21 matches found
EUVD-2024-36615
Malicious code in bioql PyPI...
CVE-2023-1049
A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI...
CVE-2024-37367
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication verification...
CVE-2024-37367
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication verification...
CVE-2024-37368
Summary (CVE-2024-37368) Rockwell Automation FactoryTalk View SE is affected by an improper authentication vulnerability that allows a remote user with FTView to send a packet from a remote system to view an HMI project. Affected product: FactoryTalk View SE, version v11.0 (confirmed by ICSA advi...
CVE-2024-37368 Rockwell Automation FactoryTalk® View SE v11 Information Leakage Vulnerability via Authentication Restriction
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without...
CVE-2024-37367
Rockwell Automation FactoryTalk View SE is affected (v12.0). The vulnerability is an improper authentication issue (CWE-287) that could allow a remote attacker to have a user view an HMI project by sending a packet to the server. Connected advisories confirm affected product and remediation path:...
CVE-2024-37367 Rockwell Automation FactoryTalk® View SE v12 Information Leakage Vulnerability via Authentication Restriction
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication verification...
Rockwell Automation FactoryTalk View SE
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION : Exploitable remotely/Low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk View SE Vulnerability : Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an outside attacker...
Rockwell Automation FactoryTalk View SE
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk View SE Vulnerability : Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a user from a remote...
CVE-2021-44462
This vulnerability can be exploited by parsing maliciously crafted project files with Horner Automation Cscape EnvisionRV v4.50.3.1 and prior. The issues result from the lack of proper validation of user-supplied data, which can result in reads and writes past the end of allocated data structures...
Design/Logic Flaw
This vulnerability can be exploited by parsing maliciously crafted project files with Horner Automation Cscape EnvisionRV v4.50.3.1 and prior. The issues result from the lack of proper validation of user-supplied data, which can result in reads and writes past the end of allocated data structures...
CVE-2021-44462
CVE-2021-44462 affects Horner Automation Cscape EnvisionRV (v4.50.3.1 and prior). The vulnerability stems from improper input validation (CWE-20), allowing reads/writes past the end of allocated data structures when parsing maliciously crafted project files. Exploitation requires user interaction...
CVE-2021-44462 Horner Automation Cscape EnvisionRV Improper Input Validation
This vulnerability can be exploited by parsing maliciously crafted project files with Horner Automation Cscape EnvisionRV v4.50.3.1 and prior. The issues result from the lack of proper validation of user-supplied data, which can result in reads and writes past the end of allocated data structures...
Wecon PI Studio HMI Project Programmer TextContent Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon PI Studio HMI Project Programmer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists ...
CVE-2018-7527
A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file...
Buffer overflow
A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file...
CVE-2018-7527
Summary: CVE-2018-7527 is a stack-based buffer overflow in Wecon LeviStudioU/PI Studio components that can be triggered by opening a specially crafted file. Concrete details across connected advisories show multiple vulnerable entry points, including LeviStudio HMI Editor (Version 1.10, part of L...
CVE-2018-4844
A vulnerability has been identified in SIMATIC WinCC OA UI for Android All versions V3.15.10, SIMATIC WinCC OA UI for iOS All versions V3.15.10. Insufficient limitation of CONTROL script capabilities could allow read and write access from one HMI project cache folder to other HMI project cache...
CVE-2018-4844
A vulnerability has been identified in SIMATIC WinCC OA UI for Android All versions V3.15.10, SIMATIC WinCC OA UI for iOS All versions V3.15.10. Insufficient limitation of CONTROL script capabilities could allow read and write access from one HMI project cache folder to other HMI project cache...