EUVD-2020-20856

Malware in sbrugna...

CVE-2021-37401

An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded...

XINJE XD

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity/public exploits are available Vendor: XINJE Equipment: XINJE XD Programing Tool Vulnerabilities: Relative Path Traversal, Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

CVE-2021-34606

A vulnerability exists in XINJE XD/E Series PLC Program Tool in versions up to v3.5.1 that can allow an authenticated, local attacker to load a malicious DLL. Local access is required to successfully exploit this vulnerability. This means the potential attacker must have access to the system and...

Design/Logic Flaw

A vulnerability exists in XINJE XD/E Series PLC Program Tool in versions up to v3.5.1 that can allow an authenticated, local attacker to load a malicious DLL. Local access is required to successfully exploit this vulnerability. This means the potential attacker must have access to the system and...

Information disclosure

A zip slip vulnerability in XINJE XD/E Series PLC Program Tool up to version v3.5.1 can provide an attacker with arbitrary file write privilege when opening a specially-crafted project file. This vulnerability can be triggered by manually opening an infected project file, or by initiating an uplo...

CVE-2021-34606 XINJE XD/E Series PLC Program Tool DLL Hijacking

A vulnerability exists in XINJE XD/E Series PLC Program Tool in versions up to v3.5.1 that can allow an authenticated, local attacker to load a malicious DLL. Local access is required to successfully exploit this vulnerability. This means the potential attacker must have access to the system and...

CVE-2021-34606

CVE-2021-34606 affects XINJE XD/E Series PLC Program Tool up to version 3.5.1. The issue is due to an Uncontrolled Search Path Element (DLL hijacking) that could allow an authenticated, local attacker with file-write privileges to place a malicious DLL and cause arbitrary code execution with the ...

CVE-2021-34605

CVE-2021-34605 affects XINJE XD/E Series PLC Program Tool up to version 3.5.1. A zip-slip flaw in handling a crafted project file could grant arbitrary file write, potentially enabling remote code execution, information disclosure and DoS on the tool. Affected path includes opening a malicious pr...

CVE-2021-37401

An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded...

Siemens SIMATIC S7-1500 CPU and SIMATIC S7-1500 Incorrect Authorization Vulnerability

The Siemens SIMATIC S7-1500 CPU and SIMATIC S7-1500 are both products of Siemens, Germany.The SIMATIC S7-1500 CPU is a CPU central processing unit module.The SIMATIC S7-1500 is a programmable logic controller. A security vulnerability exists in the Siemens SIMATIC S7-1500 CPU and SIMATIC S7-1500...

CVE-2020-28397

A vulnerability has been identified in SIMATIC Drive Controller family All versions V2 V2.5 V2.5 V21.9, TIM 1531 IRC incl. SIPLUS NET variants Version V2.1. Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program...

CRITICAL CODESYS VULNERABILITIES IN WAGO PFC 200 SERIES

VENDOR DESCRIPTION “The WAGO-I/O-SYSTEM is a flexible fieldbus-independent solution for decentralized automation tasks. With the relay, function and interface modules, as well as overvoltage protection, WAGO provides a suitable interface for any application.” Source:...