CVE-2026-10057 ITP Technology｜ITS Intelligent SCADA System - Stored Cross-Site Scripting

ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

EUVD-2026-33267

ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs

Iran-affiliated cyber actors are targeting internet-facing operational technology OT devices across critical infrastructures in the U.S., including programmable logic controllers PLCs, cybersecurity and intelligence agencies warned Tuesday. "These attacks have led to diminished PLC functionality,...

PT-2025-48405

opening the vault on a 3-year-old vulnerability: CVE-2022-35420 back in 2022, I got bored and decided to hunt for a zero-day instead of writing the red-team report. I found an unauthenticated admin takeover in a SCADA system used to control real-world physical machinery. I waited until now to...

EUVD-2025-25186

Malicious code in bioql PyPI...

Copeland E3 Supervisory Control 安全漏洞

Copeland E3 Supervisory Control is an industrial equipment control system from Copeland, USA. A security vulnerability exists in Copeland E3 Supervisory Control versions prior to 2.31F01, which stems from mishandling of the floor plan feature and could result in uploading a specially crafted file...

Copeland E3 Supervisory Control 安全漏洞

Copeland E3 Supervisory Control is an industrial equipment control system from Copeland, USA. A security vulnerability exists in Copeland E3 Supervisory Control versions prior to 2.31F01, which stems from a lack of input validation for MGW service API calls, which could cause the application...

Copeland E3 Supervisory Control 安全漏洞

Copeland E3 Supervisory Control is an industrial equipment control system from Copeland, USA. A security vulnerability exists in Copeland E3 Supervisory Control versions prior to 2.31F01, which stems from client-side hash authentication and could lead to authentication via password hashing...

Copeland E3 Supervisory Control 安全漏洞

Copeland E3 Supervisory Control is an industrial equipment control system from Copeland, USA. A security vulnerability exists in Copeland E3 Supervisory Control versions prior to 2.31F01, which stems from a hidden API call that could result in enabling remote access to the underlying operating...

Copeland E3 Supervisory Control 安全漏洞

Copeland E3 Supervisory Control is an industrial equipment control system from Copeland, USA. A security vulnerability exists in Copeland E3 Supervisory Control versions prior to 2.31F01 that stems from a predictable default user ONEDAY password...

Copeland E3 Supervisory Control 安全漏洞

Copeland E3 Supervisory Control is an industrial equipment control system from Copeland Corporation. A security vulnerability exists in Copeland E3 Supervisory Control versions prior to 2.31F01, which stems from an improper root password generation mechanism that could lead to the generation of a...

Copeland E3 Supervisory Control 安全漏洞

Copeland E3 Supervisory Control is an industrial equipment control system from Copeland, USA. A security vulnerability exists in Copeland E3 Supervisory Control versions prior to 2.31F01, which stems from an improper call to the RCI service API and could lead to obtaining username and password...

Copeland E3 Supervisory Control 安全漏洞

Copeland E3 Supervisory Control is an industrial equipment control system from Copeland, USA. A security vulnerability exists in Copeland E3 Supervisory Control versions prior to 2.31F01, which stems from improper handling of the floor plan feature and could lead to a stored cross-site scripting...

Copeland E3 Supervisory Control 安全漏洞

Copeland E3 Supervisory Control is an industrial equipment control system from Copeland, USA. A security vulnerability exists in Copeland E3 Supervisory Control versions prior to 2.31F01, which stems from an unsigned firmware upgrade package that could lead to the installation of malicious firmwa...

Triangle MicroWorks SCADA Data Gateway 安全漏洞

Triangle MicroWorks SCADA Data Gateway is a SCADA data gateway product from Triangle MicroWorks, Inc. A security vulnerability exists in Triangle MicroWorks SCADA Data Gateway that originates from a specific flaw in workspace files that allows remote attackers to create arbitrary files...

Multiple Siemens Products Null Pointer Dereference Vulnerability (CNVD-2024-09314)

SIMATIC PCS 7 is a centralized control system DCS that integrates components such as SIMATIC WinCC, SIMATIC Batch, SIMATIC Route control, OpenPCS 7, etc. SIMATIC WinCC is a Supervisory Control and Data Acquisition SCADA system.SIMATIC WinCC Runtime Professional is a visual runtime platform for...

Triangle MicroWorks SCADA Data Gateway File Upload Vulnerability

Triangle MicroWorks SCADA Data Gateway is a SCADA data gateway product developed by Triangle MicroWorks, Inc. and is mainly used for data acquisition and monitoring in industrial automation control systems. A file upload vulnerability exists in Triangle MicroWorks SCADA Data Gateway, which stems...

PT-2023-4359 · Triangle Microworks · Triangle Microworks Scada Data Gateway

Name of the Vulnerable Software and Affected Versions: Triangle MicroWorks SCADA Data Gateway affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is...

Feds: APTs Have Tools That Can Take Over Critical Infrastructure

Threat actors have built and are ready to deploy tools that can take over a number of widely used industrial control system ICS devices, which spells trouble for critical infrastructure providers—particularly those in the energy sector, federal agencies have warned. In a joint advisory, the...

PT-2022-6556 · Triangle Microworks · Scada Data Gateway

Name of the Vulnerable Software and Affected Versions: Triangle MicroWorks SCADA Data Gateway affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue, the existin...