The vulnerability of the microprogrammed software used in Modicon M580 programmable logic controllers and the EVLink Pro AC charging stations relates to incorrect calculations of the size of the allocated buffer. This vulnerability allows a intruder to cause malfunctions in the equipment.

The vulnerability of the microprogrammed software used in Modicon M580 programmable logic controllers and the EVLink Pro AC charging stations is related to incorrect calculations of the size of the buffer space allocated. Exploiting this vulnerability allows a malicious actor to cause service...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-50603link is external Aviatrix Controllers OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber acto...

WAGO 750-8xx 安全漏洞

The WAGO wago 750-8xx is a series of programmable logic controllers from the German company WAGO. The devices are specifically designed for applications in industrial environments where digital algorithms operate electronic systems. A security vulnerability exists in the WAGO 750-8xx that stems...

Aviatrix Controllers OS Command Injection Vulnerability

Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloudtype for listflightpathdestinationinstances, or srccloudtype for flightpathconnectiontest...

CVE-2024-50954

The XINJE XL5E-16T and XD5E-24R-E programmable logic controllers V3.5.3b-V3.7.2a have a vulnerability in handling Modbus messages. When a TCP connection is established with the above series of controllers within a local area network LAN, sending a specific Modbus message to the controller can cau...

CVE-2024-11497 Phoenix Contact: CHARX-SEC3xxx Charge controllers vulnerable to privilege escalation

An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access...

CVE-2024-11497 Phoenix Contact: CHARX-SEC3xxx Charge controllers vulnerable to privilege escalation

An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access...

CVE-2024-11497

CVE-2024-11497 concerns Phoenix Contact CHARX SEC3xxx charge controllers. Public records in connected sources identify authenticated privilege escalation to root access as the vulnerability outcome. Affected products include CHARX SEC-3000, SEC-3050, and SEC-3100 versions prior to 1.7.0 (per CNNV...

CVE-2024-12083

Path Traversal Vulnerabilities CWE-22 exist in NJ/NX-series Machine Automation Controllers. An attacker may use these vulnerabilities to perform unauthorized access and to execute unauthorized code remotely to the controller products...

CVE-2024-12083 Path Traversal Vulnerabilities in NJ/NX-series Machine Automation Controllers

Path Traversal Vulnerabilities CWE-22 exist in NJ/NX-series Machine Automation Controllers. An attacker may use these vulnerabilities to perform unauthorized access and to execute unauthorized code remotely to the controller products...

CVE-2024-12083

The CVE-2024-12083 issue affects Omron NJ/NX-series Machine Automation Controllers. A path traversal vulnerability (CWE-22) exists in the NJ/NX product line, allowing a remote attacker (with administrative privileges) to access arbitrary files and potentially execute arbitrary code on the control...

CVE-2024-12083 Path Traversal Vulnerabilities in NJ/NX-series Machine Automation Controllers

Path Traversal Vulnerabilities CWE-22 exist in NJ/NX-series Machine Automation Controllers. An attacker may use these vulnerabilities to perform unauthorized access and to execute unauthorized code remotely to the controller products...

Omron NJ/NX-series Machine Automation Controllers 路径遍历漏洞

Omron NJ/NX-series Machine Automation Controllers are a series of controllers from Omron Japan. A path traversal vulnerability exists in Omron NJ/NX-series Machine Automation Controllers, which stems from a path traversal vulnerability that can be exploited by an attacker to gain unauthorized...

SUSE CVE-2024-25133

A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing arbitrary commands on the hive/hive-controllers pod...

VulnCheck KEV: CVE-2024-50603

Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloudtype for listflightpathdestinationinstances, or srccloudtype for flightpathconnectiontest...

USN-7184-1 linux-aws, linux-kvm vulnerabilities

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service system crash. CVE-2022-36402 Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in th...

PT-2025-42432

Name of the Vulnerable Software and Affected Versions Samba versions prior to 4.21.9, 4.21.5, and 4.23.2 Description A critical flaw exists in Samba, specifically in the handling of WINS hook requests. The vulnerability occurs because NetBIOS names received in WINS registration packets are passed...

CVE-2024-25133

A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing arbitrary commands on the hive/hive-controllers pod...

PT-2024-20772 · Red Hat +1 · Openshift Dedicated +1

Name of the Vulnerable Software and Affected Versions: OpenShift Dedicated affected versions not specified Description: A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to...

Red Hat OpenShift 访问控制错误漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat USA that supports building, testing, deploying and running applications. An access control error vulnerability exists in Red Hat OpenShift. An attacker exploiting this vulnerability could gain cluster...