Lucene search
K

361 matches found

ICS
ICS
added 2022/08/16 6:0 a.m.42 views

LS ELECTRIC PLC and XG5000 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor : LS ELECTRIC, LS Industrial Systems LSIS Co. Ltd Equipment: LS ELEC PLC and XG5000 Vulnerability: Inadequate Encryption Strength 2. UPDATE This updated advisory is a follow-up to the original advisory...

6.5CVSS6.3AI score0.00323EPSS
Exploits0References10
CNNVD
CNNVD
added 2022/08/16 12:0 a.m.10 views

Emerson Proficy Machine Edition 路径遍历漏洞

Emerson Proficy Machine Edition is an application from Emerson, Inc. an automation solution. A security vulnerability exists in Emerson Proficy Machine Edition versions 9.80 and earlier, which stems from an easy ZipSlip attack via the uploader program, which allows an attacker to plant a maliciou...

7.3CVSS7.3AI score0.00228EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/08/16 12:0 a.m.4 views

Emerson Proficy Machine Edition 代码问题漏洞

Emerson Proficy Machine Edition is a software application from Emerson Electric USA, Inc. An automation solution. A code issue vulnerability exists in Emerson Proficy Machine Edition 9.00 and prior versions that originates from uploading any file written to the PLC logical folder to a connected P...

7.8CVSS7.5AI score0.0018EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/08/15 12:0 a.m.9 views

The vulnerability of the programming software for PLCs (programmable logic controllers), namely EcoStruxure Control Expert, arises from the execution of operations beyond the buffer boundaries in memory. This vulnerability allows a malicious actor to cause system failures.

The vulnerability of the EcoStruxure Control Expert programming tool for programmable logic controllers involves the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause a service failure...

7.8CVSS6.3AI score0.00189EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/21 12:0 a.m.6 views

The vulnerability of the SNMP protocol implementation in the microprogramming software for Schneider Electric Modicon M340 programmable logic controllers allows a intruder to trigger a maintenance failure.

The vulnerability of the SNMP protocol implementation in microprogrammed software for Schneider Electric Modicon M340 programmable logic controllers is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by sendi...

7.8CVSS7.2AI score0.0057EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/29 12:0 a.m.7 views

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software, related to security mechanism failures, allows a intruder to cause a service failure.

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software is related to security mechanism errors. Exploiting this vulnerability allows a malicious actor to cause service failure by loading arbitrary firmware files remotely...

7.8CVSS7.5AI score0.00895EPSS
Exploits0References7Affected Software9
BDU FSTEC
BDU FSTEC
added 2022/06/28 12:0 a.m.5 views

The vulnerability of microprogrammed software for PACsystems programmable logic controllers, related to data transmission between the browser and the PLC using the HTTP protocol, allows a intruder to gain unauthorized access to protected information.

The vulnerability of PACsystems programmable logic controllers’ microprogramming software is related to the transmission of data between the browser and the PLC using the HTTP protocol. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

7.8CVSS5.5AI score
Exploits0References2
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.4 views

Omron SYSMAC CS/CJ/CP Series 和 NJ/NX Series 数据伪造问题漏洞

Omron SYSMAC CS/CJ/CP Series and Omron SYSMAC NJ/NX Series are products of Omron Corporation, Japan.Omron SYSMAC CS/CJ/CP Series is a series of programmable controllers.Omron SYSMAC NJ/NX Series is a series of machine automation controllers. Omron SYSMAC NJ/NX Series is a series of machine...

9.8CVSS9AI score0.00858EPSS
Exploits0References6
ICS
ICS
added 2022/06/28 12:0 a.m.89 views

Omron SYSMAC CS/CJ/CP Series and NJ/NX Series

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Omron Equipment: SYSMAC CS/CJ/CP Series and NJ/NX Series Vulnerabilities: Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity, Plaintext Storage of a Password...

9.8CVSS9.8AI score0.00858EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2022/06/27 10:35 a.m.86 views

Critical Security Flaws Identified in CODESYS ICS Automation Software

CODESYS has released patches to address as many as 11 security flaws that, if successfully exploited, could result in information disclosure and a denial-of-service DoS condition, among others. "These vulnerabilities are simple to exploit, and they can be successfully exploited to cause...

9.8CVSS1AI score0.01184EPSS
Exploits0
CNNVD
CNNVD
added 2022/06/23 12:0 a.m.5 views

Secheron SEPCOS Control and Protection Relay 安全漏洞

Secheron SEPCOS Control and Protection Relay is a relay from Secheron. Control and protect your DC panels and contact lines from short circuits and other electrical faults, and benefit from enhanced communication capabilities.A security vulnerability exists in the Secheron SEPCOS Control and...

7.8CVSS5.7AI score0.01167EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/06/22 12:0 a.m.9 views

PT-2022-3083 · Honeywell · Honeywell Controledge

Name of the Vulnerable Software and Affected Versions: Honeywell ControlEdge versions through R151.1 Description: The issue is related to the use of hard-coded credentials in the Honeywell ControlEdge programmable logic controllers. This could allow a remote attacker to gain elevated privileges...

9.8CVSS9.5AI score0.01395EPSS
Exploits0References7
ICS
ICS
added 2022/06/21 12:0 a.m.81 views

JTEKT TOYOPUC

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely Vendor: JTEKT Equipment: TOYOPUC Products Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in multiple operational technology OT...

9.8CVSS10AI score0.00982EPSS
Exploits0References4
CNVD
CNVD
added 2022/06/17 12:0 a.m.26 views

Mitsubishi Electric MELSEC-Q Series Denial of Service Vulnerability

The Mitsubishi Electric MELSEC-Q Series is a programmable logic controller of the Mitsubishi Electric MELSEC-Q Series from Mitsubishi Electric, Japan.A denial of service vulnerability exists in the Mitsubishi Electric MELSEC-Q Series, which is caused by incorrect resource locking failure to relea...

7.8CVSS3AI score0.01556EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/06/08 12:0 a.m.8 views

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software lies in the improper limitation of the path name to the restricted access directory. This allows a malicious actor to load any file into any directory of the file system.

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to download any file into any directory of the file system b...

9.1CVSS7.8AI score0.01627EPSS
Exploits0References7Affected Software9
CNNVD
CNNVD
added 2022/04/12 12:0 a.m.5 views

Siemens SCALANCE 安全漏洞

SCALANCE X switches are used to connect industrial components such as programmable logic controllers PLCs or human machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions. An access control error vulnerability exists in Siemens SCALANCE X-300 Switch Fami...

7.5CVSS7.3AI score0.01277EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/04/12 12:0 a.m.7 views

多款 Siemens 产品输入验证错误漏洞

SCALANCE X switches are used to connect to industrial components such as programmable logic controllers PLCs or human-machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions.Siemens SCALANCE X-300 Switch Family Devices are vulnerable to an input validati...

7.8CVSS7.3AI score0.01332EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/04/12 12:0 a.m.6 views

多款 Siemens 产品 缓冲区错误漏洞

SCALANCE X switches are used to connect to industrial components such as programmable logic controllers PLCs or human-machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions.A buffer overflow vulnerability exists in Siemens SCALANCE X-300 Switch Family...

8.8CVSS8.7AI score0.01598EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/04/07 12:0 a.m.6 views

ASUS RT-AX56U 路径遍历漏洞

The ASUS RT-AX56U is a wireless router from ASUS of Taiwan, China. A path traversal vulnerability exists in the ASUS RT-AX56U updatePLC/PORT file, which can be exploited by an attacker to overwrite system files by uploading another PLC/PORT file with the same filename, resulting in a service...

8.1CVSS5.6AI score0.00472EPSS
Exploits0References2
OSV
OSV
added 2022/04/04 8:15 p.m.6 views

CVE-2021-32980

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active...

9.8CVSS5.8AI score0.0107EPSS
Exploits0References1
Rows per page
Query Builder