The vulnerability of microprogrammed software in Mitsubishi Electric’s M800V/M80V Series, M800/M80/E80 Series, C80 Series, and M700V/M70V/E70V Series programmable logic controllers is related to incorrect input of configuration data. This vulnerability allows a malicious actor to cause malfunctions during maintenance operations.

The vulnerability of microprogrammed software in Mitsubishi Electric’s M800V/M80V Series, M800/M80/E80 Series, C80 Series, M700V/M70V/E70 Series programmable logic controllers is related to incorrect input of configuration data. Exploiting this vulnerability can allow an attacker, operating...

The vulnerability of the microprogrammed logic controller (PLC) Advantech ADAM-5630 software, which stems from the use of weak encryption algorithms, allows a hacker to expose user account information.

The vulnerability of the microprogrammed logic controller PLC Advantech ADAM-5630 software is related to the use of weak encryption algorithms. Exploiting this vulnerability could allow an intruder to obtain user credentials...

CVE-2024-27458

A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support...

CVE-2024-27458 HP Hotkey Support – Escalation of Privilege

A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support...

CVE-2024-27458 HP Hotkey Support – Escalation of Privilege

A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support...

CVE-2024-27458

HP Hotkey Support is affected by a local privilege escalation vulnerability (CVE-2024-27458). The HP advisory HPSBHF03977 indicates mitigation via updates to HP Hotkey Support for affected platforms; Nessus notes the vulnerability in versions prior to 8.10.42.190. HP Programmable Key users are sp...

JTEKT Kostac PLC Programming Software 安全漏洞

JTEKT Kostac PLC Programming Software is a PLC programmer software for personal computers from JTEKT Japan. A security vulnerability exists in JTEKT Kostac PLC Programming Software version 1.6.14.0 and earlier versions, which originates from allowing out-of-bounds writes to memory...

Advantech ADAM-5550 Cross-Site Scripting Vulnerability

Advantech ADAM-5550 is a programmable automation controller from Advantech, China. The Advantech ADAM-5550 suffers from a cross-site scripting vulnerability that stems from the device failing to properly eliminate malicious code when parsing HTTP requests to generate page output. An attacker can...

Advantech ADAM-5550 Information Disclosure Vulnerability

Advantech ADAM-5550 is a programmable automation controller from Advantech, China. The Advantech ADAM-5550 suffers from an information disclosure vulnerability due to a flaw in base64 encoding for sharing user credentials. An attacker can exploit this vulnerability to obtain credential informatio...

ALPINE-CVE-2024-45817

In x86's APIC Advanced Programmable Interrupt Controller architecture, error conditions are reported in a status register. Furthermore, the OS can opt to receive an interrupt when a new error occurs. It is possible to configure the error interrupt with an illegal vector, which generates an error...

PT-2024-30295 · Automationdirect · Directlogic H2-Dm1E +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns a session hijacking attack targeting the application layer's control mechanism. This mechanism manages authenticated sessions between...

PT-2024-37920 · Unknown · Oscat Basic Library

Name of the Vulnerable Software and Affected Versions: OSCAT Basic Library affected versions not specified Description: The issue is an Out-of-Bounds read vulnerability that allows a local, unprivileged attacker to access limited internal data of the PLC, which may lead to a crash of the affected...

CODESYS OSCAT Basic Library 缓冲区错误漏洞

CODESYS OSCAT Basic Library is an open source library from CODESYS Corporation, known as the Open Source Community for Automation Technology. A buffer error vulnerability exists in CODESYS OSCAT Basic Library versions prior to 3.3.5, which stems from the presence of an out-of-bounds read...

CVE-2024-41716

Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user credentials of the PLC or Operator Interfaces. As a result, an attacker may be able to manipulate...

Allen-Bradley's Legacy Protocol (PCCC) Denial Of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "DoS Exploitation of Allen-Bradley's Legacy Protocol PCCC", 'Description' = %q A remote, unauthenticated attacker could send a single, specially...

WindLDR and WindO/I-NV4 store sensitive information in cleartext

Overview PLC programming software "WindLDR" and Operator Interfaces' Touchscreen Programming Software "WindO/I-NV4" provided by IDEC Corporation store sensitive information in cleartext form CWE-312. Yuki Meguro of Toinx Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

CVE-2024-23908

Insecure inherited permissions in some Flexlm License Daemons for IntelR FPGA software before version v11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

The vulnerability of microprogrammed logic controllers from Unitronics Vision PLC, related to incorrect handling of exceptional states, allows a intruder to trigger a malfunction in maintenance operations.

The vulnerability of microprogrammed logic controllers from Unitronics Vision PLC lies in the improper handling of exceptional states. Exploiting this vulnerability can allow an attacker to cause malfunctions in the system remotely...

The vulnerability of the access control mechanism in Siemens LOGO programmable logic controllers allows a intruder to execute arbitrary commands.

The vulnerability of the access control mechanism in Siemens LOGO programmable logic controllers is related to the absence of authentication for critical functions. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of microprogrammed software in programmable logic controllers such as ControlLogix 5580, GuardLogix 5580, CompactLogix 5380, CompactLogix 5480, CompactGuardLogix 5380, and 1756-EN4TR lies in insufficient validation of input data. This allows a malicious actor to trigger malfunctions during maintenance operations.

The vulnerability of microprogrammed software in programmable logic controllers such as ControlLogix 5580, GuardLogix 5580, CompactLogix 5380, CompactLogix 5480, Compact GuardLogix 5380, and 1756-EN4TR is related to insufficient validation of input data. Exploiting this vulnerability can allow an...