Lucene search
K

268 matches found

CNNVD
CNNVD
added 2024/05/03 12:0 a.m.6 views

Inductive Automation Ignition 安全漏洞

Inductive Automation Ignition is an integrated software platform for SCADA systems from Inductive Automation, USA. The platform supports SCADA Data Acquisition and Monitoring Systems, HMI Human Machine Interface, and more. A security vulnerability exists in Inductive Automation Ignition that stem...

8.8CVSS9.1AI score0.55177EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/10/31 12:0 a.m.6 views

The vulnerability of the EisBaer SCADA system, which stems from the use of a strictly encrypted cryptographic key, allows attackers to gain unauthorized access to protected information.

The vulnerability of the EisBaer SCADA system is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an intruder to gain unauthorized access to protected information...

7.1CVSS7.7AI score0.00425EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/13 12:0 a.m.8 views

The vulnerability of the IGSSupdateservice.exe executable of the interactive graphical SCADA system, which allows a intruder to execute arbitrary code.

The vulnerability of the IGSSupdateservice.exe executable of the Interactive Graphical SCADA System IGSS update service is related to the lack of authentication for a critical function. Exploiting this vulnerability allows an attacker to execute arbitrary code by loading the malicious update file...

7.8CVSS7.7AI score0.00173EPSS
Exploits0References2Affected Software1
ICS
ICS
added 2023/08/31 6:0 a.m.59 views

ARDEREG Sistemas SCADA

1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: ARDEREG ​Equipment: Sistemas SCADA ​Vulnerability: SQL Injection 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to manipulate SQL query logic to extract...

9.8CVSS10AI score0.00576EPSS
Exploits0References10
CNVD
CNVD
added 2023/05/04 12:0 a.m.13 views

mySCADA myPRO OS Command Injection Vulnerability (CNVD-2023-38197)

mySCADA myPRO is a software application. myPRO is a professional HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO 8.26.0 and earlier versions, which can be exploited by an...

8.8CVSS7.6AI score0.00746EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/04/07 12:0 a.m.6 views

TEL-STER TelWin SCADA WebInterface 路径遍历漏洞

TEL-STER TelWin SCADA WebInterface is a data acquisition and monitoring control system from TEL-STER Poland. A security vulnerability exists in TEL-STER TelWin SCADA WebInterface that originates from the ability to use external input to construct paths to files and directories without correctly...

7.5CVSS7.4AI score0.00793EPSS
Exploits0References5
ICS
ICS
added 2023/04/03 7:38 p.m.50 views

Schneider Electric IGSS

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: IGSS Interactive Graphical SCADA System Vulnerabilities: Missing Authentication for Critical Function, Insufficient Verification of Data Authenticity, Deserialization of...

8.8CVSS8.1AI score0.06482EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/03/23 12:0 a.m.6 views

The vulnerability of the Custom Reports component of the SCADA system’s data server, as well as the monitoring tools of the Custom Reports and IGSS Dashboards, allows a perpetrator to execute arbitrary code.

The vulnerability of the Custom Reports component of the SCADA system’s data server and the Custom Reports and IGSS Dashboard monitoring tools exists due to insufficient verification of input data. Exploiting this vulnerability could allow a perpetrator to execute arbitrary code using a specially...

7.8CVSS7.8AI score0.00609EPSS
Exploits0References5Affected Software3
CNVD
CNVD
added 2023/03/23 12:0 a.m.27 views

Schneider Electric IGSS Data Server Access Control Error Vulnerability

Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. An access control error vulnerability exists in Schneider Electric IGSS Data Server, which stems from a lack of authentication of key functional identities and could be...

5.7AI score0.00437EPSS
Exploits0Affected Software3
CNVD
CNVD
added 2023/03/20 12:0 a.m.34 views

Schneider Electric IGSS Data Server Access Control Error Vulnerability (CNVD-2023-29375)

Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. An access control error vulnerability exists in Schneider Electric IGSS Data Server, which could be exploited by an attacker to create malicious report files in the IGSS...

8.8AI score0.00881EPSS
Exploits0Affected Software3
CNVD
CNVD
added 2023/03/20 12:0 a.m.20 views

Schneider Electric IGSS Data Server Input Validation Error Vulnerability

Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. Schneider Electric IGSS Data Server is vulnerable to an input validation error, which could be exploited by an attacker to cause remote code execution...

8.9AI score0.00609EPSS
Exploits0Affected Software3
CNVD
CNVD
added 2023/03/20 12:0 a.m.21 views

Schneider Electric IGSS Data Server Data Forgery Issue Vulnerability (CNVD-2023-29373)

Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. Schneider Electric IGSS Data Server is vulnerable to a data forgery issue, which could be exploited by an attacker to send specific crafted messages to the data server T...

8.5AI score0.00403EPSS
Exploits0Affected Software3
CNVD
CNVD
added 2023/03/20 12:0 a.m.26 views

Schneider Electric IGSS Data Server Data Forgery Issue Vulnerability (CNVD-2023-29371)

Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. Schneider Electric IGSS Data Server is vulnerable to a data forgery issue, which could be exploited by an attacker to gain access to delete files in the IGSS project...

7.6AI score0.00243EPSS
Exploits0Affected Software3
CNVD
CNVD
added 2023/03/20 12:0 a.m.29 views

Schneider Electric IGSS Data Server Data Forgery Issue Vulnerability

Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. Schneider Electric IGSS Data Server is vulnerable to a data forgery issue, which can be exploited by an attacker to cause a denial of service by sending a specific craft...

7.3AI score0.00242EPSS
Exploits0Affected Software3
Positive Technologies
Positive Technologies
added 2023/03/07 12:0 a.m.6 views

PT-2023-7551 · Unknown · Trace Mode

Name of the Vulnerable Software and Affected Versions: TRACE MODE affected versions not specified Description: The issue is related to the unencrypted storage of credentials in the SCADA system. Exploitation of this issue could allow an attacker to modify user privileges, potentially granting...

4.9CVSS6.9AI score
Exploits0References1
CNVD
CNVD
added 2023/02/06 12:0 a.m.22 views

Schneider Electric IGSS Data Server Integer Overflow Vulnerability

Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. An integer overflow vulnerability exists in Schneider Electric IGSS Data Server, which could be exploited by an attacker to submit special requests that could crash the...

9.5AI score0.02124EPSS
Exploits0Affected Software1
Microsoft Secure
Microsoft Secure
added 2022/10/21 4:0 p.m.60 views

Securing IoT devices against attacks that target critical infrastructure

South Staffordshire PLC, a company that supplies water to over one million customers in the United Kingdom, notified its customers in August of being a target of a criminal cyberattack. This incident highlights the sophisticated threats that critical industries face today. According to South...

10CVSS0.5AI score0.99993EPSS
Exploits7
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/10/21 4:0 p.m.55 views

Securing IoT devices against attacks that target critical infrastructure

South Staffordshire PLC, a company that supplies water to over one million customers in the United Kingdom, notified its customers in August of being a target of a criminal cyberattack. This incident highlights the sophisticated threats that critical industries face today. According to South...

10CVSS0.5AI score0.99993EPSS
Exploits7
Positive Technologies
Positive Technologies
added 2022/07/01 12:0 a.m.6 views

PT-2022-5035 · Hitachi Energy · Hitachi Energy Microscada X Sys600

Name of the Vulnerable Software and Affected Versions: Hitachi Energy MicroSCADA X SYS600 versions 10.2 through 10.3.1 Description: The issue is related to an Improper Input Validation vulnerability in the ICCP stack of Hitachi Energy MicroSCADA X SYS600. This vulnerability can cause a...

7.8CVSS6.6AI score0.00652EPSS
Exploits0References11
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.54 views

Distributed Data Systems WebHmi 操作系统命令注入漏洞

Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used to monitor and control any automation system on a local network and over the Internet from computers and mobile devices. An operating system command injection...

9.1CVSS8.6AI score0.01122EPSS
Exploits0References4
Rows per page
Query Builder