11 matches found
EUVD-2018-21599
Malware in sbrugna...
CVE-2018-25112
An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device...
CVE-2018-25112
An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device...
CVE-2022-31206
The Omron SYSMAC Nx product family PLCs NJ series, NY series, NX series, and PMAC series through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software which compiles IEC 61131-3 conformant POU code to native machine code for execution...
The vulnerability of microprogrammed software in PACsystems programmable logic controllers, related to insufficient verification of data authenticity, allows a intruder to execute arbitrary code.
The vulnerability of microprogrammed programmable logic controllers from PACsystems is related to insufficient verification of data authenticity. Exploiting this vulnerability could allow an attacker, operating remotely, to execute arbitrary code using a specially crafted file written in...
Vulnerability Spotlight: Unsafe deserialization vulnerabilities in CODESYS Development System
Patrick DeSantis discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the CODESYS Development System. The CODESYS Development System is the IEC 61131-3 programming tool for industrial control and automation technology,... This is only...
CODESYS Development System PackageManagement.plugin ExtensionMethods.Clone() Unsafe Deserialization vulnerability
Summary An unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this...
Snakes and Ladder Logic
A click to a reverse shell in OpenPLC and ladder logic OR Why you shouldn’t run everything as root in PLC and RTUs. TL;DR Most of the RTU’s and PLC’s that run a Unix based OS that we test and, and some devices on Windows that we’ve tested on maritime engagements, run as root and/or admin. They al...
WAGO e!Cockpit authentication hard-coded encryption key vulnerability
Summary A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit, version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text. Test...
WAGO PFC 200 SERIES Multiple Vulnerabilities
Exploit for hardware platform in category local exploits VENDOR DESCRIPTION “The WAGO-I/O-SYSTEM is a flexible fieldbus-independent solution for decentralized automation tasks. With the relay, function and interface modules, as well as overvoltage protection, WAGO provides a suitable interface fo...
Phoenix Contact Software ProConOs and MultiProg Authentication Vulnerability
OVERVIEW Reid Wightman of Digital Bond has identified an authentication vulnerability in Phoenix Contact Software’s ProConOs and MultiProg applications. KW-Software originally wrote these applications without authentication intentionally. This vulnerability could be exploited remotely. AFFECTED...