382 matches found
Memory corruption
A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant All versions, EN100 Ethernet module IEC 104 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.37, EN100 Ethernet module Modbus TCP variant All versions, EN100 Ethernet module PROFINET IO varia...
CVE-2022-30937
CVE-2022-30937 affects Siemens EN100 Ethernet Module variants: DNP3 IP, IEC 104, IEC 61850 (all versions prior to 4.37), Modbus TCP, and PROFINET IO. The issue is a memory corruption vulnerability in the HTTP parsing of the /txtrace endpoint, which could crash the affected application and cause a...
Siemens EN100 Ethernet Module
1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: EN100 Ethernet Module Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could...
Rockwell Automation MicroLogix Resource Management Errors (CVE-2014-5410)
The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 1766-Lxxxxx A FRN controllers 7 and earlier and 1400 1766-Lxxxxx B FRN controllers before 15.001 allows remote attackers to cause a denial of service process disruption via malformed packets over 1 an Ethernet network or 2 a...
Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays Improper Input Validation (CVE-2018-16563)
A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module All versions V4.35, Firmware variant MODBUS TCP for EN100 Ethernet module All versions, Firmware variant DNP3 TCP for EN100 Ethernet module All versions, Firmware variant IEC104 for EN100 Ethernet module A...
Siemens SIPROTEC Information Disclosure (CVE-2016-4785)
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...
Schweitzer Engineering Laboratories RTAC Improper Input Validation (CVE-2013-2792)
Schweitzer Engineering Laboratories SEL SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow remote attackers to cause a denial of service infinite loop via a crafted DNP3 TCP packet. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
Siemens EN100 Ethernet Module Relative Path Traversal (CVE-2019-13944)
A vulnerability has been identified in EN100 Ethernet module DNP3 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.37, EN100 Ethernet module IEC104 variant All versions, EN100 Ethernet module Modbus TCP variant All versions, EN100 Ethernet module PROFINET IO variant A...
Siemens SIPROTEC Information Disclosure (CVE-2016-4784)
A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...
Siemens EN100 Ethernet module & SIPROTEC Merging Unit Denial of Service (CVE-2015-5374)
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...
Authentication flaw
A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T200 Modbus SC2-04MOD-07000100 and earlier, Easergy T200 IEC104 SC2-04IEC-07000100 and earlier, and Easergy T200 DNP3 SC2-04DNP-07000102 and earlier that could cause unauthorized operation when authentication ...
CVE-2021-22772
A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T200 Modbus SC2-04MOD-07000100 and earlier, Easergy T200 IEC104 SC2-04IEC-07000100 and earlier, and Easergy T200 DNP3 SC2-04DNP-07000102 and earlier that could cause unauthorized operation when authentication ...
CVE-2021-22772
CVE-2021-22772 affects Schneider Electric Easergy T200 series (Modbus SC2-04MOD-07000100, IEC104 SC2-04IEC-07000100, DNP3 SC2-04DNP-07000102 and earlier). Documented root cause: CWE-306 – Missing Authentication for Critical Function, enabling unauthorized operation when authentication is bypassed...
[ASA-202107-44] wireshark-cli: denial of service
Arch Linux Security Advisory ASA-202107-44 ========================================== Severity: Low Date : 2021-07-20 CVE-ID : CVE-2021-22235 Package : wireshark-cli Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-2160 Summary ======= The package wireshark-cli befo...
Siemens En100 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
A vulnerability has been identified in EN100 Ethernet module DNP3 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.37, EN100 Ethernet module IEC104 variant All versions, EN100 Ethernet module Modbus TCP variant All versions, EN100 Ethernet module PROFINET IO variant A...
(Pwn2Own) Triangle MicroWorks SCADA Data Gateway DNP3 Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of data set elements. The issue results from the lac...
(Pwn2Own) Triangle Microworks SCADA Data Gateway DNP3 GET_FILE_INFO Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle Microworks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists with the handling of opcodes for GETFILEINFO. The issue results from the...
CVE-2020-10611
Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type confusion condition. Authentication is not required to exploit this...
CVE-2020-6996
Triangle MicroWorks DNP3 Outstation LibrariesDNP3 Outstation .NET Protocol components and DNP3 Outstation ANSI C source code libraries are affected:3.16.00 through 3.25.01. A specially crafted message may cause a stack-based buffer overflow. Authentication is not required to exploit this...
CVE-2020-6996
Triangle MicroWorks DNP3 Outstation LibrariesDNP3 Outstation .NET Protocol components and DNP3 Outstation ANSI C source code libraries are affected:3.16.00 through 3.25.01. A specially crafted message may cause a stack-based buffer overflow. Authentication is not required to exploit this...