Type confusion

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type confusion condition. Authentication is not required to exploit this...

Design/Logic Flaw

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to disclose sensitive information due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. Authentication is no...

Stack overflow

Triangle MicroWorks DNP3 Outstation LibrariesDNP3 Outstation .NET Protocol components and DNP3 Outstation ANSI C source code libraries are affected:3.16.00 through 3.25.01. A specially crafted message may cause a stack-based buffer overflow. Authentication is not required to exploit this...

CVE-2020-6996

Triangle MicroWorks DNP3 Outstation LibrariesDNP3 Outstation .NET Protocol components and DNP3 Outstation ANSI C source code libraries are affected:3.16.00 through 3.25.01. A specially crafted message may cause a stack-based buffer overflow. Authentication is not required to exploit this...

CVE-2020-6996

CVE-2020-6996 affects Triangle MicroWorks DNP3 Outstation Libraries (DNP3 Outstation .NET Protocol components and DNP3 Outstation ANSI C source) in versions 3.16.00–3.25.01. Root cause: stack-based buffer overflow triggered by a specially crafted message, with no authentication required. Impact: ...

CVE-2020-10611

CVE-2020-10611 is a real, externally exploitable type-confusion vulnerability in Triangle MicroWorks SCADA Data Gateway (DNP3 Data Sets). The Red Hat and NVD entries confirm it affects versions 2.41.0213–4.0.122 and 3.02.0697–4.0.122, enabling remote code execution with no authentication required...

CVE-2020-10611

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type confusion condition. Authentication is not required to exploit this...

CVE-2020-10613

Triangle MicroWorks SCADA Data Gateway is affected by CVE-2020-10613 (and related CVEs) in versions 2.41.0213–4.0.122 and 3.02.0697–4.0.122 due to an out-of-bounds read from improper validation of user-supplied data in DNP3 Data Sets. The vulnerability allows remote attackers to disclose sensitiv...

CVE-2020-10613

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to disclose sensitive information due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. Authentication is no...

Triangle MicroWorks DNP3 Outstation Libraries

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Triangle MicroWorks Equipment: DNP3 Outstation Libraries Vulnerability: Stacked-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could possibly allow remote...

Pwn2Own Miami Contestants Haul in $180K for Hacking ICS Equipment

The very first Pwn2Own hacking competition that exclusively focuses on the industrial control systems ICS has kicked off in Miami. So far, a total of $180,000 has been awarded for pwning five different products. The contest hosts at Trend Micro’s Zero Day initiative ZDI have allocated more than...

CVE-2019-13943

A vulnerability has been identified in EN100 Ethernet module DNP3 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.37, EN100 Ethernet module IEC104 variant All versions, EN100 Ethernet module Modbus TCP variant All versions, EN100 Ethernet module PROFINET IO variant A...

CVE-2019-13944

A vulnerability has been identified in EN100 Ethernet module DNP3 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.37, EN100 Ethernet module IEC104 variant All versions, EN100 Ethernet module Modbus TCP variant All versions, EN100 Ethernet module PROFINET IO variant A...

Code injection

A vulnerability has been identified in EN100 Ethernet module DNP3 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.37, EN100 Ethernet module IEC104 variant All versions, EN100 Ethernet module Modbus TCP variant All versions, EN100 Ethernet module PROFINET IO variant A...

CVE-2019-13944

CVE-2019-13944 affects Siemens EN100 Ethernet Module family (DNP3, IEC61850

CVE-2019-13943

CVE-2019-13943 affects Siemens EN100 Ethernet Module variants (DNP3, IEC61850

CVE-2019-13942

The CVE-2019-13942 issue affects Siemens EN100 Ethernet Module variants (DNP3, IEC61850

PT-2019-13484 · Moxa · En100 Ethernet Module Modbus Tcp Variant +4

Name of the Vulnerable Software and Affected Versions: EN100 Ethernet module DNP3 variant All versions EN100 Ethernet module IEC 61850 variant All versions V4.37 EN100 Ethernet module IEC104 variant All versions EN100 Ethernet module Modbus TCP variant All versions EN100 Ethernet module PROFINET ...

Siemens EN100 Ethernet Module (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: EN100 Ethernet Module Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Cross-site Scripting, Relative Path Traversal 2. UPDATE...

Siemens Siprotec Exposure of Sensitive Information to an Unauthorized Actor

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...