98 matches found
EUVD-2020-17867
Malware in sbrugna...
EUVD-2020-17869
Malware in sbrugna...
EUVD-2020-17875
Malware in sbrugna...
EUVD-2020-17871
Malware in sbrugna...
EUVD-2020-17873
Malware in sbrugna...
EUVD-2022-34724
Malicious code in bioql PyPI...
EUVD-2022-34725
Malicious code in bioql PyPI...
EUVD-2022-34726
Malicious code in bioql PyPI...
CVE-2022-2463
Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. A crafted malicious .7z exchange file may allow an attacker to gain the privileges of the ISaGRAF Workbench software when opened. If the software is running at the SYSTEM leve...
CVE-2020-25180
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm...
CVE-2020-25182
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft...
CVE-2022-1118
Connected Components Workbench v13.00.00 and prior, ISaGRAF Workbench v6.0 though v6.6.9, and Safety Instrumented System Workstation v1.2 and prior for Trusted Controllers do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that, if open...
CVE-2022-2465
Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Deserialization of Untrusted Data vulnerability. ISaGRAF Workbench does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if...
CVE-2022-2464
Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing fil...
CVE-2020-25178
ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote...
CVE-2020-25176
Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer IXL protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated...
CVE-2020-25184
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could...
The vulnerability of the eXchange Layer component in the application development environment for programmable logic controllers ISaGRAF Runtime Rockwell Automation allows a hacker to execute arbitrary code.
The vulnerability of the eXchange Layer component in the application development environment for ISaGRAF Runtime Rockwell Automation relates to errors in processing the relative path to the restricted-access directory. Exploiting this vulnerability may allow a remote attacker to execute arbitrary...
The vulnerability of the application development environment for ISaGRAF programmable logic controllers arises from the use of an unreliable search path during the loading of dynamic libraries. This allows a hacker to execute arbitrary code.
The vulnerability in the application development environment for ISaGRAF Runtime Rockwell Automation relates to the use of an unreliable search path during the loading of dynamic libraries. Exploiting this vulnerability allows a local attacker to execute arbitrary code...
The vulnerability of the application development environment for ISaGRAF programmable logic controllers allows a hacker to disclose protected information.
The vulnerability of the application development environment for ISaGRAF programmable logic controllers is related to the rigid encoding of registration data. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose protected information...