19 matches found
EUVD-2022-52222
Malicious code in bioql PyPI...
EUVD-2022-52224
Malicious code in bioql PyPI...
CVE-2022-30316
Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The...
CVE-2022-30269
Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In the case of the Easy Configurator, application images as PLX/DAT/APP/CRC files are uploaded via the...
CVE-2022-30272
The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integrity. It utilizes either the STS software suite or ACE1000 Easy Configurator for performing firmware updates. In case of the Easy Configurator, firmware updates are performed through access to the Web UI where file system, kerne...
CVE-2022-30262
The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images were found to have n...
CVE-2022-30262
The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images were found to have n...
CVE-2022-30316
Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The...
CVE-2022-30272
The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integrity. It utilizes either the STS software suite or ACE1000 Easy Configurator for performing firmware updates. In case of the Easy Configurator, firmware updates are performed through access to the Web UI where file system, kerne...
CVE-2022-30269
Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In the case of the Easy Configurator, application images as PLX/DAT/APP/CRC files are uploaded via the...
CVE-2022-30272
The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integrity. It utilizes either the STS software suite or ACE1000 Easy Configurator for performing firmware updates. In case of the Easy Configurator, firmware updates are performed through access to the Web UI where file system, kerne...
CVE-2022-30269
Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In the case of the Easy Configurator, application images as PLX/DAT/APP/CRC files are uploaded via the...
Design/Logic Flaw
The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integrity. It utilizes either the STS software suite or ACE1000 Easy Configurator for performing firmware updates. In case of the Easy Configurator, firmware updates are performed through access to the Web UI where file system, kerne...
Design/Logic Flaw
Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In the case of the Easy Configurator, application images as PLX/DAT/APP/CRC files are uploaded via the...
CVE-2022-30269
Motorola ACE1000 RTUs up to 2022-05-02 are affected by CVE-2022-30269: the ACE1000 allows custom application installation via STS, the C Toolkit, or the Easy Configurator, with images uploaded via Web UI or transferred via SFTP/SSH. The vulnerability stems from missing firmware signing/authentica...
Honeywell Safety Manager
1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: Safety Manager 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow for configuration and firmware manipulation or remote code execution. 3. TECHNICAL...
Emerson DeltaV Distributed Control System 数据伪造问题漏洞
Emerson DeltaV Distributed Control System is an automated distributed control system from Emerson. The system includes features such as network security management, alarm management, batch control, and change management. The Emerson DeltaV Distributed Control System is vulnerable to a data forger...
PT-2022-3168 · Emerson · Emerson Controlwave 'Next Generation' Rtus
Name of the Vulnerable Software and Affected Versions: Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 Description: The issue is related to insufficient authentication of data, which can allow a remote attacker to access confidential data, compromise its integrity, and cause a denia...
PT-2022-3097 · Motorola · Motorola Ace1000 Rtu
Name of the Vulnerable Software and Affected Versions: Motorola ACE1000 RTU through 2022-05-02 Description: The issue concerns the mishandling of firmware integrity in the Motorola ACE1000 RTU. Firmware updates can be performed using either the STS software suite or the ACE1000 Easy Configurator...