CVE-2024-52902

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the system...

Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners

A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it's currently responding to "multiple incidents" involving the...

CVE-2024-8933

CVE-2024-8933 affects Schneider Electric Modicon M340, MC80, and Momentum Unity M1E controllers. The issue is improper enforcement of message integrity during transmission in a communication channel (CWE-924) and related authentication concerns (CWE-290) that could allow retrieval of a password h...

CVE-2024-6207

CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and send a specially crafted CIP message to the device. If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including th...

Aquatronica Control System 5.1.6 Password Disclosure Exploit

Aquatronica Control System version 5.1.6 has a tcp.php endpoint on the controller that is exposed to unauthenticated attackers over the network. This vulnerability allows remote attackers to send a POST request which can reveal sensitive configuration information, including plaintext passwords...

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.7 Multiple Vulnerabilities (CloudBees Security Advisory 2023-01-24)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.7. It is, therefore, affected by multiple vulnerabilities including the following: - Sandbox bypass vulnerability in Script Security Plugin CVE-2023-24422 - CSRF...

CVE-2022-45391

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM...

CVE-2022-30245

CVE-2022-30245 affects Honeywell Alerton Compass Software 1.6.5. The flaw allows unauthenticated configuration changes from remote users, enabling a crafted packet to alter the controller’s configuration. The changed configuration may not be reflected in the User Interface, creating an inconsiste...

Arbitrary File Download Vulnerability in WS5302 of Beijing StarNet Ruijie Network Technology Co.

The WS5302 is a wireless controller. The WS5302 has an arbitrary file download vulnerability that can be exploited by an attacker to download bin files and obtain sensitive information...

CVE-2020-7563

CVE-2020-7563 is an Out-of-bounds Write (CWE-787) vulnerability in Schneider Electric’s Modicon Web Server used on M340, Quantum, and Premium legacy products and their communication modules. The issue could allow data corruption, a crash, or code execution when a specially crafted FTP file is upl...

Information disclosure

An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force...

Injection Vulnerability in Multiple Schneider Electric Products

The Schneider Electric Modicon M580 is a programmable automation controller from Schneider Electric, France.The Schneider Electric Modicon M340 is a medium range PLC programmable logic controller for industrial processes and infrastructure. Schneider Electric Modicon M580 is a programmable...

Authentication flaw

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim’s MicroLogix...

CVE-2020-6988

CVE-2020-6988 affects Rockwell Automation MicroLogix 1400 (Series B v21.001 and earlier; Series A) and MicroLogix 1100, plus RSLogix 500 Software v12.001 and earlier. A remote, unauthenticated attacker can trigger a client‑side authentication flaw by sending a request from RSLogix 500 to the Micr...

Hardcoded credentials

Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that may allow an attacker to reset passwords for the controller...

SOL7009 - Statement on ACL bypass using trailing NULL byte - MNIN/NNL Advisory

A January 2007 security advisory describes several security issues present in some versions of FirePass software. One section in the document, titled ACL Filter bypass with URL de-normalization, states that Portal Access ACL filters can be bypassed if a user appends a trailing NULL byte after the...

hostingControl.txt

-= Security Advisory =- Advisory Information ------------------------- Software Package : Hosting Controller Vendor Homepage : http://www.hostingcontroller.com Platforms : Windows based servers Vulnerable Versions: All version Tested on: v.6.1 Hotfix 1.4 Vendor Contacted : 12/5/2004 Release Date:...