ABB Cylon FLXeon 9.3.4 runtimeSetup.sh Hidden Backdoor Account Vulnerability

ABB Cylon FLXeon version 9.3.4 has a hidden administrative account cxpro that has write access permissions to the device. ABB Cylon FLXeon 9.3.4 runtimeSetup.sh Hidden Backdoor Account Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi...

CVE-2021-37204

A vulnerability has been identified in SIMATIC Drive Controller family All versions = V2.9.2 = V21.9 = V4.5.0 = V2.9.2 = V21.9 = V4.0 V4.0 SP1, SIPLUS TIM 1531 IRC All versions V2.3.6, TIM 1531 IRC All versions V2.3.6. An unauthenticated attacker could cause a denial-of-service condition in a PLC...

CVE-2020-16231

The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207, MX213, MX220, MC206, MC212, MC220, and MH230 hardware controllers, and affected end-of-life...

CVE-2024-23981

Wrap-around error in Linux kernel mode driver for some IntelR Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-1480

Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication...

CVE-2024-20303

A vulnerability in the multicast DNS mDNS gateway feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. This vulnerability is due to improper management of mDNS client entries. An attacker...

CVE-2024-8935

CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the controller and the engineering workstation while a valid user is establishing a...

ABB Cylon FLXeon 9.3.4 login.js Unauthenticated Root Remote Code Execution Exploit

ABB Cylon FLXeon version 9.3.4 suffers from an unauthenticated remote code execution vulnerability with root privileges. Input passed through the login.js script for the password JSON parameter allows out-of-band command injection. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 login.js...

ABB Cylon FLXeon 9.3.4 timeConfig.js Authenticated Root Remote Code Execution Exploit

ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated remote root code execution via the /api/timeConfig endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating parameters such as tz, timeServerYN, and multiple timeDate fields. The vulnerability...

ABB Cylon FLXeon 9.3.4 cmds.js Authenticated Root Remote Code Execution

ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated root command execution via the cmds API. An authenticated attacker can execute arbitrary system commands with root privileges. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 cmds.js Authenticated Root Remote Code Execution Vendor: ABB Lt...

ABB Cylon FLXeon 9.3.4 (timeConfig.js) Authenticated Root Remote Code Execution

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

ABB Cylon FLXeon 9.3.4 (login.js) Unauthenticated Root Remote Code Execution

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

ABB FLXeon 安全漏洞

The ABB FLXeon is a series of controllers from ABB Switzerland. ABB FLXeon suffers from a security bypass vulnerability that stems from insufficient session management to prevent unauthorized HTTPS requests. No detailed vulnerability details are provided at this time...

ABB FLXeon 日志信息泄露漏洞

The ABB FLXeon is a series of controllers from ABB Switzerland. ABB FLXeon version 9.3.4 and prior versions suffer from a log information disclosure vulnerability that stems from the application's inadequate protection of sensitive information and can be exploited by an attacker to obtain sensiti...

Rockwell Automation GuardLogix 5580和Rockwell Automation GuardLogix 5380 安全漏洞

The Rockwell Automation GuardLogix 5580 and Rockwell Automation GuardLogix 5380 are both programmable logic controllers from Rockwell Automation. A security vulnerability exists in the Rockwell Automation GuardLogix 5580 and Rockwell Automation GuardLogix 5380. An attacker could exploit this...

CVE-2025-21663

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-tegra: Read iommu stream id from device tree Nvidia's Tegra MGBE controllers require the IOMMU "Stream ID" SID to be written to the MGBEWRAPAXIASID0CTRL register. The current driver is hard coded to use MGBE0's...

SUSE CVE-2025-21663

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-tegra: Read iommu stream id from device tree Nvidia's Tegra MGBE controllers require the IOMMU "Stream ID" SID to be written to the MGBEWRAPAXIASID0CTRL register. The current driver is hard coded to use MGBE0's...

CVE-2025-21663

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-tegra: Read iommu stream id from device tree Nvidia's Tegra MGBE controllers require the IOMMU "Stream ID" SID to be written to the MGBEWRAPAXIASID0CTRL register. The current driver is hard coded to use MGBE0's...

UBUNTU-CVE-2025-21663

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-tegra: Read iommu stream id from device tree Nvidia's Tegra MGBE controllers require the IOMMU "Stream ID" SID to be written to the MGBEWRAPAXIASID0CTRL register. The current driver is hard coded to use MGBE0's...

CVE-2025-21663 net: stmmac: dwmac-tegra: Read iommu stream id from device tree

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-tegra: Read iommu stream id from device tree Nvidia's Tegra MGBE controllers require the IOMMU "Stream ID" SID to be written to the MGBEWRAPAXIASID0CTRL register. The current driver is hard coded to use MGBE0's...