38 matches found
EUVD-2018-19522
Malware in sbrugna...
EUVD-2017-15098
Malware in sbrugna...
EUVD-2018-19523
Malware in sbrugna...
EUVD-2020-28623
Malware in sbrugna...
EUVD-2018-19543
Malware in sbrugna...
EUVD-2017-15096
Malware in sbrugna...
EUVD-2018-19542
Malware in sbrugna...
EUVD-2018-19516
Malware in sbrugna...
EUVD-2021-9926
Malicious code in bioql PyPI...
CVE-2020-7498
A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software all versions. The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file...
CVE-2019-6843
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware version prior to V3.10, Modicon M340 all firmware versions, and Modicon BMxCRA and 140CRA modules all firmware versions, which could cause a Denial of Service attack on the PLC when upgrading...
Schneider Electric EcoStruxure Control Expert, EcoStruxure Process Expert, and Modicon M340, M580 and M580 Safety PLCs Improper Enforcement of Message Integrity During Transmission in a Communication Channel (CVE-2023-6408)
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack. This plugin only works with Tenable.ot...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on July 20, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-201-01 Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation...
Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers Vulnerabilities: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION...
Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers Improper Check For Unusual or Exceptional Conditions (CVE-2022-45788)
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert All...
Schneider Electric Modicon PLCs Predictable Value Range From Previous Values (CVE-2017-6030)
A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected...
Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs
Security researchers have disclosed two new vulnerabilities affecting Schneider Electric Modicon programmable logic controllers PLCs that could allow for authentication bypass and remote code execution. The flaws, tracked as CVE-2022-45788 CVSS score: 7.5 and CVE-2022-45789 CVSS score: 8.1, are...
CVE-2020-7498
A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software all versions. The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file...
Hardcoded credentials
A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software all versions. The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file...
CVE-2020-7498
The CVE-2020-7498 entry concerns Schneider Electric Unity Loader and OS Loader Software (all versions) with a CWE-798 issue: the use of hard-coded credentials to simplify file transfers. This root cause means an attacker could potentially gain unauthorized access to the file transfer service used...