EUVD-2022-35585

Malicious code in bioql PyPI...

CVE-2025-1384

CVE-2025-1384 affects Omron NJ/NX-series Machine Automation Controllers and Sysmac Studio Software. The issue is a Least Privilege Violation (CWE-272) in the communications function between these products, allowing a remote attacker to gain unauthorized access and potentially execute arbitrary co...

CVE-2024-12083

Path Traversal Vulnerabilities CWE-22 exist in NJ/NX-series Machine Automation Controllers. An attacker may use these vulnerabilities to perform unauthorized access and to execute unauthorized code remotely to the controller products...

CVE-2024-12083 Path Traversal Vulnerabilities in NJ/NX-series Machine Automation Controllers

Path Traversal Vulnerabilities CWE-22 exist in NJ/NX-series Machine Automation Controllers. An attacker may use these vulnerabilities to perform unauthorized access and to execute unauthorized code remotely to the controller products...

CVE-2024-12083 Path Traversal Vulnerabilities in NJ/NX-series Machine Automation Controllers

Path Traversal Vulnerabilities CWE-22 exist in NJ/NX-series Machine Automation Controllers. An attacker may use these vulnerabilities to perform unauthorized access and to execute unauthorized code remotely to the controller products...

CVE-2024-3493

A specific malformed fragmented packet type fragmented packets may be generated automatically by devices that send large amounts of data can cause a major nonrecoverable fault MNRF Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the...

9 Alarming Vulnerabilities Uncovered in SEL's Power Management Products

Nine security flaws have been disclosed in electric power management products made by Schweitzer Engineering Laboratories SEL. "The most severe of those nine vulnerabilities would allow a threat actor to facilitate remote code execution RCE on an engineering workstation," Nozomi Networks said in ...

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems ICS advisory on July 20, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-201-01 Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation...

Schneider Electric C-Bus Home Automation 安全漏洞

Schneider Electric C-Bus Home Automation is a series of bus-based home automation systems from the French company Schneider Electric. A security vulnerability exists in several Schneider Electric C-Bus product models, which stems from an under-restricted weak password requirement that allows an...

Rockwell Automation controllers denial of service vulnerability (CNVD-2025-04522)

Rockwell Automation controllers are a series of controllers from Rockwell Automation. A denial of service vulnerability exists in Rockwell Automation controllers, which stems from its controllers mishandling of incorrectly formatted CIP requests, and can be exploited by an attacker to cause a maj...

CVE-2022-3752 Rockwell Automation GuardLogix and ControlLogix controllers Vulnerable to Denial-Of-Service Attack

An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user wou...

Rockwell Automation controllers 输入验证错误漏洞

Rockwell Automation controllers are a series of controllers from Rockwell Automation. A denial of service vulnerability exists in Rockwell Automation controllers, which stems from its controllers mishandling of incorrectly formatted CIP requests, and can be exploited by an attacker to cause a maj...

3 New Vulnerabilities Affect OT Products from German Companies Festo and CODESYS

Researchers have disclosed details of three new security vulnerabilities affecting operational technology OT products from CODESYS and Festo that could lead to source code tampering and denial-of-service DoS. The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of...

Multiple vulnerabilities in OMRON products

Overview Machine automation controller NJ/NX series, Automation software "Sysmac Studio", and programmable terminal PT NA series provided by OMRON Corporation contain multiple vulnerabilities in the communication function. The vulnerabilities are as follows. Use of Hard-coded Credentials CWE-798 ...

Omron NJ/NX-series Machine Automation Controllers

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely, public exploits are available Vendor: Omron Equipment: NJ/NX-series Machine Automation Controllers Vulnerability: Active Debug Code 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain...

Siemens APOGEE PXC / TALON TC Authentication Bypass

!/usr/bin/env python3 -- coding: utf-8 -- 2022-05-23 Standard Modules from metasploit import module Extra Dependencies dependenciesmissing = False try: import logging import requests import requests import xmltodict import xml.etree.ElementTree as ET import socket import struct import requests...

Siemens APOGEE PXC / TALON TC Authentication Bypass Exploit

APOLOGEE is a Python script and Metasploit module that enumerates a hidden directory on Siemens APOGEE PXC BACnet Automation Controllers and TALON TC BACnet Automation Controllers. With a 7.5 CVSS, this exploit allows for an attacker to perform an authentication bypass using an alternate path or...

CVE-2022-30312

The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. According to FSCT-2022-0050, there is a Trend Controls Inter-Controller IC protocol cleartext transmission of credentials issue. The affected components are characterized as: Inter-Controller...

Default credentials

The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. According to FSCT-2022-0050, there is a Trend Controls Inter-Controller IC protocol cleartext transmission of credentials issue. The affected components are characterized as: Inter-Controller...

CVE-2022-30312

The CVE-2022-30312 issue affects Trend Controls IC protocol (Inter-Controller, 57612/UDP) and Honeywell Trend IQ Series controllers. A 4‑digit authentication PIN and optional credentials (0–30 chars) are transmitted in CLEARTEXT, enabling an attacker with local access to obtain credentials and po...