PT-2022-13861 · Delta Electronics · Cncsoft

Name of the Vulnerable Software and Affected Versions: Delta Electronics CNCSoft versions prior to 1.01.32 Description: The issue arises from improper input sanitization when processing a specific project file, leading to a possible out-of-bounds read condition. This can potentially result in...

CVE-2021-40363

A vulnerability has been identified in SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions, SIMATIC PCS 7 V9.1 All versions V9.1 SP1, SIMATIC WinCC V15 and earlier All versions V15 SP1 Update 7, SIMATIC WinCC V16 All versions V16 Update 5, SIMATIC WinCC V17 All versions V17 Update 2,...

CVE-2022-21137

Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based buffer overflow while processing specific project files, which may allow an attacker to execute arbitrary code...

January 4, 2022, update for Project 2016 (KB4504713)

January 4, 2022, update for Project 2016 KB4504713 This article describes update 4504713 for Microsoft Project 2016 that was released on January 4, 2022.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply...

CVE-2021-38415

Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code...

CVE-2021-20607

Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open...

CVE-2021-20606

Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open...

CVE-2021-20607

Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open...

CVE-2021-20606

Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open...

CVE-2021-20606

Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open...

Mitsubishi Electric FA Engineering Software 数字错误漏洞

Mitsubishi Electric FA engineering software is an engineering software from Mitsubishi Electric Japan. It provides improved efficiency in design and debugging, reduced downtime, and data protection. The Mitsubishi Electric FA engineering software suffers from a numeric error vulnerability that...

CVE-2021-42701

An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle MiTM attack. This could allow an attacker to obtain credentials and take over the user’s cloud account...

CVE-2021-42701

An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle MiTM attack. This could allow an attacker to obtain credentials and take over the user’s cloud account...

CVE-2021-42543

The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown...

Code injection

The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown...

CVE-2021-42701

CVE-2021-42701 relates to AzeoTech DAQFactory. A crafted project file can trigger a MiTM attempt by connecting to the cloud, potentially exposing credentials and enabling takeover of a user’s cloud account. Affected products: DAQFactory up to all versions 18.1 Build 2347 and earlier. Root cause d...

CVE-2021-42701 AzeoTech DAQFactory

An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle MiTM attack. This could allow an attacker to obtain credentials and take over the user’s cloud account...

CVE-2021-42543

CVE-2021-42543 affects DAQFactory by AzeoTech. The vulnerability arises from Use of Inherently Dangerous Function (CWE-242) in DAQFactory project file handling, allowing a crafted project file to trigger code execution, potentially leading to system reboot or shutdown. Affected products: DAQFacto...

CVE-2021-42543 AzeoTech DAQFactory

The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown...

DAQFactory Man-in-the-Middle Attack Vulnerability

DAQFactory is a software and application development platform that provides a variety of tools that allow you to easily create HMI/SCADA applications. A man-in-the-middle attack vulnerability exists in DAQFactory 18.1 Build 2347 and earlier versions. The vulnerability can be exploited by an...