The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series buildings lies in the insufficient protection of registration data, allowing attackers to escalate their privileges.

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series buildings is related to insufficient protection for registration data. Exploiting this vulnerability can allow an attacker, operating remotely, to increase...

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series systems is related to the use of default passwords, which allow attackers to escalate their privileges.

The vulnerability of microprogramming software in embedded network control devices of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to the use of default passwords. Exploiting this vulnerability can allow an attacker to gain increased privileges remotely...

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to the use of a reversible one-way hash function. This function allows attackers to compromise data integrity.

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to the use of a reversible one-way hash function. Exploiting this vulnerability could allow an attacker to compromise data integrity remotely...

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series lies in improper code generation, allowing attackers to execute arbitrary codes.

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to improper code generation. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series systems lies in their unlimited resource distribution. This allows a intruder to trigger a system reboot.

The vulnerability of microprogrammed software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to trigger a system reboot remotely...

The vulnerability of the implementation of the Simple Network Management Protocol (SNMP) for microprogrammable network interface controllers in Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows a attacker to induce a service failure.

The vulnerability of the implementation of the Simple Network Management Protocol SNMP for microprogrammable network interface controllers in Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD is related to incorrect processing of additional values. Exploiting this...

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series systems is related to improper session management. This vulnerability allows attackers to intercept user sessions and gain increased privileges.

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to improper session management. Exploiting this vulnerability can allow an attacker to intercept a user’s session and increase their privileges...

PT-2024-9203 · Abb · Abb Aspect +2

Name of the Vulnerable Software and Affected Versions: ABB ASPECT - Enterprise version 3.08.02 NEXUS Series version 3.08.02 MATRIX Series version 3.08.02 Description: The issue is related to Denial of Service vulnerabilities, which could potentially disrupt device services. It is associated with...

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack Overflow Code Execution Vulnerability

Fuji Electric Tellus Lite V-Simulator is a remote monitoring software for industrial environments developed by Fuji Electric Japan for collecting real-time data from PLCs, temperature controllers, inverters and other devices. Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack Overflow...

The vulnerability of the implementations of CIP/Modbus programmable logic controllers of the Micro850/870 series allows a intruder to trigger a service failure.

The vulnerability of CIP/Modbus programmable logic controllers of the Micro850/870 series lies in the uncontrollable consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

Phoenix Contact Classic Line Industrial Controllers Missing Authentication For Critical Function (CVE-2019-9201)

Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories. This plugin only works with Tenable.ot. Please visit...

K000148709: Multiple Intel Ethernet Controllers and Adapters vulnerabilities

Security Advisory Description CVE-2024-21806 Improper conditions check in Linux kernel mode driver for some IntelR Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an authenticated user to potentially enable denial of service via local access. CVE-2024-21807...

The vulnerability of GigaDevice’s GD32 microprogrammed software controllers, models GD32E23x, GD32F20x, GD32F1x0, GD32F4xx, GD32F30x, GD32C10x, GD32E10x, and GD32E50x, is related to deficiencies in access control. This allows a perpetrator to execute arbitrary shell commands.

The vulnerability of GigaDevice’s microprogrammed controllers, such as GD32E23x, GD32F20x, GD32F1x0, GD32F4xx, GD32F30x, GD32C10x, GD32E10x, and GD32E50x, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to execute arbitrary shell code in the SRA...

The vulnerability of CODESYS V3 microprogramming software for WAGO controllers allows a hacker to gain full access to the controller or cause a service failure.

The vulnerability of CODESYS V3 microprogramming software for WAGO controllers is related to the absence of authentication for a critical function. Exploiting this vulnerability could allow an attacker, operating remotely, to gain full access to the controller or cause service failures...

WAGO多款产品 安全漏洞

WAGO PFC100 and others are products of WAGO, Germany.WAGO PFC100 is a programmable logic controller PLC.WAGO CC100 0751-9x01 is a compact controller.WAGO Edge Controller 0752-8303/8000-0002 is a controller. A security vulnerability exists in a number of WAGO products. The vulnerability stems from...

The vulnerability of microprogrammed software in programmable logic controllers such as ControlLogix 5580, GuardLogix 5580, CompactLogix 5380, CompactLogix 5480, CompactGuardLogix 5380, and 1756-EN4TR lies in their uncontrolled resource consumption, which allows a intruder to trigger malfunctions during maintenance.

The vulnerability of microprogrammed software in programmable logic controllers such as ControlLogix 5580, GuardLogix 5580, CompactLogix 5380, CompactLogix 5480, CompactGuardLogix 5380, and 1756-EN4TR is related to uncontrolled resource consumption. Exploiting this vulnerability could allow a...

CVE-2024-8935

CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the controller and the engineering workstation while a valid user is establishing a...

CVE-2024-8935

CVE-2024-8935 affects Schneider Electric Modicon M340, MC80, and Momentum Unity M1E. The issue is an Authentication Bypass by Spoofing enabling a Man-In-The-Middle attack during a controller–engineering workstation session, due to DH-based vulnerability that does not protect against MITM. Consequ...

The vulnerability of the Create MyConfig (CMC) utility in Siemens Sinumerik programmable logic controllers allows a perpetrator to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the Create MyConfig CMC utility in Siemens Sinumerik programmable logic controllers is related to the disclosure of information through registration files in the log files. Exploiting this vulnerability can allow attackers to circumvent security restrictions and gain...

PT-2024-9215 · Schneider Electric · Modicon Mc80 Bmkc80 +2

Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon M340 CPU BMXP34, Modicon MC80 BMKC80, and Modicon Momentum Unity M1E Processor 171CBU affected versions not specified Description: The issue is related to the lack of message integrity checks during transmission ove...