CVE-2025-41704

An unauthanticated remote attacker can perform a DoS of the Modbus service by sending a specific function and sub-function code without affecting the core functionality...

EUVD-2021-24923

Malware in sbrugna...

EUVD-2021-24929

Malware in sbrugna...

CVE-2023-1488

A vulnerability, which was classified as problematic, was found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54. Affected is the function 0x9C40A0D8/0x9C40A0DC/0x9C40A0E0 in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to denial of service. It is...

CVE-2021-38451

The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value of the offset, which allows the client to specify any offset and read out-of-bounds data...

CVE-2021-38477

There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files...

CVE-2021-38451

The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value of the offset, which allows the client to specify any offset and read out-of-bounds data...

Out-of-bounds

The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value of the offset, which allows the client to specify any offset and read out-of-bounds data...

CVE-2021-38477

CVE-2021-38477 affects AUVESY Versiondog (data management software for automated production). The vulnerability is described as External Control of File Name or Path (CWE-73) within Versiondog’s API functions that read/write files and directories, enabling manipulation or deletion of files. The c...

Privilege Bypass Vulnerability in Schneider Electric P3420 PLC Module

Schneider Electric Modicon M340 PLC is a programmable controller product of Schneider Electric France. A privilege bypass vulnerability exists in the Schneider Electric P3420 PLC module. An attacker can cause the PLC to start and stop by constructing PLC start-stop data messages using private...

Denial of Service Vulnerability in S7 300 CPU319-3/CP343-1

Siemens China Ltd. is focused on electrification, automation and digitalization. A denial of service vulnerability exists in S7 300 CPU319-3/CP343-1, where an attacker can cause the PLC CPU module and CP module to go down, requiring a manual reboot of the PLC to recover. Other sub-function codes...

AB CompactLogix 5000 Series Controller CIP Protocol Denial of Service Vulnerability

The AB CompactLogix 5000 series are controllers for Logix solutions for low-end to mid-size applications. A vulnerability in the CIP communication protocol of the AB CompactLogix 5000 Series controllers, if successfully exploited, could cause the target device to fail to respond properly to...

Modbus Client Utility

This module allows reading and writing data to a PLC using the Modbus protocol. This module is based on the 'modiconstop.rb' Basecamp module from DigitalBond, as well as the mbtget perl script. This module requires Metasploit: https://metasploit.com/download Current source:...

Sixnet Universal Protocol Undocumented Function Codes (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-13-231-01A Sixnet Universal Protocol Undocumented Function Codes that was published August 26, 2013, on the ICS-CERT Web page. --------- Begin Update B Part 1 of 1 -------- Researchers Kyle Stone and Mehdi Sabraoui...