OpenPLC_V3 (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could result in the alteration of PLC settings or the upload of malicious programs. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...

SUSE CVE-2013-1080

The web server in Novell ZENworks Configuration Management ZCM 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a reque...

CVE-2021-37401

An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded...

CVE-2021-37400

An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded...

CVE-2020-10276

The password for the safety PLC is the default and thus easy to find in manuals, etc.. This allows a manipulated program to be uploaded to the safety PLC, effectively disabling the emergency stop in case an object is too close to the robot. Navigation and any other components dependent on the las...

CVE-2018-7791

A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product all references, all versions prior to firmware V1.6.2.0. The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this...

Schneider Electric Modicon M221 Privilege Permission and Access Control Vulnerability

The Modicon M221 is a logic controller from Schneider Electric. A privilege-granting and access-control vulnerability exists in the Schneider Electric Modicon M221 with firmware versions lower than 1.6.2.0, which can be exploited by an unauthorized user to overwrite the original password, allowin...

Schneider Electric Modicon M221 Authentication Sequence Replay Vulnerability

The Modicon M221 is a logic controller from Schneider Electric. The Schneider Electric Modicon M221 suffers from an authentication sequence replay vulnerability that can be exploited by an attacker to replay the authentication sequence, which can be used to connect to the Modicon M221 and upload...

Nmap NSE 6.01: smb-psexec

Implements remote process execution similar to the Sysinternals' psexec tool, allowing a user to run a series of programs on a remote machine and read the output. This is great for gathering information about servers, running the same tool on a range of system, or even installing a backdoor on a...

CVE-2002-1469

scponly does not properly verify the path when finding the 1 scp or 2 sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs...