Rockwell Automation Allen-Bradley Stratix 5950 Improper Access Control (CVE-2019-1649)

A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that...

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems ICS advisory on July 20, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-201-01 Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation...

The vulnerability of the Control FPWIN Pro PLC programming software lies in the possibility of data being written outside of the buffer in memory, which allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the PLC programming software Control FPWIN Pro relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of microprogrammed software in WAGO 750 programmable logic controllers, which stems from insufficient validation of input data, allows a intruder to trigger malfunctions during maintenance operations.

The vulnerability of the microprogrammed software in WAGO 750 programmable logic controllers is related to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause malfunctions by using specially crafted packages...

The vulnerability of the microprogrammed software of the programmable logic controller LS ELECTRIC XBC-DN32U lies in the lack of authentication for a critical function, allowing an intruder to delete arbitrary files.

The vulnerability of the microprogrammed logic controller LS ELECTRIC XBC-DN32U lies in the absence of authentication for a critical function. Exploiting this vulnerability could allow an attacker, operating remotely, to delete arbitrary files...

CVE-2023-2993

A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute...

CVE-2023-2992

An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server...

PT-2023-3435 · Wago · Wago

Name of the Vulnerable Software and Affected Versions: WAGO devices affected versions not specified Description: The issue is related to insufficient input validation in the software of WAGO programmable logic controllers, which may allow an authenticated remote attacker with high privileges to...

PT-2023-20039 · Siglent · Siglent Sds 1104X-E

Name of the Vulnerable Software and Affected Versions: Siglent SDS 1104X-E version 6.1.37R9.ADS Description: The issue is related to a Denial of Service DoS that can be triggered on the user interface by a malformed SCPI command. Recommendations: For Siglent SDS 1104X-E version 6.1.37R9.ADS,...

The vulnerability of the SatRLT.OS software for programmable logic controllers “Satellite-A” lies in the insecure transmission of authentication data. This allows attackers to escalate their privileges and execute arbitrary code.

The vulnerability of the SatRLT.OS software for programmable logic controllers “Satellite-A” lies in the insecure transmission of authentication data. Exploiting this vulnerability allows a remote attacker to enhance their privileges and execute arbitrary code...

Mitsubishi Electric 多款产品安全漏洞

The Mitsubishi Electric MELSEC iQ-R series and the Mitsubishi Electric MELSEC iQ-F series are both programmable logic controllers from Mitsubishi Electric Japan. A security vulnerability exists in several Mitsubishi Electric products, which is caused by a missing mask when entering a password fie...

CVE-2023-33965 Brook's tproxy server is vulnerable to a drive-by command injection.

Brook is a cross-platform programmable network tool. The tproxy server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local tproxy service leading to remote code execution. A patch is available in...

The vulnerability of the microprogramming software used in Schneider Electric Modicon programmable logic controllers lies in the insufficient checking of unusual or exceptional states. This allows a intruder to trigger a service failure.

The vulnerability of the microprogrammed software in Schneider Electric Modicon programmable logic controllers is related to insufficient testing of unusual or exceptional states. Exploiting this vulnerability could allow a malicious actor to trigger malfunctions during maintenance operations...

The vulnerability of the programming software for PLCs (programmable logic controllers), namely EcoStruxure Control Exper, arises from deficiencies in the separation of the controlled system area. This allows a intruder to carry out unauthorized maintenance actions.

The vulnerability of the EcoStruxure Control Exper programming tool for programmable logic controllers is related to deficiencies in the separation of the controlled system area. Exploiting this vulnerability could allow a malicious actor to perform a service failure remotely...

Rage quit modifications should be limited to provide stronger guarantees to party members

Lines of code Vulnerability details Rage quit modifications should be limited to provide stronger guarantees to party members Party hosts can arbitrarily change the rage quit settings overriding any existing preset. Impact Rage quit is implemented in the PartyGovernanceNFT contract by using a...

The vulnerability of microprogrammed software in Mitsubishi Electric Corporation’s MELSEC iQ-F Series programmable logic controllers arises from buffer overflow on the stack, allowing an intruder to trigger a malfunction or execute arbitrary code.

The vulnerability of microprogrammed software in Mitsubishi Electric Corporation’s MELSEC iQ-F series programmable logic controllers arises due to buffer overflow on the stack. Exploiting this vulnerability allows a remote attacker to cause malfunctions in the system or execute arbitrary code by...

The vulnerability of the Codesys software suite for industrial automation integrated into Schneider Electric’s programmable logic controllers allows a perpetrator to compromise data integrity.

The vulnerability of the Codesys software suite for industrial automation integrated into Schneider Electric’s programmable logic controllers is related to the disclosure of information in the incorrect data field. Exploiting this vulnerability could allow a malicious actor to compromise the...

The vulnerability of the microprogramming software of Schneider Electric’s programmable logic controllers Modicon M340, Modicon Quantum, and Modicon Premium allows a intruder to gain access to confidential data.

The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers such as Modicon M340, Modicon Quantum, and Modicon Premium is related to the falsification of inter-site requests. Exploiting this vulnerability can allow a remote attacker to gain access to...

The vulnerability of the microprogramming software of Modicon PAC controllers and PLCs included in EcoStruxure Control Expert and EcoStruxure Process Expert allows a intruder to trigger maintenance failures.

The vulnerability of the microprogramming software of Modicon PAC controllers and PLCs included in EcoStruxure Control Expert and EcoStruxure Process Expert lies in the storage of data beyond the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to trigger service...

Omron NJ/NX-series Machine Automation Controllers Use of Hard-Coded Credentials (CVE-2022-34151)

Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac...