Emerson Ovation OCR400 Controller Stack-Based Buffer Overflow (CVE-2019-10967)

In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers, leading to remote...

Loytec LINX Automation Servers Information Disclosure / Cleartext Secrets Vulnerability

Loytec LINX-151 with firmware version 7.2.4 and LINX-212 with firmware version 6.2.4 suffer from file disclosure vulnerabilities that leak secrets as well as issues with stories secrets in the clear. + CVE : CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389 + Title : Multiple...

Loytec L-INX Automation Servers Information Disclosure / Cleartext Secrets

CVE : CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389 + Title : Multiple vulnerabilities in Loytec L-INX Automation Servers + Vendor : LOYTEC electronics GmbH + Affected Products : LINX-151, Firmware 7.2.4, LINX-212, firmware 6.2.4 + Affected Components : L-INX Automation Servers +...

LOYTEC Electronics Insecure Transit / Insecure Permissions / Unauthenticated Access Vulnerabilities

Products from LOYTEC electronics such as Loytec LWEB-802, L-INX Automation Servers, L-IOB I/O Controllers, and L-VIS Touch Panels suffer from improper access control and insecure transit vulnerabilities. + CVE : CVE-2023-46380, CVE-2023-46381, CVE-2023-46382 + Title : Multiple vulnerabilities in...

LOYTEC Electronics Insecure Transit / Insecure Permissions / Unauthenticated Access

CVE : CVE-2023-46380, CVE-2023-46381, CVE-2023-46382 + Title : Multiple vulnerabilities in Loytec LWEB-802, L-INX Automation Servers, L-IOB I/O Controllers, L-VIS Touch Panels + Vendor : LOYTEC electronics GmbH + Affected Products : LINX-212 firmware 6.2.4, LVIS-3ME12-A1 firmware 6.2.2, LIOB-586...

Moxa MGate Authentication Bypass (CVE-2016-5804)

Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value. This plugin only works with...

Moxa NPort 5110, 5130, and 5150 Uncontrolled Resource Consumption (CVE-2017-14028)

A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exhaust memory resources by sending a large amount ...

Moxa IKS, EDS Improper Restriction of Excessive Authentication Attempts (CVE-2019-6524)

Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

ABB M2M ETHERNET Improper Authentication (CVE-2018-17926)

The product M2M ETHERNET FW Versions 2.22 and prior, ETH-FW Versions 1.01 and prior is vulnerable in that an attacker can upload a malicious language file by bypassing the user authentication mechanism. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-...

Wago PFC200 Authentication Bypass (CVE-2016-9362)

An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 released August 2015, WAGO 750-881 prior to FW09 released August 2016, and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator URL on the web server, a malicious user is able to edit and to view settings without...

Tridium Niagara Improper Limitation of a Pathname to a Restricted Directory (CVE-2017-16744)

A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform administrator credentials. This plugin only works with Tenable.ot. Please visit...

Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4 Improper Neutralization of Input During Web Page Generation (CVE-2018-18985)

Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may all...

Wago PLC Cycle Time Influences Uncontrolled Resource Consumption (CVE-2019-10953)

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. This plugin only works with Tenable.ot. Please visit...

Phoenix Contact ILC PLCs Improper Authentication (CVE-2016-8371)

The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Phoenix Contact ILC PLCs Improper Authentication (CVE-2016-8380)

The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

The secrets of Schneider Electric’s UMAS protocol

UMAS Unified Messaging Application Services is a proprietary Schneider Electric SE protocol used to configure and monitor Schneider Electric PLCs. Schneider Electric controllers that use UMAS include Modicon M580 CPU part numbers BMEP and BMEH and Modicon M340 CPU part numbers BMXP34. Controllers...

Yokogawa CENTUM, Exaopc and B/M9000 Stack-based Buffer Overflow (CVE-2014-3888)

Stack-based buffer overflow in BKFSimvhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attacke...

Saia PCDx Credentials Management Errors (CVE-2015-7911)

Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD7.D4xxWTPF, and PCD7.D4xxxT5F devices before 1.24.50 and PCD3.T665 and PCD3.T666 devices before 1.24.41 have hardcoded credentials, which allows remote attackers to obtain administrative access via...

Rockwell (CVE-2015-6486)

SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. This plugin only works with Tenable.ot. Please visit...

Emerson OSE Credentials Management Errors (CVE-2013-0694)

The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by...