The vulnerability of the SCADA system MasterSCADA, related to deficiencies in password protection mechanisms, allows unauthorized access to the project by intruders.

The vulnerability of the SCADA system MasterSCADA is related to deficiencies in the password protection mechanism of the project file. Exploiting this vulnerability can allow an intruder to gain unauthorized access to the project by reverting the password hash value...

CVE-2024-7013

Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file...

CVE-2024-7013

Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file...

CVE-2024-7013

Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file...

CVE-2024-7013

The CVE-2024-7013 issue affects Panasonic Control FPWIN Pro software, specifically version 7.7.2.0 and earlier. A stack-based buffer overflow in the handling of project files can allow arbitrary code execution when a crafted project file is opened. The vulnerability is tied to FPWIN Pro’s project...

The vulnerability of the Project File Handler component in the configuration and programming environment of EcoStruxure Foxboro SCADA Fox RTU Station allows a perpetrator to execute arbitrary code.

The vulnerability of the Project File Handler component in the configuration and programming environment of EcoStruxure Foxboro SCADA Fox RTU Station is related to an incorrect limitation on the path name to the restricted-access directory. Exploiting this vulnerability could allow a attacker to...

CVE-2024-6675

A deserialization of untrusted data vulnerability exists in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects VeriStand 2024 Q2 and prior versions...

CVE-2024-6675

CVE-2024-6675 describes a deserialization of untrusted data vulnerability in NI VeriStand, specifically in the NIVSPRJ/project-file parsing. The underlying flaw is deserializing data from a crafted project file during processing of NIVSPRJ elements, which can lead to remote code execution. Exploi...

CVE-2024-6675 Deserialization of Untrusted Data Vulnerability in NI VeriStand Project File

A deserialization of untrusted data vulnerability exists in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects VeriStand 2024 Q2 and prior versions...

CVE-2024-2602

CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor...

CVE-2024-2602

CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor...

CVE-2024-2602

CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor...

CVE-2024-2602

CVE-2024-2602 maps to Schneider Electric EcoStruxure Foxboro SCADA FoxRTU Station, where a Path Traversal flaw in the saved project file handling can enable remote code execution for an authenticated user if the project file has been tampered. Connected sources indicate this affects FoxRTU Statio...

CVE-2024-28886

Summary of CVE-2024-28886 : An OS command injection vulnerability exists in UTAU versions prior to v0.4.19. When a user opens a crafted UTAU project file (.ust), an arbitrary OS command may be executed. Affected software is UTAU (pre-0.4.19). Root cause is an injection flaw in handling the .ust f...

CVE-2024-4044

This CVE describes a deserialization of untrusted data vulnerability in NI FlexLogger and NI InstrumentStudio code paths shared by both applications. The flaw allows remote code execution and requires an attacker to convince a user to open a specially crafted project file (FLXPROJ) to trigger exp...

CODESYS Development System 缓冲区错误漏洞

3s-smart Software Solutions CODESYS Development System is a suite of programming tools for use in the field of industrial controllers and automation technology from 3s-smart Software Solutions, Germany. A buffer error vulnerability exists in CODESYS Development System versions prior to V2.3.9.73,...

CVE-2024-31412

Out-of-bounds read vulnerability exists in CX-Programmer included in CX-One CXONE-ALD-V4 Ver. 9.81 or lower. Opening a specially crafted project file may lead to information disclosure and/or the product being crashed...

CVE-2024-31412

Out-of-bounds read vulnerability exists in CX-Programmer included in CX-One CXONE-ALD-V4 Ver. 9.81 or lower. Opening a specially crafted project file may lead to information disclosure and/or the product being crashed...

Gitlab -- vulnerabilities

Gitlab reports: GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider Path Traversal leads to DoS and Restricted File Read Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search Personal Access Token scopes not honoured by...

CVE-2024-0257

CVE-2024-0257 affects RoboDK v5.5.4. The vulnerability is a heap-based buffer overflow encountered while processing a specific project file, leading to memory corruption that may crash the RoboDK application. The CVSS v3.1 base score is 3.3 (Low), with LOCAL attack vector, LOW attack complexity, ...