14 matches found
CVE-2023-49691
CVE-2023-49691 is an OS command injection vulnerability found in Siemens SCALANCE/ RUGGEDCOM devices via the DDNS handling. The root cause is improper neutralization of special elements used in an OS command, enabling a local attacker with administrative privileges to run commands at system level...
Siemens SINEC NMS Incorrect Privilege Assignment Vulnerability
Siemens SINEC NMS is a network management system NMS from Siemens, Germany, that can be used 24/7 to centrally monitor, manage and configure industrial networks with tens of thousands of devices, including safety-related areas. The Siemens SINEC NMS suffers from an Incorrect Privilege Assignment...
Korenix JetWave Command Injection / Denial Of Service Exploit
Multiple versions of Korenix JetWave suffer from authenticated command injection and denial of service vulnerabilities. ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| JetWave4221 HP-E, JetWave 2212G, JetWave 2212X/2212S, |...
Moxa Mxview Network Management Software è·ŻćŸéćæŒæŽ
An improper access control vulnerability exists in Moxa MXview, a network management software used to monitor and diagnose industrial networks. The vulnerability stems from the fact that the affected product has a misconfigured service that allows remote connections to internal communication...
SIEMENS SCALAN CES-600 family Cross-Site Scripting Vulnerability
SCALANCE S firewall is used to protect trusted industrial networks from untrusted networks. A cross-site scripting vulnerability exists in the SIEMENS SCALAN CES-600 family. An attacker could exploit the vulnerability to trick an unsuspecting user into visiting a malicious link...
SIEMENS SCALAN CES-600 family denial of service vulnerability (CNVD-2020-04718)
SCALANCE S firewall is used to protect trusted industrial networks from untrusted networks. A denial of service vulnerability exists in the SIEMENS SCALAN CES-600 family. An attacker could exploit the vulnerability by sending packets on port 443/tcp of an affected device, resulting in a denial of...
CVE-2018-0446 Cisco Industrial Network Director Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...
Schneider Electric PLC HTTP Server Detected on Industrial Network
Binary data 700245.prm...
HTTP Protocol Detected on Industrial Network
Binary data 700177.prm...
HTTP Client Detected on Industrial Network
Binary data 700176.prm...
HTTP Server Detected on Industrial Network
Binary data 700175.prm...
EtherNet/IP Detection (TCP)
A EtherNet/IP Service is running at this host. EtherNet/IP is an industrial network protocol that adapts the Common Industrial Protocol to standard Ethernet. It is widely used in a range industries including factory, hybrid and process to manage the connection between various automation devices...
Moxa MXview v2.8 Remote Private Key Disclosure Exploit
Exploit for windows platform in category remote exploits + Credits: John Page AKA HYP3RLINX Vendor: ============ www.moxa.com Product: =========== MXview V2.8 Download: http://www.moxa.com/product/MXstudio.htm MXview Industrial Network Management Software. Auto discovery of network devices and...
Innominate MGuard Weak HTTPS and SSH Keys
Overview An independent research group comprised of Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman identified an insufficient entropy vulnerability in Innominateâs mGuard network appliance product line. By impersonating the device, an attacker can obtain the credentials of...