PT-2026-44163

Name of the Vulnerable Software and Affected Versions FUXA version 1.3.0 Description The '/api/project' endpoint exposes sensitive SCADA/HMI project configuration data to unauthenticated requests. This occurs because the secureFnc middleware utilizes a function that automatically generates a vali...

CODESYS多款产品 安全漏洞

CODESYS Control and others are products of the German company CODESYS. CODESYS Control is a set of industrial control programming software. CODESYS is an industrial control automation software. CODESYS HMI is a visualization software. Several CODESYS products have security vulnerabilities. These...

Siemens SIMATIC HMI Comfort Panels 安全漏洞

Siemens SIMATIC HMI Comfort Panels are touchscreen devices produced by the German company Siemens. There are security vulnerabilities in Siemens SIMATIC HMI Comfort Panels. These vulnerabilities stem from improper restrictions on access to web browsers through the control panel. This allows...

FUXA 1.2.8 - Authentication Bypass + RCE Exploit

Exploit Title: FUXA 1.2.8 - Authentication Bypass + RCE Exploit Date: 2026-02-25 Exploit Author: Joshua van der Poll https://github.com/joshuavanderpoll/ Software Link: https://github.com/frangoteam/FUXA/tree/v1.2.8 Vendor Homepage: https://github.com/frangoteam/FUXA Version: FUXA 1.2.8. Do not u...

Mitsubishi Electric多款产品 安全漏洞

Mitsubishi Electric GENESIS64 and other products are developed by Mitsubishi Electric Corporation of Japan. Mitsubishi Electric GENESIS64 is a SCADA suite. Mitsubishi Electric ICONICS Suite is a monitoring system for digital factories and intelligent buildings. Mitsubishi Electric MobileHMI is a...

PT-2026-30801

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and...

CVE-2021-27384

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7" & 15" incl. SIPLUS variants All versions V15.1 Update 6, SIMATIC HMI Comfort Outdoor Panels V16 7" & 15" incl. SIPLUS variants All versions V16 Update 4, SIMATIC HMI Comfort Panels V15 4" - 22" incl. SIPLUS...

CVE-2026-4760

From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account. Installations based on Panorama Suite 2022-SP1 22.50.005 are vulnerable unless update PS-2210-02-4079 or high...

EUVD-2026-15402

From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account. Installations based on Panorama Suite 2022-SP1 22.50.005 are vulnerable unless update PS-2210-02-4079 or high...

CVE-2026-4760

From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account. Installations based on Panorama Suite 2022-SP1 22.50.005 are vulnerable unless update PS-2210-02-4079 or high...

CVE-2026-4760 Potential unauthorized access to files on the Web HMI server host

From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account. Installations based on Panorama Suite 2022-SP1 22.50.005 are vulnerable unless update PS-2210-02-4079 or high...

CVE-2026-4760

From CVE-2026-4760, Panorama Web HMI allows an attacker to gain read access to certain Web HMI server files if the attacker knows the file paths and the files are accessible to the Servin process execution account. Affected installations include Panorama Suite 2022-SP1 (22.50.005) unless PS-2210-...

CVE-2026-4760 Potential unauthorized access to files on the Web HMI server host

From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account. Installations based on Panorama Suite 2022-SP1 22.50.005 are vulnerable unless update PS-2210-02-4079 or high...

Codra Panorama Suite 安全漏洞

Codra Panorama Suite is an industrial process monitoring software platform developed by the French company Codra. There is a security vulnerability in Codra Panorama Suite, which allows attackers to potentially read files on the Web HMI server...

PT-2026-27761

From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account. Installations based on Panorama Suite 2022-SP1 22.50.005 are vulnerable unless update PS-2210-02-4079 or high...

EUVD-2026-11706

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest level 100 context, granting read/write...

CVE-2026-3611

The CVE-2026-3611 entry describes unauthenticated access to the Honeywell IQ4x BMS controller web UI in factory-default configurations. Affected devices expose the full HMI via HTTP without requiring authentication when no user module is configured, leaving the system running under a System Guest...

Delta Electronics CNCSoft-G2 Code Execution Vulnerability

Delta Electronics CNCSoft-G2 is a human-machine interface HMI software from Delta Electronics, China. The Delta Electronics CNCSoft-G2 suffers from a code execution vulnerability that originates from insufficient user-supplied file validation, which can be exploited by an attacker to execute code...

📄 Honeywell Trend IQ4 Unauthenticated Add Admin

This Metasploit module exploits an insecure default configuration in Honeywell Trend IQ4 controllers. By default, these devices do not enforce authentication, allowing a remote user to enable the User Module and create a new administrative account. Note: This action permanently changes the device...

CVE-2024-55025

Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system...