CVE-2021-22792

A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU part numbers BMEP and BMEH, all versions, Modicon M340 CPU par...

CVE-2022-31205

In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication...

OpenPLC_V3 (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could result in the alteration of PLC settings or the upload of malicious programs. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...

CVE-2025-11782

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload' function uses “sprintf” to format a string that includes the user-controlled input of 'GetParametermeter' in the fixed-size buffer 'acStack4c' 64 bytes without checking the length. An attacker c...

CVE-2025-11778 Stack-based buffer overflow vulnreability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow in Circutor SGE-PLC1000/SGE-PLC50 v0.9.2. This vulnerability allows an attacker to remotely exploit memory corruption through the 'readpacket' function of the TACACSPLUS implementation...

PT-2025-48677

Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS', 'CheckPing' and 'TraceRoute' functions...

EUVD-2020-17399

Malware in sbrugna...

EUVD-2014-2292

Malware in sbrugna...

EUVD-2019-2657

Malware in sbrugna...

EUVD-2019-8057

Malware in sbrugna...

EUVD-2019-8061

Malware in sbrugna...

EUVD-2018-19545

Malware in sbrugna...

EUVD-2021-21256

Malware in sbrugna...

CVE-2022-2791

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC...

CVE-2020-18753

An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to gain access to the system and escalate privileges via a crafted packet...

CVE-2024-50954

The XINJE XL5E-16T and XD5E-24R-E programmable logic controllers V3.5.3b-V3.7.2a have a vulnerability in handling Modbus messages. When a TCP connection is established with the above series of controllers within a local area network LAN, sending a specific Modbus message to the controller can cau...

CVE-2024-50954

The CVE-2024-50954 issue affects XINJE XL5E-16T and XD5E-24R-E PLCs running V3.5.3b–V3.7.2a. The root cause is a vulnerability in Modbus message handling over a TCP LAN connection, which can crash the controller and disrupt operation, evidenced by the ERR indicator lighting and RUN indicator turn...

CVE-2023-22807 CVE-2023-22807

LS ELECTRIC XBC-DN32U with operating system version 01.80 does not properly control access to the PLC over its internal XGT protocol. An attacker could control and tamper with the PLC by sending the packets to the PLC over its XGT protocol...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC Drive Controller family All versions = V2.9.2 = V21.9 = V4.5.0 = V2.9.2 = V21.9 = V4.0 V4.0 SP1, SIPLUS TIM 1531 IRC All versions V2.3.6, TIM 1531 IRC All versions V2.3.6. An unauthenticated attacker could cause a denial-of-service condition in a PLC...

CVE-2021-37205

CVE-2021-37205 affects Siemens SIMATIC Drive Controller family and related devices (Drive Controller, ET 200SP Open Controller CPU 1515SP PC2, S7-1200/1500 families, S7-PLCSIM Advanced, TIM 1531 IRC). The issue is a memory-management flaw (MISSING RELEASE OF MEMORY AFTER EFFECTIVE LIFETIME) that ...