Fuji Electric Monitouch V-SFT 安全漏洞

Fuji Electric Monitouch V-SFT is a HMI software from Fuji Electric. A code execution vulnerability exists in Fuji Electric Monitouch V-SFT that originates from susceptibility to type confusion and can be exploited by an attacker to cause a system crash or execute arbitrary code...

Fuji Electric Monitouch V-SFT Buffer Overflow Vulnerability

Fuji Electric Monitouch V-SFT is a human-machine interface HMI configuration software developed by Fuji Electric, which is mainly used in industrial automation, providing touch screen interface design, PDF document viewing, video playback, alarm messages and other functions. Fuji Electric Monitou...

Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices

Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology OT devices. Internet-exposed OT equipment in water and wastewater systems WWS in the US were targeted in multiple attacks over the past months by different...

CVE-2024-27453

In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface MMI...

FATEK FvDesigner 安全漏洞

FATEK FvDesigner is a hardware device from the Chinese company Yonghong Electric FATEK. It provides a human-machine interface. A security vulnerability exists in FATEK FvDesigner that originates from not properly initializing a pointer before accessing it. An attacker can exploit the vulnerabilit...

FATEK FvDesigner 安全漏洞

FATEK FvDesigner is a hardware device from the Chinese company Yonghong Electric FATEK. It provides a human-machine interface. A security vulnerability exists in FATEK FvDesigner that stems from a lack of proper validation of user-supplied data. An attacker can exploit the vulnerability to execut...

Inductive Automation Ignition 安全漏洞

Inductive Automation Ignition is an integrated software platform for SCADA systems from Inductive Automation, USA. The platform supports SCADA data acquisition and monitoring systems, HMI human machine interface, etc. Ignition is a Fedora CoreOS and RHEL CoreOS utility for manipulating disks duri...

PT-2024-21906 · Extreme · Extremexos

Name of the Vulnerable Software and Affected Versions: Extreme XOS versions 22.6.1.4 and earlier Description: A read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface MMI. Recommendations: For Extreme XOS versions...

CVE-2024-27453

In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface MMI...

Inductive Automation Ignition 安全漏洞

Inductive Automation Ignition is an integrated software platform for SCADA systems from Inductive Automation, USA. The platform supports SCADA Data Acquisition and Monitoring Systems, HMI Human Machine Interface, and more. A security vulnerability exists in Inductive Automation Ignition that stem...

CVE-2024-27453

Summary: CVE-2024-27453 affects Extreme XOS up to version 22.6.1.4. A read-only user can escalate to root by sending a crafted HTTP POST to the Machine-to-Machine Interface (MMI) Python method. This is a network-accessible vulnerability with no user interaction required. Affected software/area: E...

FATEK FvDesigner 安全漏洞

FATEK FvDesigner is a hardware device from the Chinese company Yonghong Electric FATEK. It provides a human-machine interface. A security vulnerability exists in FATEK FvDesigner that stems from a lack of proper validation of user-supplied data. An attacker can exploit the vulnerability to execut...

The vulnerability of the AutomationDirect C-MORE EA9 HMI software’s microprogramming system, related to unencrypted storage of critical information, allows a intruder to gain unauthorized access to protected data.

The vulnerability of the Microprogrammed Control Panel Software of AutomationDirect C-MORE EA9 HMI relates to the unencrypted storage of critical information. Exploiting this vulnerability could allow an intruder to gain unauthorized access to protected information...

Siemens SCALANCE W700产品系列安全漏洞

Siemens SCALANCE is a series of Ethernet switches from Siemens, Germany. It connects to industrial control system ICS devices, including programmable logic controllers PLCs and human machine interface HMI systems. A security vulnerability exists in the Siemens SCALANCE W700 product family that...

The vulnerability of the Delta Industrial Automation DOPSoft software for designing human-machine interfaces lies in the copying of buffers without checking the size of the input data. This allows a malicious actor to execute arbitrary code.

The vulnerability of the Delta Industrial Automation DOPSoft software for designing human-machine interfaces lies in the copying of buffers without checking the size of input data during syntax analysis of the wKPFStringLen field. Exploiting this vulnerability allows a malicious actor to execute...

Delta Electronics DOPSoft Security Vulnerability

Delta Electronics DOPSoft is a Human Machine Interface HMI software from Delta Electronics, Taiwan, China. A security vulnerability exists in Delta Electronics DOPSoft that originates from a buffer overflow vulnerability when parsing the wMailContentLen field of a DPS file...

Delta Electronics DOPSoft Security Vulnerability

Delta Electronics DOPSoft is a Human Machine Interface HMI software package from Delta Electronics, a Taiwan, China-based company. A security vulnerability exists in Delta Electronics DOPSoft that stems from a buffer overflow vulnerability...

Delta Electronics DOPSoft Security Vulnerability

Delta Electronics DOPSoft is a set of Human Machine Interface HMI software from Delta Electronics, Taiwan, China. A security vulnerability exists in Delta Electronics DOPSoft that originates from a buffer overflow vulnerability when parsing the wKPFStringLen field of a DPS file...

CVE-2023-50466

An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter...

Weintek cMT security breach

Weintek cMT is a Human Machine Interface application from Weintek. A security vulnerability exists in Weintek cMT that stems from the presence of an authenticated command injection vulnerability that allows an attacker to execute arbitrary code or access sensitive information by injecting a craft...