48 matches found
CVE-2025-6072
Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and CVE-2025-6074 is exploited, the attacker can use the JSON configuration to overflow the date of expiration field.Thi...
CVE-2025-6073
Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and user/password broker authentication is enabled, and CVE-2025-6074 is exploited, the attacker can overflow the buffer...
CVE-2025-6072
Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and CVE-2025-6074 is exploited, the attacker can use the JSON configuration to overflow the date of expiration field.Thi...
CVE-2025-6072 Stack Buffer Overflow in MQTTCore
Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and CVE-2025-6074 is exploited, the attacker can use the JSON configuration to overflow the date of expiration field.Thi...
CVE-2025-6073 Stack Buffer Overflow in MQTTCore
Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and user/password broker authentication is enabled, and CVE-2025-6074 is exploited, the attacker can overflow the buffer...
CVE-2025-6073
CVE-2025-6073 is a stack-based buffer overflow in ABB RMC-100 and RMC-100 LITE caused by REST interface exposure. It affects RMC-100 builds 2105457-043 to 2105457-045 and RMC-100 LITE builds 2106229-015 to 2106229-016. The issue is tied to CVE-2025-6074, which describes a related hard-coded key v...
PT-2025-27817 · Abb · Abb Rmc-100 +1
Name of the Vulnerable Software and Affected Versions: ABB RMC-100 versions 2105457-043 through 2105457-045 ABB RMC-100 LITE versions 2106229-015 through 2106229-016 Description: A Stack-based Buffer Overflow issue exists when the REST interface is enabled and an attacker gains access to the...
FBI and Europol Disrupt Lumma Stealer Malware Network Linked to 10 Million Infections
A sprawling operation undertaken by global law enforcement agencies and a consortium of private sector firms has disrupted the online infrastructure associated with a commodity information stealer known as Lumma aka LummaC or LummaC2, seizing 2,300 domains that acted as the command-and-control C2...
Hitachi Energy TRMTracker
SUMMARY Hitachi Energy is aware of the multiple vulnerabilities that affect the TRMTracker product versions listed in this document. An attacker successfully exploiting these vulnerabilities can cause confidentiality and integrity impacts. Please refer to the Recommended Immediate Actions for...
CVE-2025-24996
CVE-2025-24996 : Affects Windows NTLM. External control of a file name or path enables an unauthorized network spoofing scenario, potentially allowing impersonation over a network. CVSSv3.1 base 6.5 (Network attack, low complexity, no privileges required, user interaction required; CIA: high conf...
Hitachi Energy PCU400
SUMMARY Hitachi Energy is aware of the multiple vulnerabilities related to various versions of OpenSSL library components used in PCU400 versions listed in this document below for IEC62351-3 secure for IEC104/DNP3 or PCULogger tool. These vulnerabilities if exploited, can cause confidentiality...
Hitachi Energy's RTU500 series Unrestricted Upload of File with Dangerous Type (CVE-2024-1532)
A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could enforce diagnostic texts being displayed as empty strings, if an authorized user uploads a specially crafted stb-language file. This plugin only works wit...
Hitachi Energy MACH SCM (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.9 ATTENTION : Exploitable remotely Vendor : Hitachi Energy Equipment : MACH SCM Vulnerabilities : Improper Control of Generation of Code, Improper Neutralization of Directives in Dynamically Evaluated Code 2. RISK EVALUATION Successful exploitation of...
Hitachi Energy Relion 670/650/SAM600-IO Series (Update C)
SUMMARY Hitachi Energy is aware of the vulnerability CVE-2023-4518 that affects the Relion 670/650/SAM600-IO series that are listed below. An attacker successfully exploiting this vulnerability could cause operational disruptions of the devices. For immediate mitigation/workaround information,...
Hitachi Energy RTU500 series
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 series Vulnerabilities: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a buffer overflow and reboot of...
CVE-2023-28810
Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network...
Toyota RAV4 注入漏洞
The Toyota RAV4 is a utility crossover vehicle from Toyota Japan. A security vulnerability exists in Toyota RAV4 2021. An attacker exploits the vulnerability to drive the vehicle by accessing the access control CAN bus after pulling the bumper and reaching the headlight connector...
ABB Relion 650 and 670 Series Improper Input Validation (CVE-2019-18247)
An attacker may use a specially crafted message to force Relion 650 series versions 1.3.0.5 and prior or Relion 670 series versions 1.2.3.18, 2.0.0.11, 2.1.0.1 and prior to reboot, which could cause a denial of service. This plugin only works with Tenable.ot. Please visit...
Hitachi Energy Relion 670/650/SAM600-IO
1. EXECUTIVE SUMMARY CVSS v3 8.1 Vendor: Hitachi Energy Equipment: Relion 670/650/SAM600-IO Vulnerability: Insecure Default Initialization of Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could hijack existing TCP sessions to inject packets of their choosing or cause...
Johnsoncontrols Metasys Improper Restriction of XML External Entity Reference
XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server ADS, ADS-Lite versions 10.1 and prior; Metasys Extended Application and...