LS ELECTRIC PLC and XG5000 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor : LS ELECTRIC, LS Industrial Systems LSIS Co. Ltd Equipment: LS ELEC PLC and XG5000 Vulnerability: Inadequate Encryption Strength 2. UPDATE This updated advisory is a follow-up to the original advisory...

Emerson Proficy Machine Edition 路径遍历漏洞

Emerson Proficy Machine Edition is an application from Emerson, Inc. an automation solution. A security vulnerability exists in Emerson Proficy Machine Edition versions 9.80 and earlier, which stems from an easy ZipSlip attack via the uploader program, which allows an attacker to plant a maliciou...

Emerson Proficy Machine Edition 代码问题漏洞

Emerson Proficy Machine Edition is a software application from Emerson Electric USA, Inc. An automation solution. A code issue vulnerability exists in Emerson Proficy Machine Edition 9.00 and prior versions that originates from uploading any file written to the PLC logical folder to a connected P...

The vulnerability of the programming software for PLCs (programmable logic controllers), namely EcoStruxure Control Expert, arises from the execution of operations beyond the buffer boundaries in memory. This vulnerability allows a malicious actor to cause system failures.

The vulnerability of the EcoStruxure Control Expert programming tool for programmable logic controllers involves the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause a service failure...

hw: cpu: Intel: Stale Data Read from legacy xAPIC vulnerability

A flaw was found in hw. The APIC can operate in xAPIC mode also known as a legacy mode, in which APIC configuration registers are exposed through a memory-mapped I/O MMIO page. This flaw allows an attacker who can execute code on a target CPU to query the APIC configuration page. When reading the...

Emerson ControlWave 数据伪造问题漏洞

Emerson ControlWave is a highly programmable controller from Emerson Electric U.S. that combines the unique capabilities of a Programmable Logic Controller PLC and a Remote Terminal Unit RTU into a hybrid controller. A data forgery vulnerability exists in all versions of Emerson ControlWave, whic...

PT-2022-4127

Name of the Vulnerable Software and Affected Versions IntelR Processors versions 10 through 12 IntelR Processors affected versions not specified Description The issue is related to improper isolation of shared resources in some IntelR Processors, which may allow a privileged user to potentially...

The vulnerability of the RESTful Services Programmable Interface (ERS) implementation of the Cisco Identity Services Engine platform allows a perpetrator to disclose protected information.

The vulnerability of the RESTful Services Programmable Interface ERS implementation of the Cisco Identity Services Engine platform is related to deficiencies in password masking during user login. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information...

CVE-2022-30319

Saia Burgess Controls SBC PCD through 2022-05-06 allows Authentication bypass. According to FSCT-2022-0062, there is a Saia Burgess Controls SBC PCD S-Bus authentication bypass issue. The affected components are characterized as: S-Bus 5050/UDP authentication. The potential impact is:...

The vulnerability of the SNMP protocol implementation in the microprogramming software for Schneider Electric Modicon M340 programmable logic controllers allows a intruder to trigger a maintenance failure.

The vulnerability of the SNMP protocol implementation in microprogrammed software for Schneider Electric Modicon M340 programmable logic controllers is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by sendi...

The vulnerability lies in the communication functions between the Omron NJ/NX automation controller, the Omron Sysmac Studio automation software, and the programmable terminal Omron NA. This vulnerability allows a perpetrator to gain access to the controller.

The vulnerability of the communication functions between Omron NJ/NX automation controllers, the Omron Sysmac Studio automation software, and the programmable terminal Omron NA lies in the ability to bypass the authentication process by using capture-replay techniques for intercepted parameters...

CVE-2022-34151

Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac...

CVE-2022-33208

Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software...

CVE-2022-33208

Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software...

CVE-2022-34151

Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac...

CVE-2022-34151

Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac...

CVE-2022-34151

CVE-2022-34151 affects Omron NJ/NX-series Machine Automation Controllers, Sysmac Studio, and NA-series PTs. Root cause: hard-coded credentials in affected components may let a remote attacker obtain credentials and access the controller. Affected versions: NJ/NX controllers (NJ1/NJ series up to v...

多款Omron产品安全漏洞

Omron Machine automation controller NX7 series and so on are the products of Omron Corporation of Japan.Omron Machine automation controller NX7 series is a series of machine automation controllers.Omron Machine Omron Machine automation controller NX1 series is a series of machine automation...

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software, related to security mechanism failures, allows a intruder to cause a service failure.

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software is related to security mechanism errors. Exploiting this vulnerability allows a malicious actor to cause service failure by loading arbitrary firmware files remotely...

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software, related to security mechanism failures, allows a intruder to alter the “notes” section on the web interface’s home page.

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software is related to security mechanism errors. Exploiting this vulnerability could allow a malicious actor to modify the “notes” section on the web interface’s home page using a specially created package...