15 matches found
EUVD-2013-0674
Malware in sbrugna...
isf
This is a Python-based exploitation framework called ISF Industrial Exploitation Framework that is similar to Metasploit. It is designed for industrial control system ICS exploitation and is used for testing and demonstrating vulnerabilities in ICS devices. The framework is based on the open-sour...
CVE-2013-2761
The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules allow remote authenticated users to cause a denial of service module crash via crafted FTP traffic, as demonstrated by the FileZilla FTP client...
CVE-2021-32986 Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel
After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without...
Schneider Electric Modicon Cross-Site Request Forgery (CVE-2013-0663)
Cross-site request forgery CSRF vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary...
Multiple Schneider Electric Modicon PLC Modules Directory Traversal
Binary data 37.prm...
Multiple Schneider Electric Modicon PLC Modules Directory Traversal
Binary data 7154.pasl...
Schneider Electric PLCs Vulnerabilities
OVERVIEW --------- Begin Update B Part 1 of 2 -------- This updated advisory is a follow-up to the previous advisory update titled ICSA-13-077-01A Schneider Electric PLCs Vulnerabilities Update A that was published March 20, 2013, on the ICS-CERT Web page. It is also a follow-up to the updated...
CVE-2013-0664
The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests...
CVE-2013-0663
Cross-site request forgery CSRF vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary...
Code injection
The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary...
CVE-2013-2763
The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service resource consumption via unspecified vectors. NOTE: the vendor reportedly disputes this issue because it "could not be duplicated" and "an attacker could not remotely exploit this observed behavior to deny...
CVE-2013-0663
CVE-2013-0663 affects Schneider Electric Modicon M340, Quantum 140NOE7711x/140NWM10000, and Premium TSXETY4103/5103/TSXWMY100 PLC modules. The vulnerability is a Cross-Site Request Forgery (CSRF) in the web server interface that permits remote attackers to hijack user authentication and issue com...
CVE-2013-0664
CVE-2013-0664 affects Schneider Electric Modicon PLCs (Quantum 140NOE77111, 140NWM10000, M340 BMXNOE0110x, Premium TSXETY5103). The vulnerability arises in the FactoryCast feature: remote authenticated users can embed Modbus messages in SOAP HTTP POST requests, enabling arbitrary code execution o...