PT-2022-4635 · Measuresoft · Measuresoft Scadapro Server

Name of the Vulnerable Software and Affected Versions: Measuresoft ScadaPro Server All Versions Description: The issue is related to a use-after-free condition when processing a specific project file, which can allow an attacker to execute arbitrary code remotely. This is associated with the...

Measuresoft ScadaPro Server and Client 安全漏洞

Measuresoft ScadaPro Server and Client is a powerful real-time data acquisition software package from Measuresoft Ireland. It provides monitoring, data logging, simulation development and report generation. A security vulnerability exists in Measuresoft ScadaPro Server and Client, which stems fro...

CVE-2021-22650

An attacker may use TWinSoft and a malicious source project file TPG to extract files on machine executing Ovarro TWinSoft, which could lead to code execution...

PT-2022-9262 · Ovarro · Ovarro Twinsoft

Name of the Vulnerable Software and Affected Versions: Ovarro TWinSoft affected versions not specified Description: An attacker may use TWinSoft and a malicious source project file TPG to extract files on the machine executing Ovarro TWinSoft, which could lead to code execution. Recommendations: ...

CVE-2022-33320

Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions...

CVE-2022-27579

A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and including 1.9.4 SP1 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the...

CVE-2022-27580

A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges ...

CVE-2022-27579

A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and including 1.9.4 SP1 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the...

Safety 代码问题漏洞

Safety is a Python based software package for checking the safety of programs. A security vulnerability exists in Safety Designer 1.11.0 and earlier versions, which stems from a deserialization vulnerability in the .NET Framework classes used and not properly checked, which allows an attacker to...

SICK Flexi Soft Designer 代码问题漏洞

SICK Flexi Soft Designer is a configuration tool from SICK. A security vulnerability exists in SICK Flexi Soft Designer version 1.9.4 SP1 and below, which stems from a deserialization vulnerability in a .NET Framework class that is used and not properly checked, which allows an attacker to create...

Microsoft Office Excel Silent Builder Exploit

0day exploit is a program that injects any executable formatted file .exe into the desired word .xls file. The exe is automatically executed when the project file is opened...

CVE-2022-1797 Rockwell Automation Logix Controllers Uncontrolled Resource Consumption

A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownloa...

Delta Electronics CNCSoft 安全漏洞

Delta Electronics CNCSoft is a CNC machine simulation system software from Delta Electronics, China. A security vulnerability exists in Delta Electronics CNCSoft, which can be exploited by an attacker to cause a stack buffer overflow when processing a specific project file, as the affected produc...

Delta Electronics CNCSoft 缓冲区错误漏洞

Delta Electronics CNCSoft is a CNC machine simulation system software from Delta Electronics, China. An out-of-bounds read vulnerability exists in Delta Electronics CNCSoft, which can be exploited by an attacker to cause an out-of-bounds read condition due to the affected product not properly...

CVE-2022-1403

ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition...

CVE-2022-1402

ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition...

Design/Logic Flaw

ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition...

CVE-2022-1403 Delta Electronics ASDA-Soft Out-of-bounds Write

ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition...

CVE-2022-1402 Delta Electronics ASDA-Soft Out-of-bounds Read

ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition...

CVE-2021-22797

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the...