20 matches found
EUVD-2018-13360
Malware in sbrugna...
EUVD-2024-49496
Malicious code in bioql PyPI...
EUVD-2024-49494
Malicious code in bioql PyPI...
EUVD-2024-49495
Malicious code in bioql PyPI...
CVE-2024-8936
CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call used to tamper with memory...
CVE-2024-8937
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in the...
Schneider Electric Modicon M340, MC80, and Momentum Unity M1E Improper Restriction of Operations Within the Bounds of a Memory Buffer (CVE-2024-8937)
Arbitrary code execution can potentially be achieved after a successful Man-In-The Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in the authentication process. This plugin only works with Tenable.ot. Please visit...
CVE-2024-8938
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in memory...
CVE-2024-8937
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in the...
CVE-2024-8936
CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call used to tamper with memory...
CVE-2024-8936
CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call used to tamper with memory...
CVE-2024-8938
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in memory...
CVE-2024-8937
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in the...
CVE-2024-8937
CVE-2024-8937 affects Schneider Electric’s Modicon M340, MC80, and Momentum Unity M1E PLCs. The vulnerability is described as CWE-119: Improper restriction of operations within the bounds of a memory buffer, potentially enabling arbitrary code execution. The attack scenario reported involves a su...
PT-2024-8142 · Schneider Electric · Schneider Electric Modicon Mc80 Bmkc80 +2
Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon M340 CPU BMXP34 versions affected versions not specified Schneider Electric Modicon MC80 BMKC80 versions affected versions not specified Schneider Electric Modicon Momentum Unity M1E Processor 171CBU versions affect...
Schneider Modicon Remote START/STOP Command
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Schneider Modicon Remote START/STOP Command', 'Description' = %q The Schneider Modicon with Unity series of PLCs use Modbus function code 90 0x5a...
Schneider Modicon Ladder Logic Upload/Download
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Schneider Modicon Ladder Logic Upload/Download', 'Description' = %q The Schneider Modicon with Unity series of PLCs use Modbus function code 90...
Schneider Electric Modicon M580 UMAS read memory block information disclosure vulnerability
Summary An exploitable information disclosure vulnerability exists in the UMAS read memory block function of the Schneider Electric Modicon M580 programmable automation controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to return blocks of memory, resulting...
Schneider Electric Modicon M580 UMAS set breakpoint denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the UMAS set breakpoint functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault state,...
Schneider Modicon Ladder Logic Upload/Download
The Schneider Modicon with Unity series of PLCs use Modbus function code 90 0x5a to send and receive ladder logic. The protocol is unauthenticated, and allows a rogue host to retrieve the existing logic and to upload new logic. Two modes are supported: "SEND" and "RECV," which behave as one might...