CVE-2024-6675

A deserialization of untrusted data vulnerability exists in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects VeriStand 2024 Q2 and prior versions...

CVE-2024-2229

CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a valid user...

The vulnerability of the SCADAPack RemoteConnect configuration tool lies in its deserialization mechanism’s flaws, which allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the SCADAPack RemoteConnect configuration tool is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information by loading a malicious...

PearProject SQL注入漏洞

PearProject is a project management system backend interface for vilson individual developers. A security vulnerability exists in PearProject version v2.8.10, which originates from an SQL injection vulnerability via the organizationCode parameter on project.php...

CVE-2024-11139

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could allow local attackers to exploit these issues to potentially execute arbitrary code when opening a malicious project file...

Schneider Electric EcoStruxure Power Build Rapsody 缓冲区错误漏洞

Schneider Electric EcoStruxure Power Build Rapsody is a power monitoring platform from Schneider Electric France. Schneider Electric EcoStruxure Power Build Rapsody suffers from a buffer error vulnerability that stems from the inclusion of a memory buffer in-bounds operation improperly restricted...

Schneider Electric RemoteConnect and SCADAPack 代码问题漏洞

Schneider Electric RemoteConnect and SCADAPack is a single software tool from Schneider Electric, France, for users to monitor, configure, program, and debug SCADAPack Smart RTUs. A code issue vulnerability exists in Schneider Electric RemoteConnect and SCADAPack that stems from the inclusion of ...

PT-2025-1625 · Schneider Electric · Ecostruxure Power Build - Rapsody

Name of the Vulnerable Software and Affected Versions: Schneider Electric EcoStruxure Power Build Rapsody affected versions not specified Description: The issue is related to a buffer overflow vulnerability that could allow local attackers to execute arbitrary code when opening a malicious projec...

CVE-2024-12741

A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects DAQExpress 5.1 and prior versions. Please note that...

CVE-2024-12741 Deserialization Of Untrusted Data Vulnerability In NI DAQExpress Project File

A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects DAQExpress 5.1 and prior versions. Please note that...

The vulnerability of the OMRON CX-Motion Pro controller management program lies in the improper restriction of references to external XML entities (XXE). This allows attackers to access protected information.

The vulnerability of the OMRON CX-Motion Pro controller management program is related to an improper restriction on references to external XML entities XXE. Exploiting this vulnerability may allow a perpetrator to access protected information through a specially created project file...

The vulnerability of the Zelio Soft 2 software for intelligent relays, related to incorrect validation of entered data, allows a perpetrator to cause service interruptions.

The vulnerability of the Zelio Soft 2 software for intelligent relays from Zelio Logic relates to incorrect validation of entered data. Exploiting this vulnerability can allow an attacker to cause a service failure by loading a specially created project file...

CVE-2024-8933

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controllers. To be successful, the attacker needs to...

CVE-2024-8933

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controllers. To be successful, the attacker needs to...

PT-2024-16269 · Unknown · Project Worlds Student Project Allocation System

Name of the Vulnerable Software and Affected Versions: Project Worlds Student Project Allocation System version 1.0 Description: A critical issue has been found in the Project Selection Page component, specifically in the /student/project selection/remove project.php file. The manipulation of the...

CVE-2024-8422

CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft 2 project file...

CVE-2024-8422

CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft 2 project file...

PT-2024-8102 · Schneider Electric · Zelio Soft 2

Name of the Vulnerable Software and Affected Versions: Zelio Soft 2 affected versions not specified Description: The issue is related to improper input validation, which could cause the Zelio Soft 2 application to crash when a specially crafted project file is loaded. This can be exploited by an...

CVE-2024-47136

Out-of-bounds read vulnerability exists in Kostac PLC Programming Software Former name: Koyo PLC Programming Software Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a...

CVE-2024-41716

Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user credentials of the PLC or Operator Interfaces. As a result, an attacker may be able to manipulate...