CVE-2023-1049

A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI...

CVE-2022-41645

Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file...

CVE-2022-47908

Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file...

CVE-2021-20606

Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open...

CVE-2020-16232

In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be caused when a user loads a maliciously crafted project file...

CVE-2020-16223

Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application...

CVE-2020-16243

Multiple buffer overflow vulnerabilities exist when LeviStudioU Version 2019-09-21 and prior processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application...

CVE-2020-16221

Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application...

CVE-2020-25243

A vulnerability has been identified in LOGO! Soft Comfort All versions V8.4. A zip slip vulnerability could be triggered while importing a compromised project file to the affected software. Chained with other vulnerabilities this vulnerability could ultimately lead to a system takeover by an...

CVE-2019-10917

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier All versions, SIMATIC PCS 7 V8.1 All versions V8.1 with WinCC V7.3 Upd 19, SIMATIC PCS 7 V8.2 All versions V8.2 SP1 with WinCC V7.4 SP1 Upd11, SIMATIC PCS 7 V9.0 All versions V9.0 SP2 with WinCC V7.4 SP1 Upd11, SIMATIC WinCC TI...

CVE-2019-12871

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ proje...

CVE-2019-10916

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier All versions, SIMATIC PCS 7 V8.1 All versions V8.1 with WinCC V7.3 Upd 19, SIMATIC PCS 7 V8.2 All versions V8.2 SP1 with WinCC V7.4 SP1 Upd11, SIMATIC PCS 7 V9.0 All versions V9.0 SP2 with WinCC V7.4 SP1 Upd11, SIMATIC WinCC TI...

CVE-2025-3916

CWE-121: Stack-based Buffer Overflow vulnerability exists that could cause local attackers being able to exploit these issues to potentially execute arbitrary code while the end user opens a malicious project file SSD file provided by the attacker...

Drupal Sportsleague 安全漏洞

Drupal Sportsleague is a module plugin in the Drupal content management system for the Drupal community. A security vulnerability exists in Drupal Sportsleague that stems from a problem with the project file that affects usability...

CVE-2025-2223

CWE-20: Improper Input Validation vulnerability exists that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when a malicious project file is loaded by a user from the local system...

CVE-2025-2223

CVE-2025-2223 affects Schneider Electric ConneXium Network Manager. The root cause is improper input validation in the software, enabling a malicious local user to load a crafted project file that can compromise confidentiality, integrity, and availability on engineering workstations. CVSS metric...

CVE-2024-12742

A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects G Web Development Software 2022 Q3...

CVE-2024-12742 Deserialization of Untrusted Data Vulnerability in NI G Web Development Software

A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects G Web Development Software 2022 Q3...

CVE-2022-29831

Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions from 1.015R to 1.095Z allows a remote unauthenticated attacker to obtain information about the project file for MELSEC safety CPU modules...

CVE-2024-7013

Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file...