Denial of Service Vulnerability in Multiple Siemens Products (CNVD-2018-06025)

The SIMATIC CP 343-1 Advanced is an Ethernet communication module that supports PROFINET, the new generation of automation bus standards based on industrial Ethernet technology. 1500 is a programmable logic controller. A denial of service vulnerability exists in several Siemens products. An...

The vulnerability of the programmable logic controller S7-SoftPLC, related to the output of operations beyond the buffer in memory, allows a intruder to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the programmable logic controller S7-SoftPLC arises from the execution of an operation outside the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

Eaton ELCSoft Out-of-Bounds Access Remote Code Execution Vulnerability

The Eaton ELCSoft programmable logic control software runs on a PC and can help configure the ELC controller. An out-of-bounds access remote code execution vulnerability exists in Eaton ELCSoft, where memory access exceeds the end of the allocation buffer due to the program process failing to...

Eaton ELCSoft DEV File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability

The Eaton ELCSoft programmable logic control software runs on a PC and can help configure the ELC controller. An out-of-bounds write remote code execution vulnerability exists in Eaton ELCSoft, which can be exploited by an attacker to execute arbitrary code in the context of the current process...

Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Rockwell Automation Equipment: Allen-Bradley MicroLogix 1100 and 1400 Vulnerabilities: Predictable Value Range from Previous Values; Reusing a Nonce, Key Pair in Encryption; Information Exposure; Improper Restriction ...

The vulnerability of the embedded software of the programmable logic controller OVEEN PLK110 allows a intruder to perform overwriting of the system’s memory space.

The vulnerability of the embedded software of the OVEEN PLK110 programmable logic controller is related to the existence of an undocumented capability in the write commands. Exploiting this vulnerability allows a malicious actor to perform overwrites in the system’s memory space writing data to a...

The vulnerability of the embedded software of the programmable logic controller OVEEN PLK110 allows a intruder to overwrite data stored in the stack or execute arbitrary code.

The vulnerability of the embedded software of the OVEEN PLC110 programmable logic controller lies in the lack of checks for the length of the file name during the generation of the error message when processing a read or write request for the file. This leads to buffer overflows in the stack...

Schneider Electric Model TSXP572634M PLC Bypasses Certification Vulnerability

Schneider Electric Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. When the configuration software is connected to the PLC, all computers that are successfully connected to the P...

Siemens S7300/400 PLC has a Privilege Bypass Downtime Vulnerability

The Siemens S7300/400 PLC is a modular general-purpose controller from Siemens for the manufacturing industry. A privilege bypass downtime vulnerability exists in the Siemens S7300/400 PLC. An attacker can exploit the vulnerability by sending a specific message to change the PLC from the RUN stat...

Panasonic FPWIN Pro Buffer Overflow Vulnerability (CNVD-2016-03215)

Panasonic FPWIN Pro is a set of programming software for all FP series PLCs Programmable Logic Controllers from Panasonic. A buffer overflow vulnerability exists in Panasonic FPWIN Pro, which can be exploited by remote attackers to crash the program...

Panasonic FPWIN Pro Buffer Overflow Vulnerability

Panasonic FPWIN Pro is a set of programming software for all FP series PLCs Programmable Logic Controllers from Panasonic. A buffer overflow vulnerability exists in Panasonic FPWIN Pro, which can be exploited by an attacker to overwrite heap memory and crash the program...

Vulnerability of the microprogramming software for Micrologix 1100 and 1400 programmable logic controllers, allowing attackers to execute arbitrary SQL commands

The vulnerability of the microprogrammed logic controllers Micrologix 1100 and 1400 lies in the lack of protection for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

The vulnerability of the microprogramming software of Schneider Electric’s Modicon M340 programmable logic controller allows a remote intruder to execute any desired code.

The vulnerability of the microprogrammed software of Schneider Electric’s Modicon M340 programmable logic controller is due to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor to inject JavaScript code into the device remotely...

The vulnerability of the microprogramming software of Siemens Simatic S7-1200 programmable logic controllers allows a intruder to perform inter-site fraudulently by manipulating requests.

The software of the programmable logic controller Simatic S7-1200 contains a vulnerability in its built-in server port 80 TCP and port 443 TCP. Exploiting this vulnerability allows for inter-site request forgery attacks...

Siemens SIMATIC S7-1200 Open Redirect Vulnerability

The Siemens SIMATIC S7-1200 is a modular PLC controller. An open redirection vulnerability exists in integrated web server on Siemens SIMATIC S7-1200 CPU devices with firmware prior to version 4.1, which allows remote attackers to redirect a user to an arbitrary web site via an unspecified vector...

Patch Available for Schneider Electric Serial Modbus Driver

Schneider Electric, a leading provider of industrial control systems, recently patched a remotely exploitable vulnerability in a driver found in 11 of its products. The Industrial Control Systems Computer Emergency Response Team ICS-CERT released an advisory yesterday alerting users to the...

Stuxnet 3.0 to be possibility released at MalCon?

Stuxnet 3.0 to be possibility released at MalCon? Malware coders and security researchers are increasingly looking at MalCon malware convention to show-off their latest creations and research. We were pretty shocked to see in a twitter update today from MalCon, that one of the research paper...

Stuxnet Source Code Released Online - Download Now

Stuxnet Source Code Released Online - Download Now Stuxnet is a Microsoft Windows computer worm discovered in July 2010 that targets industrial software and equipment. While it is not the first time that crackers have targeted industrial systems,it is the first discovered malware that spies on an...