Siemens SCALANCE 安全漏洞

SCALANCE X switches are used to connect industrial components such as programmable logic controllers PLCs or human machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions. An access control error vulnerability exists in Siemens SCALANCE X-300 Switch Fami...

mySCADA myPRO 操作系统命令注入漏洞

mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to inject arbitrary operating system commands via specific paramete...

Wecon Technologies LeviStudioU 缓冲区错误漏洞

Wecon Technologies LeviStudioU is a suite of HMI programming software from China's Wecon Technologies. A security vulnerability exists in WECON LeviStudioU, which can be exploited by attackers to remotely execute code...

mySCADA myPRO 操作系统命令注入漏洞

mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to inject arbitrary operating system commands via specific paramete...

Wecon Technologies LeviStudioU 缓冲区错误漏洞

Wecon Technologies LeviStudioU is a set of human-machine interface programming software from Wecon Technologies China. A security vulnerability exists in Wecon Technologies LeviStudioU, which can be exploited by attackers to execute code...

Mitsubishi Electric Got 输入验证错误漏洞

Mitsubishi Electric Got is an HMI touchscreen from Mitsubishi Electric Japan. An input validation error vulnerability exists in Mitsubishi Electric GOT, which can be exploited by an attacker to send malicious packets to rewrite the device and adversely affect the operation of the system...

The vulnerability of HMI/SCADA systems like xArrow arises from the possibility of running them with unverified registry keys with application-level privileges. This allows attackers to bypass existing security restrictions and enhance their privileges.

The vulnerability of HMI/SCADA systems like xArrow stems from the ability to execute commands through unverified registry keys with application-level privileges. Exploiting this vulnerability allows attackers to bypass existing security restrictions and enhance their privileges...

The vulnerability of the “bdate” parameter in the xhisvalue.htm component of the HMI/SCADA application xArrow allows attackers to perform cross-site scripting attacks.

The vulnerability of the “bdate” parameter in the xhisvalue.htm component of the HMI/SCADA application xArrow is related to the lack of measures taken to protect the web page structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

ECOA Building Automation System - Configuration Download Information Disclosure

Exploit Title: ECOA Building Automation System - Configuration Download Information Disclosure Date: 25.06.2021 Exploit Author: Neurogenesia Vendor Homepage: http://www.ecoa.com.tw ECOA Building Automation System Configuration Download Information Disclosure Vendor: ECOA Technologies Corp. Produc...

ECOA Building Automation System Directory Traversal Vulnerability

ECOA building automation systems suffer from directory traversal vulnerability that allows for content disclosure. Many versions are affected. ECOA Building Automation System Directory Traversal Content Disclosure Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected...

ECOA Building Automation System Path Traversal / Arbitrary File Upload Vulnerabilities

ECOA building automation systems suffer from path traversal and arbitrary file upload vulnerabilities. Many versions are affected. ECOA Building Automation System Path Traversal Arbitrary File Upload Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA E...

ECOA Building Automation System Path Traversal Arbitrary File Upload

Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...

ECOA Building Automation System Missing Encryption Of Sensitive Information

Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...

mySCADA myPRO 路径遍历漏洞

mySCADA myPRO is a software application. myPRO is a professional HMI/SCADA system designed for the visualization and control of industrial processes. A path traversal vulnerability exists in mySCADA myPRO, which stems from a failure of the affected product to properly filter special elements in t...

Delta Electronics Industrial Automation DOPSoft 缓冲区错误漏洞

Delta Electronics Industrial Automation DOPSoft is a set of human machine interface HMI software from Delta Electronics Taiwan, China. A buffer error vulnerability exists in Delta Electronics Industrial Automation DOPSoft that stems from the affected product's susceptibility to out-of-bounds read...

CVE-2021-27383

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7" & 15" incl. SIPLUS variants All versions V15.1 Update 6, SIMATIC HMI Comfort Outdoor Panels V16 7" & 15" incl. SIPLUS variants All versions V16 Update 4, SIMATIC HMI Comfort Panels V15 4" - 22" incl. SIPLUS...

Denial of Service Vulnerability in CenturyStar Configuration Software (CNVD-2021-35746)

Century Star Configuration Software is an obstruction software launched by Beijing Century Changqiu Technology Co., Ltd. is a real-time human-machine interface utility program generator, consisting of the CSMaker development system and CSViewer runtime system, the CSMaker development system is th...

Siemens Web Server缓冲区错误漏洞

Siemens SCALANCE X switches are used to connect industrial components such as programmable logic controllers PLCs or human machine interfaces HMIs. A heap buffer overflow vulnerability exists in the Siemens SCALANCE X-200 web server. An attacker could exploit the vulnerability to cause a denial o...

WebAccess/HMI Designer suffers from a denial of service vulnerability (CNVD-2021-24691)

WebAccess/HMI Designer is an integrated human-machine interface development tool. A denial of service vulnerability exists in WebAccess/HMI Designer, which can be exploited by an attacker to cause a denial of service...

Rusavtomatika Weintek EasyWeb cMT 跨站脚本漏洞

Rusavtomatika Weintek EasyWeb cMT is an application platform of the Russian company Rusavtomatika. It is used to configure the parameters of the human-machine interface. A cross-site scripting vulnerability exists in Rusavtomatika Weintek EasyWeb cMT, which allows unauthenticated, remote attacker...