WebAccess/HMI Designer suffers from a denial of service vulnerability (CNVD-2021-24692)

WebAccess/HMI Designer is an integrated human-machine interface development tool. A denial of service vulnerability exists in WebAccess/HMI Designer, which can be exploited by an attacker to cause a denial of service...

Rusavtomatika Weintek EasyWeb cMT 代码注入漏洞

Rusavtomatika Weintek EasyWeb cMT is an application platform of the Russian company Rusavtomatika. It is used to configure the parameters of the human-machine interface. A code injection vulnerability exists in Rusavtomatika Weintek EasyWeb cMT that allows an unauthenticated, remote attacker to...

WebAccess/HMI Designer suffers from a denial of service vulnerability (CNVD-2021-24693)

WebAccess/HMI Designer is an integrated human-machine interface development tool. A denial of service vulnerability exists in WebAccess/HMI Designer, which can be exploited by an attacker to cause a denial of service...

Scalance X Products Hard-Coded Encryption Key Vulnerability

SCALANCE X is a switch for connecting industrial components such as programmable logic controllers plc or human machine interfaces HMIs. The Scalance X Products hard-coded encryption key vulnerability can be exploited by an attacker to handle man-in-the-middle scenarios and decrypt previously...

DOPSoft Out-of-Bounds Write Vulnerability

DOPSoft is a Human Machine Interface HMI programming software from Delta Electronics. DOPSoft 4.0.8.21 and earlier versions suffer from an out-of-bounds write vulnerability when handling project files. An attacker could exploit this vulnerability to execute arbitrary code...

Apache Flink Arbitrary File Read Vulnerability

Apache Flink is efficient and distributed general purpose data processing platform. Apache Flink products have an arbitrary file read vulnerability that can be exploited by an attacker to read sensitive files on the server and with the help of hard-coded credentials exploit the vulnerability to...

Apache Flink 安全漏洞

Apache Flink is efficient and distributed general purpose data processing platform. Apache Flink products have an arbitrary file read vulnerability that can be exploited by an attacker to read sensitive files on the server and with the help of hard-coded credentials exploit the vulnerability to...

dll hijacking vulnerability in EasyAccess 2.0 (Windows Client) of Taiwan Virent Technology Co.

EasyAccess2.0 is a HMI remote access tool produced by VelenTouch, which allows you to remotely access machines and equipment thousands of miles away from any place, to realize remote monitoring of HMI and remote penetration of PLC controllers, to complete the status of the monitoring and program...

The vulnerabilities in the VMCI drivers of VMware ESXi, VMware Workstation, and VMware Fusion allow attackers to cause system failures.

The vulnerability of VMCI drivers in hypervisor graphics of VMware ESXi, VMware Workstation, and VMware Fusion is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a attacker to cause service failures...

ARC Informatique PcVue Information Disclosure Vulnerability

Pcvue is a multi-functional HMI-SCADA software from ARC Informatique, an all-in-one solution that monitors all aspects of a customer's assets.PcVue is used in a wide range of applications including industrial control, building management, energy management, smart grid, energy distribution,...

Vulnerabilities discovered in HMI Panels

Because SIMATIC HMI panels do not properly handle repeated login attempts correctly, they are susceptible to Brute-force attacks. A malicious party can use them to retrieve user names and passwords find out and thus issue random commands with permissions from the affected user account. To exploit...

Advantech WebAccess HMI Designer Type Obfuscation Vulnerability

Advantech WebAccess HMI Designer is an integrated HMI development tool from Advantech, Taiwan, China. The product is equipped with features such as data transfer, menu editing and text editing. A type confusion vulnerability exists in Advantech WebAccess HMI Designer version 2.1.9.31 and prior...

Memory Corruption Vulnerability in DOP-B Series HMI Software at Delta Electronics Enterprise Management (Shanghai) Co.

Delta Electronics Enterprise Management Shanghai Co., Ltd. was established in December 2003, and its business scope includes the fields of computer, software, information, communication, network, electromechanics and optoelectronics. A memory corruption vulnerability exists in the DOP-B series HM...

Denial of Service Vulnerability in Advantech WebAccess Node

Advantech WebAccess Node is a fully Internet Explorer based HMI/SCADA monitoring software. A heap overflow vulnerability exists in Advantech WebAccess Node that could lead to a denial of service...

Advantech WebAccess Node Buffer Overflow Vulnerability (CNVD-2020-32232)

Advantech WebAccess browser-based HMI and SCADA software. A buffer overflow vulnerability exists in Advantech WebAccess Node, which can be exploited by an attacker to remotely execute code...

Inductive Automation Ignition Code Issue Vulnerability (CNVD-2020-34643)

Inductive Automation Ignition is a suite of integrated software platforms for SCADA systems from Inductive Automation, Inc. The platform supports SCADA data acquisition and monitoring systems, HMI human machine interface and more. A code issue vulnerability exists in Inductive Automation Ignition...

CVE-2020-7000

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HM...

Memory Corruption Vulnerability in Taian Technology AT Upper (AT HMI System) (CNVD-2020-22760)

Ltd. is a wholly foreign owned enterprise established in China on July 1, 2000 by Antai International Investment Singapore Pte Ltd, a subsidiary of TECO Group, a renowned Taiwanese multinational corporation. The memory corruption vulnerability exists in Taiwan Security Technology's AT Upper Unit ...

Memory Corruption Vulnerability in Taiwan Security Technology AT Upper Unit (AT HMI System)

Ltd. is a wholly foreign owned enterprise established in China on July 1, 2000 by Antai International Investment Singapore Pte Ltd, a subsidiary of TECO Group, a renowned Taiwanese multinational corporation. A memory corruption vulnerability exists in Taiwan Security Technology's AT Upper Unit AT...

Pen Testing Ships. A year in review

Partially driven by the upcoming inclusion of Cyber Security by the IMO International Maritime Organisation, 2019 was a really busy year for maritime security testing at PTP. What can we all learn from a year of evaluating the security of ships? We’ve been involved in all sorts of ship testing,...