CVE-2023-22424

Use-after-free vulnerability exists in Kostac PLC Programming Software Former name: Koyo PLC Programming Software Version 1.6.9.0 and earlier. With the abnormal value given as the maximum number of columns for the PLC program, the process accesses the freed memory. As a result, opening a speciall...

CVE-2023-22421

Out-of-bounds read vulnerability exists in Kostac PLC Programming Software Former name: Koyo PLC Programming Software Version 1.6.9.0 and earlier. The insufficient buffer size for the PLC program instructions leads to out-of-bounds read. As a result, opening a specially crafted project file may...

CVE-2023-22424

Use-after-free vulnerability exists in Kostac PLC Programming Software Former name: Koyo PLC Programming Software Version 1.6.9.0 and earlier. With the abnormal value given as the maximum number of columns for the PLC program, the process accesses the freed memory. As a result, opening a speciall...

CVE-2023-22421

CVE-2023-22421 affects Kostac PLC Programming Software (formerly Koyo PLC Programming Software) by JTEKT Electronics. The flaw is an out-of-bounds read caused by an insufficient buffer size for PLC program instructions, triggered when opening a specially crafted project file. The impact is inform...

CVE-2023-22424

CVE-2023-22424 affects Kostac PLC Programming Software (formerly Koyo PLC Programming Software) by a Use-After-Free vulnerability when the maximum number of columns for the PLC program is mis-handled. The issue occurs in versions 1.6.9.0 and earlier and can lead to information disclosure and/or a...

CVE-2023-22419

Kostac PLC Programming Software (JTEKT Kostac) versions 1.6.9.0 and earlier are affected by CVE-2023-22419. The issue is an out-of-bounds read occurring while processing a comment block in stage information, due to end-of-data verification failure. This can lead to information disclosure and/or a...

Siemens LOGO! 8 BM Input Validation Error Vulnerability (CNVD-2022-89766)

A security vulnerability exists in Siemens LOGO! 8 BM, a programming software for industrial environments for the Windows platform from Siemens, Germany, which stems from the fact that certain authentication is not performed when interacting with them. An unauthenticated remote attacker could...

Siemens LOGO! 8 BM buffer overflow vulnerability (CNVD-2022-89767)

Siemens LOGO! 8 BM is a programming software for industrial environments for the Windows platform from Siemens Germany. Siemens LOGO! 8 BM suffers from a buffer overflow vulnerability that stems from an inability to properly validate the structure of a TCP packet through a variety of methods. An...

Siemens LOGO! 8 BM input validation error vulnerability

A security vulnerability exists in Siemens LOGO! 8 BM, a programming software for the Windows platform used in industrial environments from Siemens, Germany. The vulnerability stems from the inability to properly validate offset values defined in TCP packets when calling methods. An attacker coul...

Horner Automation Cscape Csfont Out-of-Bounds Reading Vulnerability

Horner Automation Cscape is a programming software for industrial control system development from Horner Automation, Inc. An out-of-bounds read vulnerability exists in Horner Automation Cscape Csfont, which can be exploited by attackers to execute arbitrary code...

CVE-2021-32986

After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without...

CVE-2022-25230

Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One v4.60 suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325...

Horner Automation Cscape EnvisionRV Input Validation Error Vulnerability

Horner Automation Cscape EnvisionRV is a programming software for industrial control system development from Horner Automation, U.S. An input validation error vulnerability exists in Horner Automation Cscape EnvisionRV, which could be exploited by an attacker to execute arbitrary code in the...

WECON LeviStudioU

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: WECON Equipment: LeviStudioU Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow remote code execution. 3. TECHNICAL...

The vulnerability of the FATEK WinProladder controller programming software lies in the ability to write beyond the buffer memory boundaries, allowing a hacker to execute arbitrary code.

The vulnerability of the FATEK WinProladder controller programming software lies in the writing of code beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

DOPSoft Stack Buffer Overflow Vulnerability

DOPSoft is a Human Machine Interface HMI programming software from Delta Electronics. A stack buffer overflow vulnerability exists in DOPSoft 4.00.11 and earlier versions. The vulnerability can be exploited by an attacker to execute arbitrary code via a specially crafted project file...

Schneider Electric homeLYnk and spaceLYnk Unauthorized Access Vulnerability

Schneider Electric homeLYnk and spaceLYnk are both automation programming software for different logic controllers from Schneider Electric, France. An unauthorized access vulnerability exists in Schneider Electric homeLYnk and spaceLYnk, which arises from the presence of a broken or dangerous...

The software for programming FATEK WinProladder is vulnerable due to a countable loss of significance, allowing an attacker to execute arbitrary code.

The vulnerability of the FATEK WinProladder controller programming software arises from a countable loss of significance. Exploiting this vulnerability allows an attacker to execute arbitrary code...

Binary Vulnerability in Kinco Builder

Kinco Builder is a PLC programming software for KS101M-04DX K209M-56DT HP070-33DT devices. A binary vulnerability exists in Kinco Builder, which can be exploited by attackers to cause a denial of service...

Denial of Service Vulnerability in Schneider Control Expert

Control Expert is a suite of programming software for Schneider Electric logic controller products. A denial of service vulnerability exists in Schneider Control Expert. An attacker could exploit this vulnerability to cause a denial of service...