Trane Tracer SC, Tracer SC+, and Tracer Concierge Use of a Broken or Risky Cryptographic Algorithm (CVE-2026-28252)

A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device. This plugin only works with Tenable.ot. Please visit...

ABB M2M Gateway Heap Overflow in embedded Zlib (CVE-2022-37434)

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call...

ABB M2M Gateway Use-After-Free in embedded Linux Kernel (CVE-2023-32233)

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. This plug...

ABB M2M Gateway Out-Of-Bound Read/Write in embedded Linux Kernel (CVE-2023-35001)

Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nftbyteorder poorly handled vm register contents when CAPNETADMIN is in any user or network namespace This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...

ABB M2M Gateway Use-After-Free in embedded Libexpat (CVE-2022-40674)

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503230;...

Configuration Change Detected (Medium)

The system detected a change in the controller code that was made via the network. An attacker may use code changes to disrupt normal operations, to cause production losses, or to create a security threat. This plugin only works with Tenable.ot. Please visit...

Device Mode Transition Detected (Critical)

The state of the controller code changed, regardless of the state expected by the process. When not part of scheduled maintenance, forcing can be used to introduce hard-to-detect, long-lasting changes that are harmful to operations. This plugin only works with Tenable.ot. Please visit...

Device Mode Transition Detected (Medium)

The state of the controller code changed, regardless of the state expected by the process. When not part of scheduled maintenance, forcing can be used to introduce hard-to-detect, long-lasting changes that are harmful to operations. This plugin only works with Tenable.ot. Please visit...

Device Status Query Detected (Medium)

A status query has been sent to the device, which might indicate a reconnaissance activity. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503183...

Device Status Modification Detected (Low)

Changes in the controller state can stop operations altogether or start an operation that should not have been started. These operations can be used by an attacker to disrupt normal operation, cause production losses, or create safety concerns. This plugin only works with Tenable.ot. Please visit...

Device Mode Transition Detected (Low)

The state of the controller code changed, regardless of the state expected by the process. When not part of scheduled maintenance, forcing can be used to introduce hard-to-detect, long-lasting changes that are harmful to operations. This plugin only works with Tenable.ot. Please visit...

Controller Code Modification Detected (Medium)

The system detected a change in the controller code that was made via the network. An attacker may use code changes to disrupt normal operations, to cause production losses, or to create a security threat. This plugin only works with Tenable.ot. Please visit...

Controller Code Modification Detected (Critical)

The system detected a change in the controller code that was made via the network. An attacker may use code changes to disrupt normal operations, to cause production losses, or to create a security threat. This plugin only works with Tenable.ot. Please visit...

Device Status Query Detected (High)

A status query has been sent to the device, which might indicate a reconnaissance activity. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503184...

Firmware Version Change Detected (High)

Changes in the controller firmware represent a major change in the behavior of the device and usually cause a temporary interruption of operations. An attacker could use firmware changes to add malicious code to the controller, causing it to perform harmful operations which are hard to detect. Th...

Firmware Version Change Detected (Medium)

Changes in the controller firmware represent a major change in the behavior of the device and usually cause a temporary interruption of operations. An attacker could use firmware changes to add malicious code to the controller, causing it to perform harmful operations which are hard to detect. Th...

Siemens SIMATIC S7-1500 TM MFP Buffer Access with Incorrect Length Value (CVE-2024-42154)

In the Linux kernel, the following vulnerability has been resolved: tcpmetrics: validate source addr length I don't see anything checking that TCPMETRICSATTRSADDRIPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all neither does it for IPv6 but v6 is manual...

Siemens SIMATIC S7-1500 TM MFP Double Free (CVE-2024-41046)

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiqetop: fix double free in detach The number of the currently released descriptor is never incremented which results in the same skb being released multiple times. This plugin only works with Tenable.ot. Please...

Siemens SCALANCE X-200RNA Switch Devices Use After Free (CVE-2015-6564)

Use-after-free vulnerability in the mmanswerpamfreectx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITORREQPAMFREECTX request. This plugin only works...

Siemens SIMATIC Devices Linux Kernel Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CVE-2022-41850)

roccatreportevent in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report-value is in progress. This plugin only works with Tenable.ot. Please visit...