GE CIMPLICITY HMI/SCADA Software Buffer Overflow Vulnerability

GE CIMPLICITY HMI/SCADA Software is an automated industrial platform from General Electric GE. It provides true client-server visualization and control from a single machine to plant locations around the world, helping to manage operations and improve decision making. A buffer overflow...

AVEVA Edge DLL Hijacking Vulnerability

AVEVA Edge is a highly scalable and flexible HMI/SCADA software from AVEVA Software UK. A DLL hijacking vulnerability exists in AVEVA Edge 2020 R and prior versions, which could be exploited by an attacker to compromise the confidentiality, availability or integrity of a system. Details of the...

Unspecified Vulnerability in AVEVA Edge

AVEVA Edge is a highly scalable and flexible HMI/SCADA software from AVEVA Software UK. A security vulnerability exists in AVEVA Edge 2020 R2 and prior versions that can be exploited by an attacker to potentially compromise the confidentiality, availability or integrity of the system. Details of...

AVEVA Edge has an information disclosure vulnerability

AVEVA Edge is a highly scalable and flexible HMI/SCADA software from the UK-based Jianwei Software AVEVA. An information disclosure vulnerability exists in AVEVA Edge version 2020 R2, which can be exploited by an attacker to obtain account information for accessing external DB resource...

GE CIMPLICITY

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: GE Equipment: CIMPLICITY Vulnerabilities: Access of Uninitialized Pointer, Heap-based Buffer Overflow, Untrusted Pointer Dereference, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

Unspecified Vulnerability in mySCADA myPRO

mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. A security vulnerability exists in mySCADA myPRO that can be exploited by an attacker to crack a previously retrieved password hash...

mySCADA myPRO OS Command Injection Vulnerability (CNVD-2021-102825)

mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to inject arbitrary operating system commands via specific paramete...

mySCADA myPRO OS Command Injection Vulnerability (CNVD-2021-102828)

mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to inject arbitrary operating system commands via specific paramete...

Unspecified vulnerability in mySCADA myPRO (CNVD-2021-102830)

mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. A security vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to cause an additional, undocumented administrative account to exist in the affected product,...

Unspecified vulnerability in DAQFactory

DAQFactory is a software and application development platform that provides a variety of tools that allow you to easily create HMI/SCADA applications. A security vulnerability exists in DAQFactory 18.1 Build 2347 and earlier versions. The vulnerability can be exploited by an attacker via a...

DAQFactory Deserialization Vulnerability

DAQFactory is a software and application development platform that provides a variety of tools that allow you to easily create HMI/SCADA applications. A deserialization vulnerability exists in DAQFactory 18.1 Build 2347 and earlier versions. An attacker can exploit this vulnerability to corrupt...

DAQFactory Man-in-the-Middle Attack Vulnerability

DAQFactory is a software and application development platform that provides a variety of tools that allow you to easily create HMI/SCADA applications. A man-in-the-middle attack vulnerability exists in DAQFactory 18.1 Build 2347 and earlier versions. The vulnerability can be exploited by an...

Advantech WebAccess Heap Buffer Overflow Vulnerability

Advantech WebAccess is Advantech's suite of HMI/SCADA software based on browser architecture. A heap buffer overflow vulnerability exists in Advantech WebAccess 9.02 and earlier versions. An attacker could exploit this vulnerability to remotely execute code...

CVE-2019-18255

HMI/SCADA iFIX Versions 6.1 and prior allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation...

CVE-2019-18243

HMI/SCADA iFIX Versions 6.1 and prior allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation...

CVE-2019-18255

HMI/SCADA iFIX Versions 6.1 and prior allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation...

GE CIMPLICITY

CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: GE Equipment: CIMPLICITY Vulnerability: Stack-based Buffer Overflow AFFECTED PRODUCTS The following versions of CIMPLICITY, an HMI/SCADA management platform, are affected: CIMPLICITY Versions 9.0 and prior. IMPACT...

GE CIMPLICITY (Update A)

CVSS v3 6.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: GE Equipment: CIMPLICITY Vulnerability: Stack-based Buffer Overflow UPDATED INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-278-01 GE CIMPLICITY that was published October 5,...

Session fixation

An issue was discovered in General Electric GE Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has acces...

CVE-2016-9360

An issue was discovered in General Electric GE Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has acces...