CVE-2022-29832

Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result,...

PT-2022-6320 · Mitsubishi · Gx Works3

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Corporation GX Works3 versions from 1.015R to 1.095Z Description: The issue is related to the use of hard-coded passwords in the software, allowing a remote unauthenticated attacker to obtain information about the project...

GHSA-8G2P-5PQH-5JMC .NET Information Disclosure Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET, .NET Core and .NET Framework's System.Data.SqlClient and Microsoft.Data.SqlClient NuGet Packages. A vulnerability exists in System.Data.SqlClient and Microsoft.Data.SqlClient libraries where a...

CVE-2022-41668

A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3 Hotfix 1...

Design/Logic Flaw

A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3 Hotfix 1...

CVE-2022-37302

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control ExpertV15.1 HF001 and prior...

CVE-2022-37302

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control ExpertV15.1 HF001 and prior...

Design/Logic Flaw

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control ExpertV15.1 HF001 and prior...

CVE-2022-37302

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control ExpertV15.1 HF001 and prior...

Delta Electronics DOPSoft 缓冲区错误漏洞

Delta Electronics DOPSoft is a Human Machine Interface HMI software suite from Delta Electronics Taiwan, China. A buffer error vulnerability exists in Delta Electronics DOPSoft, which arises from the processing of specific project files without properly sanitizing the user input could result in t...

CVE-2022-2894

Measuresoft ScadaPro Server All Versions uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file...

CVE-2022-2892

Measuresoft ScadaPro Server Versions prior to 6.8.0.1 uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file...

Double free

Measuresoft ScadaPro Server All Versions allows use after free while processing a specific project file...

CVE-2022-2896 Measuresoft ScadaPro Server Use After Free

Measuresoft ScadaPro Server All Versions allows use after free while processing a specific project file...

CVE-2022-2894 Measuresoft ScadaPro Server Untrusted Pointer Dereference

Measuresoft ScadaPro Server All Versions uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file...

CVE-2022-2895 Measuresoft ScadaPro Server Stack-based Buffer Overflow

Measuresoft ScadaPro Server All Versions uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file...

CVE-2022-1404

Delta Electronics CNCSoft All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition...

CVE-2022-1405

CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition...

PT-2022-4451 · Fatek · Fvdesigner

Name of the Vulnerable Software and Affected Versions: FATEK FvDesigner versions 1.5.103 and prior Description: The issue is related to an out-of-bounds write in memory while processing project files. This can be exploited by an attacker to achieve arbitrary code execution if a valid user is...

Measuresoft ScadaPro Server and Client 安全漏洞

Measuresoft ScadaPro Server and Client is a powerful real-time data acquisition software package from Measuresoft Ireland. It provides monitoring, data logging, simulation development and report generation. A security vulnerability exists in Measuresoft ScadaPro Server and Client, which stems fro...