1958 matches found
EUVD-2025-84343
A local server-side request forgery SSRF security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes...
EUVD-2025-84342
A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administrator privileges on system reboot...
CVE-2025-11697
A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administrator privileges on system reboot...
CVE-2025-11696
A local server-side request forgery SSRF security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes...
CVE-2025-11697
The CVE-2025-11697 entry describes a local code-execution vulnerability in Rockwell Automation’s Studio 5000 Simulation Interface exposed via the API. The issue allows a Windows user on the system to perform path-traversal file access, leading to execution of scripts with Administrator privileges...
CVE-2025-11696 Studio 5000 ® Simulation Interface SSRF
A local server-side request forgery SSRF security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes...
CVE-2025-11696 Studio 5000 ® Simulation Interface SSRF
A local server-side request forgery SSRF security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes...
CVE-2025-11696
CVE-2025-11696 affects Rockwell Automation Studio 5000 Simulation Interface via the API. Connected sources confirm two local vulnerabilities: (1) a local SSRF that lets any Windows user trigger outbound SMB requests to capture NTLM hashes, and (2) a local code execution issue (via path traversal)...
PT-2025-46344
A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administrator privileges on system reboot...
PT-2025-46339
A local server-side request forgery SSRF security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes...
Rockwell Automation Studio 5000 Simulation Interface 安全漏洞
Rockwell Automation Studio 5000 Simulation Interface is a simulation modeling tool from Rockwell Automation. The Rockwell Automation Studio 5000 Simulation Interface suffers from a server-side request forgery vulnerability that stems from the server not implementing sufficient authentication...
Rockwell Automation Studio 5000 Simulation Interface 安全漏洞
Rockwell Automation Studio 5000 Simulation Interface is a simulation modeling tool from Rockwell Automation. A code execution vulnerability exists in Rockwell Automation Studio 5000 Simulation Interface, which can be exploited by an attacker to cause scripts to be executed with administrator...
Astra Linux - уязвимость в linux-6.12
In the Linux kernel, the following vulnerability has been resolved: genirq/irqsim: Initialize work context pointers properly Initialize ops member's pointers properly by using kzalloc instead of kmalloc when allocating the simulation work context. Otherwise the pointers contain random content...
EUVD-2025-37063
Malicious code in mms-simulation npm...
Malicious code in mms-simulation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b05f92c3ffc5ed97302ac873fd40030318d8d2d89d267c615a2b1309d5fd047b The package mms-simulation was found to contain malicious code...
MAL-2025-49230 Malicious code in mms-simulation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b05f92c3ffc5ed97302ac873fd40030318d8d2d89d267c615a2b1309d5fd047b The package mms-simulation was found to contain malicious code...
The Death of the Security Checkbox: BAS Is the Power Behind Real Defense
Security doesn't fail at the point of breach. It fails at the point of impact. That line set the tone for this year's Picus Breach and Simulation BAS Summit , where researchers, practitioners, and CISOs all echoed the same theme: cyber defense is no longer about prediction. It's about proof. When...
[SECURITY] Fedora 42 Update: qt6-qt3d-6.9.3-1.fc42
Qt 3D provides functionality for near-realtime simulation systems with support for 2D and 3D rendering in both Qt C++ and Qt Quick applications...
A Comprehensive Evaluation and Practice of System Penetration Testing
With the rapid advancement of information technology, the complexity of applications continues to increase, and the cybersecurity challenges we face are also escalating. This paper aims to investigate the methods and practices of system security penetration testing, exploring how to enhance syste...
Secure Control of Connected and Autonomous Electrified Vehicles under Adversarial Cyber-Attacks
Connected and Autonomous Electrified Vehicles CAEV is the solution to the future smart mobility having benefits of efficient traffic flow and cleaner environmental impact. Although CAEV has advantages they are still susceptible to adversarial cyber attacks due to their autonomous electric operati...