CVE-2026-6284 Horner Automation Cscape and XL4, XL7 PLC Weak password requirements

An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible...

A Multi-Layered Embedded Intrusion Detection Framework for Programmable Logic Controllers

Industrial control system ICS operations use trusted endpoints like human machine interfaces HMIs and workstations to relay commands to programmable logic controllers PLCs. Because most PLCs lack layered defenses, compromise of a trusted endpoint can drive unsafe actuator commands and risk...

EUVD-2017-16872

Malware in sbrugna...

EUVD-2017-16873

Malware in sbrugna...

ICSLure: a Very High Interaction Honeynet for PLC-Based Industrial Control Systems

The security of Industrial Control Systems ICSs is critical to ensuring the safety of industrial processes and personnel. The rapid adoption of Industrial Internet of Things IIoT technologies has expanded system functionality but also increased the attack surface, exposing ICSs to a growing range...

CVE-2024-50954

The XINJE XL5E-16T and XD5E-24R-E programmable logic controllers V3.5.3b-V3.7.2a have a vulnerability in handling Modbus messages. When a TCP connection is established with the above series of controllers within a local area network LAN, sending a specific Modbus message to the controller can cau...

CVE-2021-20827

Plaintext storage of a password vulnerability in IDEC PLCs FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier allows an...

CVE-2019-10953

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets...

CISA: Key Secure by Demand Elements for Operational Technology Fact Sheet

This fact sheet addresses key elements for operational technology OT owners and operators to consider when purchasing digital products that automate physical processes, e.g. programmable logic controllers PLCs, human-machine interfaces HMIs, and remote terminal units RTUs. CISA strongly advises...

Rockwell Automation GuardLogix 5580和Rockwell Automation GuardLogix 5380 安全漏洞

The Rockwell Automation GuardLogix 5580 and Rockwell Automation GuardLogix 5380 are both programmable logic controllers from Rockwell Automation. A security vulnerability exists in the Rockwell Automation GuardLogix 5580 and Rockwell Automation GuardLogix 5380. An attacker could exploit this...

WAGO 750-8xx 安全漏洞

The WAGO wago 750-8xx is a series of programmable logic controllers from the German company WAGO. The devices are specifically designed for applications in industrial environments where digital algorithms operate electronic systems. A security vulnerability exists in the WAGO 750-8xx that stems...

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack Overflow Code Execution Vulnerability

Fuji Electric Tellus Lite V-Simulator is a remote monitoring software for industrial environments developed by Fuji Electric Japan for collecting real-time data from PLCs, temperature controllers, inverters and other devices. Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack Overflow...

Siemens S7-200 SMART series uses unsafe random value vulnerability

The S7-200 SMART series is a series of miniature programmable logic controllers that control a variety of small automation applications. A use of insecure random values vulnerability exists in the Siemens S7-200 SMART series, which can be exploited by an attacker to create a denial of service...

Siemens SIMATIC S7-200 SMART Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens SCALANCE W700产品系列安全漏洞

Siemens SCALANCE is a series of Ethernet switches from Siemens, Germany. It connects to industrial control system ICS devices, including programmable logic controllers PLCs and human machine interface HMI systems. A security vulnerability exists in the Siemens SCALANCE W700 product family that...

Siemens SCALANCE W700产品系列安全漏洞

Siemens SCALANCE is a series of Ethernet switches from Siemens, Germany. It connects to Industrial Control System ICS devices, including Programmable Logic Controllers PLCs and Human Machine Interface HMI systems. A security vulnerability exists in the Siemens SCALANCE W700 product family, which...

Unitronics Unistream Unilogic Data Forgery Issue Vulnerability

Unitronics Unistream Unilogic is an integrated controller software platform from Unitronics for developing and programming the Unistream family of programmable logic controllers PLCs. A security vulnerability exists in Unitronics Unistream Unilogic versions prior to 1.35.227, which stems from the...

VulnCheck KEV: CVE-2023-6448

Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands...

Siemens SCALANCE 安全漏洞

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers PLCs or Human Machine Interfaces HMIs, that comply with the IEEE 802.11...

Siemens SCALANCE 资源管理错误漏洞

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers PLCs or Human Machine Interfaces HMIs, that comply with the IEEE 802.11...