Siemens S7-200 SMART series uses unsafe random value vulnerability

The S7-200 SMART series is a series of miniature programmable logic controllers that control a variety of small automation applications. A use of insecure random values vulnerability exists in the Siemens S7-200 SMART series, which can be exploited by an attacker to create a denial of service...

Siemens SIMATIC S7-200 SMART Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

The vulnerability of the application software interface of the microprogramming system for programmable logic controllers AutomationDirect P3-550E allows a intruder to trigger a service failure.

The vulnerability of the application software interface for Microprogramming Systems, AutomationDirect P3-550E, is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the application software interface of the microprogramming system for programmable logic controllers AutomationDirect P3-550E allows a intruder to trigger a service failure.

The vulnerability of the application software interface for Microprogramming Systems, AutomationDirect P3-550E, is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the application software interface of the microprogramming system for programmable logic controllers AutomationDirect P3-550E allows a intruder to trigger a service failure.

The vulnerability of the application software interface for Microprogramming Systems, AutomationDirect P3-550E, is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the CurrDir component in the microprogramming software for programmable logic controllers AutomationDirect P3-550E allows a intruder to trigger a service failure.

The vulnerability of the CurrDir component in the AutomationDirect P3-550E programmable logic controllers is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure remotely...

Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices

Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology OT devices. Internet-exposed OT equipment in water and wastewater systems WWS in the US were targeted in multiple attacks over the past months by different...

AutomationDirect P3-550E Access Control Error Vulnerability

The AutomationDirect P3-550E is a programmable control system PLC from AutomationDirect USA. An access control error vulnerability exists in AutomationDirect P3-550E version 1.2.10.9, which can be exploited by an attacker to cause arbitrary writes by sending specially crafted network packets...

AutomationDirect P3-550E Out-of-Bounds Write Vulnerability

The AutomationDirect P3-550E is a programmable control system PLC from AutomationDirect USA. An out-of-bounds write vulnerability exists in AutomationDirect P3-550E version 1.2.10.9, which can be exploited by an attacker to cause a denial of service via specially crafted network packets...

kernel: x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL

In the Linux kernel, the following vulnerability has been resolved: x86/i8259: Mark legacy PIC interrupts with IRQLEVEL Baoquan reported that after triggering a crash the subsequent crash-kernel fails to boot about half of the time. It triggers a NULL pointer dereference in the periodic tick code...

AutomationDirect P3-550E 安全漏洞

The AutomationDirect P3-550E is a programmable control system PLC from AutomationDirect USA. A security vulnerability exists in AutomationDirect P3-550E version 1.2.10.9. An attacker has exploited the vulnerability to cause a stack-based buffer overflow via specially crafted network packets...

The vulnerability of the FTP-server software of the Yokogawa FA-M3 programmable logic controller allows a intruder to trigger a service failure.

The vulnerability of the FTP server software of the Yokogawa FA-M3 programmable logic controller is related to the exhaustion of the connection limits. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Siemens SCALANCE W700产品系列安全漏洞

Siemens SCALANCE is a series of Ethernet switches from Siemens, Germany. It connects to industrial control system ICS devices, including programmable logic controllers PLCs and human machine interface HMI systems. A security vulnerability exists in the Siemens SCALANCE W700 product family that...

Siemens SCALANCE W700产品系列安全漏洞

Siemens SCALANCE is a series of Ethernet switches from Siemens, Germany. It connects to Industrial Control System ICS devices, including Programmable Logic Controllers PLCs and Human Machine Interface HMI systems. A security vulnerability exists in the Siemens SCALANCE W700 product family, which...

Malicious code in programmablesearchengine (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e202ed286f9758737c48d4cf1c30f0ece100c6433edd1076e9548baa6a2373d6 The OpenSSF Package Analysis project identified 'programmablesearchengine' @ 99.2.0 npm as malicious. It is considered malicious because: - The...

The vulnerability of the microprogramming software for UniLogic Studio series UniStream’s programmable logic controllers arises from incorrect restrictions on the path name to the restricted-access directory. This allows attackers to execute arbitrary code.

The vulnerability of the microprogramming software for UniLogic Studio programmable logic controllers of the UniStream series is related to an incorrect limitation on the path name of the restricted access directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary...

The vulnerability of the microprogramming software for UniLogic Studio programmable logic controllers of the UniStream series, related to deficiencies in authentication procedures, allows attackers to circumvent security restrictions.

The vulnerability of the microprogramming software for UniLogic Studio series UniStream is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow an attacker to circumvent security restrictions remotely...

Unitronics Unistream Unilogic Data Forgery Issue Vulnerability

Unitronics Unistream Unilogic is an integrated controller software platform from Unitronics for developing and programming the Unistream family of programmable logic controllers PLCs. A security vulnerability exists in Unitronics Unistream Unilogic versions prior to 1.35.227, which stems from the...

DEBIAN-CVE-2021-47055

In the Linux kernel, the following vulnerability has been resolved: mtd: require write permissions for locking and badblock ioctls MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require write permission. Depending on the hardware MEMLOCK might even be write-once, e.g. for SPI-NOR...

UBUNTU-CVE-2021-47055

In the Linux kernel, the following vulnerability has been resolved: mtd: require write permissions for locking and badblock ioctls MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require write permission. Depending on the hardware MEMLOCK might even be write-once, e.g. for SPI-NOR...