CVE-2024-7732

Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents...

CVE-2024-7732 SECOM Dr.ID Attendance system - Unrestricted File Upload

Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents...

CVE-2024-7731

The CVE-2024-7731 issue affects the SECOM Dr.ID Access Control System. Affected product: Dr.ID Access Control System from SECOM. Root cause: improper validation of a specific page parameter leads to SQL injection. Impact: unauthenticated remote attackers can read, modify, and delete database cont...

CVE-2024-37287

creationtimestamp| type| source ---|---|--- 2024-08-13 14:36:34+00:00| seen| https://t.me/cvedetector/3013 2024-11-14 12:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-13...

Rockwell Automation FactoryTalk View Site Edition (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk View Site Edition Vulnerability : Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...

Siemens NX

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

PT-2024-41366 · Honeywell Internatioinal · Scada Honeywell Experion Hs

Уязвимость программного обеспечения SCADA Honeywell Experion HS связана с некорректным сравнением параметров. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании и выполнить произвольный код...

Siemens Omnivise T3000 安全漏洞

The Omnivise T3000 is a distributed control system for fossil fuel and large renewable energy power plants. A code execution vulnerability exists in the Siemens Omnivise T3000 Application Server that could be exploited by a local, authenticated attacker to execute arbitrary code with elevated...

Johnson Controls exacqVision Server

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION : Exploitable remotely Vendor : Johnson Controls, Inc. Equipment : exacqVision Server Vulnerability : Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a...

CVE-2024-41015

creationtimestamp| type| source ---|---|--- 2024-07-29 09:36:13+00:00| seen| https://t.me/cvedetector/1820 2025-08-14 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07...

CVE-2024-41090

creationtimestamp| type| source ---|---|--- 2024-07-29 09:36:08+00:00| seen| https://t.me/cvedetector/1818 2025-08-14 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07...

The vulnerability of the Project File Handler component in the configuration and programming environment of EcoStruxure Foxboro SCADA Fox RTU Station allows a perpetrator to execute arbitrary code.

The vulnerability of the Project File Handler component in the configuration and programming environment of EcoStruxure Foxboro SCADA Fox RTU Station is related to an incorrect limitation on the path name to the restricted-access directory. Exploiting this vulnerability could allow a attacker to...

Subnet Solutions PowerSYSTEM Center

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Subnet Solutions Inc. Equipment : Subnet PowerSYSTEM Center Vulnerability : Prototype Pollution 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated...

RHEL 8 : git (RHSA-2024:4579)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4579 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...

Siemens SIMATIC STEP 7 (TIA Portal) Deserialization Vulnerability

SIMATIC PCS neo is a distributed control system DCS. simatic STEP 7 TIA Portal is an engineering software for configuring and programming simatic controllers. totally Integrated Automation Portal TIA Portal is a PC software that offers the complete range of Siemens digital automation services, fr...

Johnson Controls Inc. Software House C●CURE 9000 (Update B)

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Exploitable remotely/Low attack complexity Vendor : Johnson Controls Inc. Equipment : Software House C●CURE 9000 Vulnerability : Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an...

Mitsubishi Electric MELIPC Series MI5122-VW

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Low attack complexity Vendor : Mitsubishi Electric Equipment : MI5122-VW Vulnerability : Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to tamper with, destroy, disclose,...

Schneider Electric EcoStruxure Foxboro DCS Core Control Services

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

The vulnerability of the mySCADA myPRO industrial process visualization and control system, related to the use of pre-installed account data, allows a intruder to gain access to the system.

The vulnerability of the mySCADA myPRO industrial process visualization and control system is related to the use of pre-set account data. Exploiting this vulnerability can allow a malicious actor to gain access to the system remotely...

Johnson Controls Illustra Essentials Gen 4 (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Johnson Controls, Inc. Equipment : Illustra Essentials Gen 4 Vulnerability : Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability may...