268 matches found
CVE-2021-22711
A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System IGSS Definition Def.exe V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF Configuration Group File file i...
Design/Logic Flaw
A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System IGSS Definition Def.exe V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF Configuration Group File file i...
CVE-2021-22709
The CVE-2021-22709 entry affects Schneider Electric IGSS Definition (Def.exe) up to version 15.0.0.21041. The root cause is a CWE-119 buffer handling issue in parsing CGF configuration files, allowing loss of data or remote code execution when a malicious CGF is imported. Affected product: IGSS D...
CVE-2021-22712
A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System IGSS Definition Def.exe V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF Configuration Group File file i...
Schneider Electric Interactive Graphical SCADA System 缓冲区错误漏洞
Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. A buffer overflow vulnerability exists in Interactive Graphical SCADA System IGSS Definition...
Florida Water Plant Hack: Leaked Credentials Found in Breach Database
Researchers say they found several stolen and leaked credentials for a Florida water-treatment plant, which was hacked last week. Researchers at CyberNews said they found 11 credential pairs linked to the Oldsmar water plant, in a 2017 compilation of stolen breach credentials. Meanwhile, they als...
Compromise of U.S. Water Treatment Facility
Summary On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition SCADA system at a U.S. drinking water treatment facility. The unidentified actors used the SCADA system’s software to increase the amount of sodium hydroxide, also...
Poor Password Security Led to Recent Water Treatment Facility Hack
New details have emerged about the remote computer intrusion at a Florida water treatment facility last Friday, highlighting a lack of adequate security measures needed to bulletproof critical infrastructure environments. The breach involved an unsuccessful attempt on the part of an adversary to...
Compromise of U.S. Water Treatment Facility
In response to recent events where unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition SCADA system at a U.S. drinking water treatment facility, CISA, the Federal Bureau of Investigation, the Environmental Protection Agency, and the Multi-State...
Schneider Electric Interactive Graphical SCADA System Out-of-Bounds Write Vulnerability
Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. An out-of-bounds write vulnerability exists in Interactive Graphical SCADA System version...
Arbitrary File Download Vulnerability in Haiwell SCADA
Haiwei Cloud Configuration Software is an industrial automation monitoring and management platform software developed by Xiamen Haiwei Technology Co. An arbitrary file download vulnerability exists in Haiwell SCADA, which can be exploited by attackers to obtain sensitive information about the...
Siemens SIMOCODE Pro V EIP Detection (SCADA)
Binary data 700525.prm...
CVE-2018-19004
LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data exfiltration...
SEIG SCADA System 9 - Remote Code Execution Exploit
Exploit for windows platform in category remote exploits Title: SEIG SCADA SYSTEM 9 - Remote Code Execution Author: Alejandro Parodi Vendor Homepage: https://www.schneider-electric.com Software Link:...
SEIG SCADA System 9 Remote Code Execution
Title: SEIG SCADA SYSTEM 9 - Remote Code Execution Author: Alejandro Parodi Date: 2018-08-17 Vendor Homepage: https://www.schneider-electric.com Software Link: https://www.schneider-electric.ie/en/download/document/V9Fullinstallationpackageregisterandreceivefile/ Version: v9 Tested on: Windows7 x...
Honeywell Scada System - Information Disclosure Vulnerability
Exploit for linux platform in category web applications Exploit Title: Honeywell Scada System - Information Disclosure Exploit Author: t4rkd3vilz Vendor Homepage: https://www.honeywell.com Version: WebVersion : 3.2.1.294365 - DeviceType : IPC-HFW2320R-ZS Tested on: Linux To be written after the...
Honeywell Scada System Information Disclosure
Exploit Title: Honeywell Scada System - Information Disclosure Date: 2018-05-23 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.honeywell.com Version: WebVersion : 3.2.1.294365 - DeviceType : IPC-HFW2320R-ZS Tested on: Linux To be written after the destination IP address...
Honeywell Scada System - Information Disclosure
Honeywell Scada System - Information Disclosure Exploit Title: Honeywell Scada System - Information Disclosure Date: 2018-05-23 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.honeywell.com Version: WebVersion : 3.2.1.294365 - DeviceType : IPC-HFW2320R-ZS Tested on: Linux To be written...
Honeywell Scada System - Information Disclosure
Exploit Title: Honeywell Scada System - Information Disclosure Date: 2018-05-23 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.honeywell.com Version: WebVersion : 3.2.1.294365 - DeviceType : IPC-HFW2320R-ZS Tested on: Linux To be written after the destination IP address...
Rockwell Scada System 27.011 - Cross-Site Scripting
Rockwell Scada System 27.011 - Cross-Site Scripting Exploit Title: Rockwell Scada System - Cross-Site Scripting Date: 2018-05-16 Exploit Author: t4rkd3vilz Vendor Homepage: https://rockwellautomation.com/ Software Link:...