CVE-2018-19004

LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data exfiltration...

CVE-2018-19015

An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor Versions 3.42 and prior through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application...

CVE-2018-19011

CX-Supervisor Versions 3.42 and prior can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application...

CVE-2018-19013

An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor Versions 3.42 and prior through a specially crafted project file...

CVE-2018-19011

CX-Supervisor Versions 3.42 and prior can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application...

Omron CX-Supervisor Command Injection Vulnerability (NVD-C-2019-12033)

Omron CX-Supervisor is a powerful and advanced machine visualization software package that provides a very flexible PC-based HMI environment. A command injection vulnerability exists in Omron CX-Supervisor 3.42 and earlier versions, which can be exploited by an attacker to inject commands via a...

Omron CX-Supervisor Reuse After Release Vulnerability

Omron CX-Supervisor is a powerful and advanced machine visualization software package that provides a very flexible PC-based HMI environment. A post-release reuse vulnerability exists in Omron CX-Supervisor 3.42 and earlier versions, which stems from an application failing to check if a project...

Omron CX-Supervisor Code Injection Vulnerability

Omron CX-Supervisor is a powerful and advanced machine visualization software package that provides a very flexible PC-based HMI environment. A code injection vulnerability exists in Omron CX-Supervisor 3.42 and earlier versions, which can be exploited by an attacker to inject code into a project...

Omron CX-Supervisor Command Injection Vulnerability

Omron CX-Supervisor is a powerful and advanced machine visualization software package that provides a very flexible PC-based HMI environment. A command injection vulnerability exists in Omron CX-Supervisor 3.42 and earlier versions, which can be exploited by an attacker to inject commands via a...

Unspecified vulnerability in LCDS LAquis SCADA (CNVD-2019-28114)

LCDS LAquis SCADA is a SCADA Data Acquisition and Supervisory Control system from the Brazilian company LCDS. The system is mainly used for data acquisition and process control of equipment with communication technology. A security vulnerability exists in LCDS LAquis SCADA version 4.1.0.3870. The...

CVE-2019-3580

OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file...

Directory traversal

OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file...

CVE-2019-3580

OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file...

CVE-2018-13811

A vulnerability has been identified in SIMATIC STEP 7 TIA Portal All Versions V15.1. Password hashes with insufficient computational effort could allow an attacker to access to a project file and reconstruct passwords. The vulnerability could be exploited by an attacker with local access to the...

Omron CX-One Memory Misreference Vulnerability

Omron CX-One is an integrated toolkit from Omron, which includes software for networking, PT, inverters, temperature controllers, and PLC programming, etc. CX-Programmer is a PLC programming software, and CX-Server is a driver management tool. A memory misreference vulnerability exists in Omron...

Omron CX-One Buffer Overflow Vulnerability

Omron CX-One is an integrated toolkit from Omron, which includes software for networking, PT, inverters, temperature controllers, and PLC programming, etc. CX-Programmer is a PLC programming software, and CX-Server is a driver management tool. A buffer overflow vulnerability exists in Omron CX-On...

CVE-2018-18989

In CX-One Versions 4.42 and prior CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior, when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code unde...

CVE-2018-18989

In CX-One Versions 4.42 and prior CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior, when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code unde...

CyberLink LabelPrint 2.5 Stack Buffer Overflow

This module exploits a stack buffer overflow in CyberLink LabelPrint 2.5 and below. The vulnerability is triggered when opening a .lpp project file containing overly long string characters via open file menu. This results in overwriting a structured exception handler record and take over the...

CVE-2018-17909

When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application...