogramming Systems, AutomationDirect P3-550E, is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices

Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology OT devices. Internet-exposed OT equipment in water and wastewater systems WWS in the US were targeted in multiple attacks over the past months by different...

The vulnerability of the FTP-server software of the Yokogawa FA-M3 programmable logic controller allows a intruder to trigger a service failure.

The vulnerability of the FTP server software of the Yokogawa FA-M3 programmable logic controller is related to the exhaustion of the connection limits. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Mitsubishi Electric MELSEC iQ-F series Security Vulnerability

The Mitsubishi Electric MELSEC iQ-F series is a programmable logic controller from Mitsubishi Electric Japan. A security vulnerability exists in the Mitsubishi Electric MELSEC iQ-F series that stems from an insufficient resource pool, which can lead to a denial of service...

Delta Electronics WPLSoft Security Vulnerability

Delta Electronics WPLSoft is a software tool for programming Delta Programmable Logic Controllers PLCs from Delta Electronics Taiwan, China. A security vulnerability exists in Delta Electronics WPLSoft that stems from the presence of a buffer overflow vulnerability...

The vulnerability of the programming software for PLCs (programmable logic controllers), namely the Saia PG5 Controls Suite, arises from incorrect restrictions on XML references to external objects. This vulnerability allows attackers to gain unauthorized access to protected information.

The vulnerability of the programming software for PLCs programmable logic controllers, Saia PG5 Controls Suite, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

The vulnerability of the programming and debugging tool for PLC applications, MULTIPROG, integrated with the operating system ProConOS/ProConOS eCLR, arises from the loading of code without checking its integrity. This allows attackers to compromise the integrity of the protected information.

The vulnerability of the MULTIPROG programming and debugging tool for PLC applications, integrated with the ProConOS/ProConOS eCLR operating system, lies in the loading of code without checking its integrity. Exploiting this vulnerability allows an attacker to compromise the integrity of the...

Unitronics PLC Trust Management Issue Vulnerabilities

Unitronics PLC is a programmable logic controller with a built-in HMI panel from Unitronics Israel. A trust management issue vulnerability exists in the Unitronics PLC, which arises from the use of a default management password that allows an attacker accessing the PLC or HMI over the network to...

The vulnerability of the monitoring software for PLCCs from Fuji Electric, Tellus Lite V-Simulator, arises from deficiencies in access control. This allows a intruder to execute arbitrary code.

The vulnerability of the monitoring software for PLCCs from Fuji Electric, Tellus Lite V-Simulator, is related to deficiencies in access control. Exploiting this vulnerability could allow an intruder to execute arbitrary code...