Weintek cMT security breach

Weintek cMT is a Human Machine Interface application from Weintek. A security vulnerability exists in Weintek cMT that stems from the presence of an authenticated command injection vulnerability that allows an attacker to execute arbitrary code or access sensitive information by injecting a craft...

The vulnerability of the software for creating and managing graphical user interfaces in industrial automation systems like SCADA CONPROSYS HMI Systems lies in the use of a password hash instead of a password for authentication. This allows attackers to exploit this flaw to disclose sensitive information through a “man-in-the-middle” attack.

The vulnerability of the SCADA CONPROSYS HMI System lies in the use of a password hash instead of a plain-text password for authentication. Exploiting this vulnerability allows an attacker, operating remotely, to disclose sensitive information through a “man-in-the-middle” attack...

JTEKT ELECTRONICS HMI GC-A2 series Security Breach

JTEKT ELECTRONICS HMI GC-A2 series is a series of HMIs from JTEKT. The JTEKT ELECTRONICS HMI GC-A2 series suffers from a security vulnerability that originates from a Denial of Service DoS in the NetBIOS service, which can be exploited by an attacker to send specially crafted packets to a specifi...

JTEKT ELECTRONICS HMI GC-A2 series Security Breach

JTEKT ELECTRONICS HMI GC-A2 series is a series of Human Machine Interfaces HMIs from JTEKT. A security vulnerability exists in the JTEKT ELECTRONICS HMI GC-A2 series, which originates from a Denial of Service DoS vulnerability in the FTP service, where an unauthenticated, remote attacker sending...

PT-2023-31063 · Unknown · Hmi Gc-A2 Series

Name of the Vulnerable Software and Affected Versions: HMI GC-A2 series affected versions not specified Description: A denial-of-service DoS issue exists in the commplex-link service. If a remote unauthenticated attacker sends specially crafted packets to specific ports, a denial-of-service...

Unitronics PLC Trust Management Issue Vulnerabilities

Unitronics PLC is a programmable logic controller with a built-in HMI panel from Unitronics Israel. A trust management issue vulnerability exists in the Unitronics PLC, which arises from the use of a default management password that allows an attacker accessing the PLC or HMI over the network to...

Bosch ctrlX HMI Web Panel WR21 Security Vulnerability

Bosch ctrlX HMI Web Panel WR21 is an HMI panel from Bosch Germany. A security vulnerability exists in the Bosch ctrlX HMI Web Panel WR21 version, which originated from a vulnerability that allows an attacker to install an arbitrary Android application while locked in Kiosk mode and use it to acce...

The vulnerability of Weintek’s cMT3000 HMI Web CGI panel’s microprogramming software arises from buffer overflow in the stack. This allows a malicious actor to bypass the authentication process.

The vulnerability of Weintek’s cMT3000 HMI Web CGI panel software lies in buffer overflow attacks within the stack. Exploiting this vulnerability could allow an attacker to bypass the authentication process...

CVE-2023-42660

In Progress MOVEit Transfer versions released before 2021.1.8 13.1.8, 2022.0.8 14.0.8, 2022.1.9 14.1.9, 2023.0.6 15.0.6, a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit...

CVE-2023-23770

Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface MMI, allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled...

CVE-2023-23771

Motorola MBTS Base Radio accepts hard-coded backdoor password. The Motorola MBTS Base Radio Man Machine Interface MMI, allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled...

CVE-2023-23770

Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface MMI, allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled...

The vulnerability of the HCI interface, which operates according to the IEC 60870-5-104 standard, and the programmable logic controllers Hitachi Energy RTU500, allows a intruder to trigger a service failure.

The vulnerability of the HCI interface, which operates according to the IEC 60870-5-104 standard, in the Hitachi Energy RTU500 programmable logic controllers is related to buffer overflow in the stack. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

The vulnerability of the HCI interface, which operates according to the IEC 60870-5-104 standard, and the programmable logic controllers Hitachi Energy RTU500, allows a intruder to trigger a service failure.

The vulnerability of the HCI interface, which operates according to the IEC 60870-5-104 standard, in the Hitachi Energy RTU500 programmable logic controllers is related to buffer overflow in the stack. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

CVE-2023-1049

A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI...

Delta Electronics DOPSoft 安全漏洞

Delta Electronics DOPSoft is a set of human machine interface HMI software from Delta Electronics Taiwan, China. A security vulnerability exists in Delta Electronics DOPSoft version 1.0.0.4 and prior versions, which stems from susceptibility to a stack-based buffer overflow. An attacker can explo...

CVE-2023-29154

SQL injection vulnerability exists in the CONPROSYS HMI System CHS versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may execute an arbitrary SQL command via specially crafted input to the query setting page...

CVE-2023-28657

Improper access control vulnerability exists in CONPROSYS HMI System CHS versions prior to 3.5.3. A user of the PC where the affected product is installed may gain an administrative privilege. As a result, information regarding the product may be obtained and/or altered by the user...

CVE-2023-29154

SQL injection vulnerability exists in the CONPROSYS HMI System CHS versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may execute an arbitrary SQL command via specially crafted input to the query setting page...

Contec CONPROSYS HMI System SQL注入漏洞

Contec CONPROSYS HMI System is an HTML5-based HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product from Contec Japan. A security vulnerability exists in Contec CONPROSYS HMI System versions prior to 3.5.3, which originates from the presence of SQL injection...