The vulnerability of Siemens SIMATIC product software lies in insufficient validation of input data, allowing attackers to execute arbitrary system commands.

The vulnerability of Siemens SIMATIC software products is related to insufficient validation of input data. Exploiting this vulnerability could allow an intruder with access to project files to execute arbitrary system commands with database privileges...

CVE-2019-10916

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier All versions, SIMATIC PCS 7 V8.1 All versions V8.1 with WinCC V7.3 Upd 19, SIMATIC PCS 7 V8.2 All versions V8.2 SP1 with WinCC V7.4 SP1 Upd11, SIMATIC PCS 7 V9.0 All versions V9.0 SP2 with WinCC V7.4 SP1 Upd11, SIMATIC WinCC TI...

CVE-2019-10917

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier All versions, SIMATIC PCS 7 V8.1 All versions V8.1 with WinCC V7.3 Upd 19, SIMATIC PCS 7 V8.2 All versions V8.2 SP1 with WinCC V7.4 SP1 Upd11, SIMATIC PCS 7 V9.0 All versions V9.0 SP2 with WinCC V7.4 SP1 Upd11, SIMATIC WinCC TI...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier All versions, SIMATIC PCS 7 V8.1 All versions V8.1 with WinCC V7.3 Upd 19, SIMATIC PCS 7 V8.2 All versions V8.2 SP1 with WinCC V7.4 SP1 Upd11, SIMATIC PCS 7 V9.0 All versions V9.0 SP2 with WinCC V7.4 SP1 Upd11, SIMATIC WinCC TI...

Stack Overflow Vulnerability in WinProladder pdw Project File at Yonghong

Ltd. is a company founded by a group of engineers engaged in PLC design and development. A stack overflow vulnerability exists in the Yonghong WinProladder pdw project file, which can be exploited by attackers to execute malicious code...

Memory corruption vulnerability in Yonghong FD300 fpj project file

YHM Taiwan specializes in the highly functional small, medium and micro PLC market segments. A memory corruption vulnerability exists in the Yonghong FD300 fpj project file, which allows an attacker to trick a user into opening a malicious fpj file, executing malicious code, and ultimately gainin...

Memory Corruption Vulnerability in SKTOOL

SKTOOL is a configuration software produced by Shenzhen Xianzhong Technology Co. SKTOOL has a memory corruption vulnerability in the handling of skm project files, which can be exploited by attackers to gain control of a user's system or crash the program...

Memory Corruption Vulnerability in LSIS Configuration Software

LSIS configuration software is a configuration software of LeStar Industrial Electronics Wuxi Co. A memory corruption vulnerability exists in the mce project file handling of LSIS configuration software, which can be exploited by attackers to execute malicious code...

Stack Overflow Vulnerability in delta ScreenEditor dop Project File

Delta Electronics Group is a provider of total solutions for power management, video displays, industrial automation, automotive electronics, network communication products and renewable energy related products. A stack overflow vulnerability exists in the delta ScreenEditor dop project file, whi...

Memory Corruption Vulnerability in Huichuan HTodEditor htd Project File

Shenzhen Huichuan Technology Co., Ltd. is a company mainly engaged in the research and development, production and sales of industrial automation control products, positioned to serve the middle and high-end equipment manufacturers. A memory corruption vulnerability exists in the Huichuan...

Memory Corruption Vulnerability in dp2 Project File of Xinjie OP20 Screen Setting Tool

Wuxi Xinjie Electric Co., Ltd. is a well-known domestic enterprise focusing on the research, development and application of industrial automation products. A memory corruption vulnerability exists in the dp2 project file of the Xinjie OP20 screen setup tool, which can be exploited by attackers to...

Memory Corruption Vulnerability in Kovac HMIStudio hs Project File

Huangshi Kewei Automatic Control Co., Ltd. is a company mainly engaged in microelectronic products, automation instrumentation development and application and related engineering supporting services and other projects. A memory corruption vulnerability exists in the Kewe HMIStudio hs project file...

CVE-2019-6556

When processing project files, the application Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the...

Buffer overflow vulnerability in SGO South satellite navigation platform software

Guangzhou Nanfang Satellite Navigation Instrument Co., Ltd. is subordinate to Nanfang Surveying and Mapping Group, and is the first national high-tech enterprise in China that has passed through the high-precision GNSS technology industry chain and realized large-scale and market-oriented...

Denial of Service Vulnerability in CDMonitor Software

CDMonitor is a GNSS system software developed by Sinan Navigation based on the Global Positioning System GPS and utilizing modern communication technology, which has the functions of real-time and quasi-real-time GNSS raw data analysis, processing, independent ring network leveling and data...

CVE-2019-6537

Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An...

CVE-2018-19020

When CX-Supervisor Versions 3.42 and prior processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an array...

Type confusion

An access of uninitialized pointer vulnerability in CX-Supervisor Versions 3.42 and prior could lead to type confusion when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application...

CVE-2018-7817

A Use After Free CWE-416 vulnerability exists in Zelio Soft 2 v5.1 and prior versions which could cause remote code execution when opening a specially crafted Zelio Soft project file...

CVE-2018-19002

LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash...