58 matches found
Security Implications of 5G Communication in Industrial Systems
Traditionally, industrial control systems ICS were designed without security in mind, prioritizing availability and real-time communication. As these systems increasingly become targets of powerful adversaries, security can no longer be neglected. Driven by flexibility and automation needs, ICS a...
PT-2025-47026
Name of the Vulnerable Software and Affected Versions General Industrial Controls Lynx+ Gateway affected versions not specified Description The embedded web server lacks critical authentication, potentially allowing a remote attacker to reset the device. This could lead to a complete remote...
EUVD-2017-2365
Malware in sbrugna...
Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide
Cybersecurity researchers have discovered over a dozen security vulnerabilities impacting Tridium's Niagara Framework that could allow an attacker on the same network to compromise the system under certain circumstances. "These vulnerabilities are fully exploitable if a Niagara system is...
Reporte De Vulnerabilidades En IIoT. Proyecto DEFENDER
The main objective of this technical report is to conduct a comprehensive study on devices operating within Industrial Internet of Things IIoT environments, describing the scenarios that define this category and analysing the vulnerabilities that compromise their security. To this end, the report...
Exploit for Incorrect Type Conversion or Cast in Kunbus Revpi_Status
CVE-2025-41646---Critical-Authentication-Bypass- CVE-2025-4164...
The vulnerability of microprogrammed software in web panels for controlling and monitoring processes in industrial systems, PHOENIX CONTACTs WP 6xxx, allows a perpetrator to gain full access to the device.
The vulnerability of microprogrammed software in web panels for controlling and monitoring processes in industrial systems like PHOENIX CONTACT WP 6xxx exists due to the lack of measures to neutralize special elements. Exploiting this vulnerability can allow a malicious actor, operating remotely,...
The vulnerability of microprogramming software in web panels for managing and monitoring processes in industrial systems, PHOENIX CONTACT WP 6xxx – existing due to the lack of measures to neutralize special elements – allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of microprogrammed software in web panels for managing and monitoring processes in industrial systems like PHOENIX CONTACT WP 6xxx exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability can allow a malicious actor to compromise the...
The vulnerability of microprogramming software in web panels for controlling and monitoring processes in industrial systems, PHOENIX CONTACT WP 6xxx, arises from the use of rigidly encrypted account data. This allows a intruder to gain unauthorized access to protected information and compromise its integrity.
The vulnerability of microprogrammed software in web panels for controlling and monitoring processes in industrial systems, such as PHOENIX CONTACT WP 6xxx, is related to the use of rigidly encrypted account data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain...
The vulnerability of microprogrammed software in web panels for controlling and monitoring processes in industrial systems from PHOENIX CONTACTs WP 6xxx exists due to the lack of measures taken to neutralize special elements used in the operating system command. This vulnerability allows a intruder to gain unauthorized access to the device.
The vulnerability of microprogrammed software in web panels for controlling and monitoring processes in industrial systems exists due to the lack of measures taken to neutralize special elements used in the operating system command set. Exploiting this vulnerability can allow a malicious actor,...
Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks
The U.S. Cybersecurity and Infrastructure Security Agency CISA has alerted of two security flaws impacting Rockwell Automation ControlLogix EtherNet/IP ENIP communication module models that could be exploited to achieve remote code execution and denial-of-service DoS. "The results and impact of...
CVE-2022-43716
A vulnerability has been identified in SIMATIC CP 1242-7 V2 6GK7242-7KX31-0XE0 All versions V3.4.29, SIMATIC CP 1243-1 6GK7243-1BX30-0XE0 All versions V3.4.29, SIMATIC CP 1243-1 DNP3 incl. SIPLUS variants All versions V3.4.29, SIMATIC CP 1243-1 IEC incl. SIPLUS variants All versions V3.4.29,...
CVE-2022-2758 Update
Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems LSIS Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all...
CVE-2022-2758
CVE-2022-2758 involves inadequate encryption strength in LS Electric’s XG5000 software communication with LS Electric PLCs. Affected products include XG5000 (all versions prior to 4.0) and PLCs: XGK-CPUU/H/A/S/E (all versions prior to 3.50), XGI-CPUU/UD/H/S/E (prior to 3.20), XGR-CPUH (prior to 1...
CVE-2022-2758 Update
Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems LSIS Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all...
Hackers Distributing Password Cracking Tool for PLCs and HMIs to Target Industrial Systems
Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers PLCs and co-opt the machines to a botnet. The software "exploited a vulnerability in the firmware which allowed it to retrieve the...
Defending the Supply Chain: Why the DDS Protocol is Critical in Industrial and Software Systems
In 2021, a team of researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service DDS standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022...
Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises
Attacks on control processes supported by operational technology OT are often perceived as necessarily complex. This is because disrupting or modifying a control process to cause a predictable effect is often quite difficult and can require a lot of time and resources. However, Mandiant Threat...
Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday issued an advisory warning of multiple vulnerabilities in the OpENer EtherNet/IP stack that could expose industrial systems to denial-of-service DoS attacks, data leaks, and remote code execution. All OpENer commits and...
Laser-Based Hacking from Afar Goes Beyond Amazon Alexa
Imagine someone hacking into an Amazon Alexa device using a laser beam and then doing some online shopping using that person account. This is a scenario presented by a group of researchers who are exploring why digital home assistants and other sensing systems that use sound commands to perform...