361 matches found
LS ELECTRIC PLC and XG5000 (Update A)
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor : LS ELECTRIC, LS Industrial Systems LSIS Co. Ltd Equipment: LS ELEC PLC and XG5000 Vulnerability: Inadequate Encryption Strength 2. UPDATE This updated advisory is a follow-up to the original advisory...
Emerson Proficy Machine Edition 路径遍历漏洞
Emerson Proficy Machine Edition is an application from Emerson, Inc. an automation solution. A security vulnerability exists in Emerson Proficy Machine Edition versions 9.80 and earlier, which stems from an easy ZipSlip attack via the uploader program, which allows an attacker to plant a maliciou...
Emerson Proficy Machine Edition 代码问题漏洞
Emerson Proficy Machine Edition is a software application from Emerson Electric USA, Inc. An automation solution. A code issue vulnerability exists in Emerson Proficy Machine Edition 9.00 and prior versions that originates from uploading any file written to the PLC logical folder to a connected P...
The vulnerability of the programming software for PLCs (programmable logic controllers), namely EcoStruxure Control Expert, arises from the execution of operations beyond the buffer boundaries in memory. This vulnerability allows a malicious actor to cause system failures.
The vulnerability of the EcoStruxure Control Expert programming tool for programmable logic controllers involves the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause a service failure...
The vulnerability of the SNMP protocol implementation in the microprogramming software for Schneider Electric Modicon M340 programmable logic controllers allows a intruder to trigger a maintenance failure.
The vulnerability of the SNMP protocol implementation in microprogrammed software for Schneider Electric Modicon M340 programmable logic controllers is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by sendi...
The vulnerability of HID Mercury programmable logic controllers’ microprogramming software, related to security mechanism failures, allows a intruder to cause a service failure.
The vulnerability of HID Mercury programmable logic controllers’ microprogramming software is related to security mechanism errors. Exploiting this vulnerability allows a malicious actor to cause service failure by loading arbitrary firmware files remotely...
The vulnerability of microprogrammed software for PACsystems programmable logic controllers, related to data transmission between the browser and the PLC using the HTTP protocol, allows a intruder to gain unauthorized access to protected information.
The vulnerability of PACsystems programmable logic controllers’ microprogramming software is related to the transmission of data between the browser and the PLC using the HTTP protocol. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
Omron SYSMAC CS/CJ/CP Series 和 NJ/NX Series 数据伪造问题漏洞
Omron SYSMAC CS/CJ/CP Series and Omron SYSMAC NJ/NX Series are products of Omron Corporation, Japan.Omron SYSMAC CS/CJ/CP Series is a series of programmable controllers.Omron SYSMAC NJ/NX Series is a series of machine automation controllers. Omron SYSMAC NJ/NX Series is a series of machine...
Omron SYSMAC CS/CJ/CP Series and NJ/NX Series
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Omron Equipment: SYSMAC CS/CJ/CP Series and NJ/NX Series Vulnerabilities: Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity, Plaintext Storage of a Password...
Critical Security Flaws Identified in CODESYS ICS Automation Software
CODESYS has released patches to address as many as 11 security flaws that, if successfully exploited, could result in information disclosure and a denial-of-service DoS condition, among others. "These vulnerabilities are simple to exploit, and they can be successfully exploited to cause...
Secheron SEPCOS Control and Protection Relay 安全漏洞
Secheron SEPCOS Control and Protection Relay is a relay from Secheron. Control and protect your DC panels and contact lines from short circuits and other electrical faults, and benefit from enhanced communication capabilities.A security vulnerability exists in the Secheron SEPCOS Control and...
PT-2022-3083 · Honeywell · Honeywell Controledge
Name of the Vulnerable Software and Affected Versions: Honeywell ControlEdge versions through R151.1 Description: The issue is related to the use of hard-coded credentials in the Honeywell ControlEdge programmable logic controllers. This could allow a remote attacker to gain elevated privileges...
JTEKT TOYOPUC
1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely Vendor: JTEKT Equipment: TOYOPUC Products Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in multiple operational technology OT...
Mitsubishi Electric MELSEC-Q Series Denial of Service Vulnerability
The Mitsubishi Electric MELSEC-Q Series is a programmable logic controller of the Mitsubishi Electric MELSEC-Q Series from Mitsubishi Electric, Japan.A denial of service vulnerability exists in the Mitsubishi Electric MELSEC-Q Series, which is caused by incorrect resource locking failure to relea...
The vulnerability of HID Mercury programmable logic controllers’ microprogramming software lies in the improper limitation of the path name to the restricted access directory. This allows a malicious actor to load any file into any directory of the file system.
The vulnerability of HID Mercury programmable logic controllers’ microprogramming software is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to download any file into any directory of the file system b...
Siemens SCALANCE 安全漏洞
SCALANCE X switches are used to connect industrial components such as programmable logic controllers PLCs or human machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions. An access control error vulnerability exists in Siemens SCALANCE X-300 Switch Fami...
多款 Siemens 产品输入验证错误漏洞
SCALANCE X switches are used to connect to industrial components such as programmable logic controllers PLCs or human-machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions.Siemens SCALANCE X-300 Switch Family Devices are vulnerable to an input validati...
多款 Siemens 产品 缓冲区错误漏洞
SCALANCE X switches are used to connect to industrial components such as programmable logic controllers PLCs or human-machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions.A buffer overflow vulnerability exists in Siemens SCALANCE X-300 Switch Family...
ASUS RT-AX56U 路径遍历漏洞
The ASUS RT-AX56U is a wireless router from ASUS of Taiwan, China. A path traversal vulnerability exists in the ASUS RT-AX56U updatePLC/PORT file, which can be exploited by an attacker to overwrite system files by uploading another PLC/PORT file with the same filename, resulting in a service...
CVE-2021-32980
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active...