PT-2025-83: Improper permission assignment to a critical resource in Fastwel PLC web server

The vulnerability was identified in Fastwel programmable controllers, versions 3.4.5.0 CPM810-03, 3.4.9.1 СPM723-01. Exploitation of the vulnerability allows an attacker with administrative permissions in a restricted environment to execute arbitrary code in the operating system and escalate thei...

Allen-Bradley's Legacy Protocol (PCCC) Denial Of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "DoS Exploitation of Allen-Bradley's Legacy Protocol PCCC", 'Description' = %q A remote, unauthenticated attacker could send a single, specially...

AutomationDirect P3-550E 安全漏洞

The AutomationDirect P3-550E is a programmable control system PLC from AutomationDirect USA. A security vulnerability exists in AutomationDirect P3-550E version 1.2.10.9. An attacker has exploited the vulnerability to cause a stack-based buffer overflow via specially crafted network packets...

CVE-2023-2993

A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute...

CVE-2023-2992

An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server...

Omron PLC CJ series 访问控制错误漏洞

The Omron PLC CJ series is a CJ series programmable logic controller PLC from Omron Japan. An Access Control Error vulnerability exists in Omron CJ1M PLC v4.0 and earlier versions, which arises from incorrect access control to a memory area where the UM password is stored...

Omron CP1L-EL20DR-D 安全漏洞

The Omron CP1L-EL20DR-D is a programmable controller from Omron Japan. A security vulnerability exists in the Omron CP1L-EL20DR-D. An attacker could exploit the vulnerability to cause unspecified commands in the FINS protocol to be executed without authentication...

多款WAGO产品安全漏洞

WAGO Series PFC100 and others are products of WAGO, Germany.WAGO Series PFC100 is a programmable logic controller.WAGO Compact Controller CC100 is a compact controller.WAGO Edge Controller is an edge controller. A security vulnerability exists in the WAGO Series PFC100/PFC200, Series Touch Panel...

Emerson ControlWave 数据伪造问题漏洞

Emerson ControlWave is a highly programmable controller from Emerson Electric U.S. that combines the unique capabilities of a Programmable Logic Controller PLC and a Remote Terminal Unit RTU into a hybrid controller. A data forgery vulnerability exists in all versions of Emerson ControlWave, whic...

Unspecified vulnerability in IDEC PLC (CNVD-2022-02761)

The IDEC PLC is a programmable controller. A security vulnerability exists in the IDEC PLC that can be exploited by an attacker to obtain user credentials from a file server, a backup repository, or a ZLD file saved on an SD card...

Allen Bradley Micrologix 1100 Input Validation Error Vulnerability

The Allen Bradley Micrologix 1100 is a programmable controller for industrial environments from Allen Bradley of the Netherlands. The device supports Ethernet access, online editing for monitoring and programming, an embedded Web server for controlling the device via a Web page, and an embedded L...

Mitsubishi Electric MELSEC iQ-R Series (Update D)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-R Series Vulnerability : Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a...

Schneider Electric Modicon M221 加密问题漏洞

The Modicon TM221 is a programmable controller for single device control architecture from Schneider Electric China Co. An information disclosure vulnerability exists in the Modicon TM221 from Schneider Electric China Ltd. that can be exploited by an attacker to obtain sensitive information...

Denial of Service Vulnerability in Omron Small PLC Series CP1L (CNVD-2020-58493)

CP1L is Omron's compact PLC series, an all-in-one PLC with built-in pulse output, analog input/output, and serial communication functions. A denial of service vulnerability exists in Omron Small PLC Series CP1L, which can be exploited by attackers to cause a device connection to be interrupted...

Denial of Service Vulnerability in NA400 of Nanda Aotuo Technology Jiangsu Co.

The NA400 is a programmable controller. A denial of service vulnerability exists in the NA400 of Nanda Aotuo Technology Jiangsu Co. An attacker can cause a denial of service to the device by continuously sending specific packets...

MITSUBISHI PLC suffers from denial of service vulnerability (CNVD-2019-37109)

MITSUBISHI PLC is a programmable controller product of Mitsubishi Electric Japan. A denial of service vulnerability exists in MITSUBISHI PLC, which can be exploited by an attacker to cause a denial of service...

MITSUBISHI PLC suffers from denial of service vulnerability (CNVD-2019-30335)

MITSUBISHI PLC is a programmable controller product of Mitsubishi Electric Japan. A denial of service vulnerability exists in MITSUBISHI PLC, which can be exploited by an attacker to cause a denial of service...

NA300 PLC has an unauthorized operation vulnerability

The NA300 PLC is a mid-size programmable controller. An unauthorized operation vulnerability exists in the NA300 PLC. An attacker can exploit the vulnerability to remotely tamper with the MAIN program in the PLC...

Allen Bradley Micrologix 1400 Series B FRN Access Control Vulnerability (CNVD-2018-08278)

Allen Bradley Micrologix 1400 Series B FRN is a programmable logic controller from Rockwell Automation. An access control vulnerability exists in the data, program, and function file permissions functions in the Allen Bradley Micrologix 1400 Series B FRN 21.2 and earlier. An attacker could exploi...

Schneider Electric Modicon PLC Multiple Authentication Bypass Vulnerability

Modicon PLCs are programmable controller products used in industries such as dams, energy, food and agriculture, and more. A multiple authentication bypass vulnerability exists in the Schneider Electric Modicon PLC, where once a session key is obtained for plaintext transmission, an attacker can...