CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

BDU FSTEC•added 2022/06/10 12:0 a.m.•3 views

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software arises from the lack of measures taken to neutralize special elements used in the operating system commands. This allows attackers to execute arbitrary shell commands.

The vulnerability of HID Mercury programmable logic controllers exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor to remotely execute arbitrary shell commands by sending a special...

9CVSS8.2AI score0.01217EPSS

BDU FSTEC•added 2022/06/08 12:0 a.m.•4 views

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software relates to a flaw in the data protection mechanism, allowing an attacker to execute arbitrary shell commands.

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software is related to a breach in data protection mechanisms. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary shell commands by replacing the hostname with a specially...

10CVSS8.3AI score0.02269EPSS

BDU FSTEC•added 2022/06/08 12:0 a.m.•4 views

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software lies in the fact that copying buffers occurs without checking the size of the input data. This allows an attacker to execute arbitrary code.

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created update file...

10CVSS8.4AI score0.01434EPSS

BDU FSTEC•added 2022/06/08 12:0 a.m.•4 views

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software lies in the improper limitation of the path name to the restricted access directory. This allows a malicious actor to load any file into any directory of the file system.

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to download any file into any directory of the file system b...

9.1CVSS7.8AI score0.01589EPSS

BDU FSTEC•added 2022/05/11 12:0 a.m.•4 views

The vulnerability of the HCI component, which operates on the Modbus TCP protocol, and is found in Hitachi Energy RTU500 CMU series programmable logic controllers, allows a attacker to trigger a system reboot.

The vulnerability of the HCI component, which operates on the Modbus TCP protocol and is part of the Hitachi Energy RTU500 CMU series programmable logic controllers, is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to trigger a device reboot...

7.8CVSS7.1AI score0.00904EPSS

Exploits0References4Affected Software1

BDU FSTEC•added 2022/04/27 12:0 a.m.•4 views

The vulnerability of microprogrammed software in programmable logic controllers such as ControlLogix 5580, GuardLogix 5580, CompactLogix 5380, CompactLogix 5480, and Compact GuardLogix 5380 lies in improper code generation. This allows attackers to implant code into the controller that the user will be unable to detect.

The vulnerability of microprogrammed software in programmable logic controllers such as ControlLogix 5580, GuardLogix 5580, CompactLogix 5380, CompactLogix 5480, and Compact GuardLogix 5380 lies in improper code generation. Exploiting this vulnerability allows an intruder to implant code into the...

7.7CVSS7.5AI score0.03398EPSS

BDU FSTEC•added 2022/04/13 12:0 a.m.•2 views

The vulnerability of the microprogrammed software for WAGO 750-8212 programmable logic controllers (PFC200), related to the manipulation of inter-site requests, allows intruders to carry out inter-site attack attacks.

The vulnerability of the microprogrammed software of WAGO 750-8212 programmable logic controllers PFC200 is related to the manipulation of intersite requests. Exploiting this vulnerability allows a remote attacker to perform intersite attack attacks...

5.3CVSS5.5AI score

Exploits0References5

CNVD•added 2022/04/13 12:0 a.m.•13 views

Siemens SCALANCE X-300 Switch Family Devices缓冲区溢出漏洞

SCALANCE X switches are used to connect to industrial components such as programmable logic controllers PLCs or human-machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions.A buffer overflow vulnerability exists in Siemens SCALANCE X-300 Switch Family...

8.8CVSS3.5AI score0.01552EPSS

CNVD•added 2022/04/13 12:0 a.m.•16 views

Siemens SCALANCE X-300 Switch Family Devices跨站请求伪造漏洞

SCALANCE X switches are used to connect industrial components such as programmable logic controllers PLCs or human-machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions.A cross-site request forgery vulnerability exists in Siemens SCALANCE X-300 Switch...

8.8CVSS3.2AI score0.00498EPSS

CNNVD•added 2022/04/12 12:0 a.m.•5 views

多款 Siemens 产品输入验证错误漏洞

SCALANCE X switches are used to connect to industrial components such as programmable logic controllers PLCs or human-machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions.Siemens SCALANCE X-300 Switch Family Devices are vulnerable to an input validati...

7.8CVSS7.3AI score0.01294EPSS

CNNVD•added 2022/04/12 12:0 a.m.•3 views

Siemens SCALANCE安全漏洞

SCALANCE X switches are used to connect industrial components such as programmable logic controllers PLCs or human machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions. A buffer overflow vulnerability exists in Siemens SCALANCE X-300 Switch Family...

7.8CVSS7.6AI score0.01294EPSS

CNNVD•added 2022/04/12 12:0 a.m.•2 views

多款 Siemens 产品跨站请求伪造漏洞

8.8CVSS7.7AI score0.00498EPSS

CNNVD•added 2022/04/12 12:0 a.m.•3 views

Siemens SCALANCE 安全漏洞

SCALANCE X switches are used to connect industrial components such as programmable logic controllers PLCs or human machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions. An access control error vulnerability exists in Siemens SCALANCE X-300 Switch Fami...

7.5CVSS7.3AI score0.0124EPSS

CNNVD•added 2022/04/12 12:0 a.m.•5 views

多款 Siemens 产品缓冲区错误漏洞

8.8CVSS8.7AI score0.01552EPSS

CNNVD•added 2022/04/07 12:0 a.m.•2 views

ASUS RT-AX56U 路径遍历漏洞

The ASUS RT-AX56U is a wireless router from ASUS of Taiwan, China. A path traversal vulnerability exists in the ASUS RT-AX56U updatePLC/PORT file, which can be exploited by an attacker to overwrite system files by uploading another PLC/PORT file with the same filename, resulting in a service...

8.1CVSS5.6AI score0.00472EPSS

Exploits0References2

OSV•added 2022/04/04 8:15 p.m.•2 views

CVE-2021-32978

The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00...

7.5CVSS7.1AI score0.00971EPSS

OSV•added 2022/04/04 8:15 p.m.•5 views

CVE-2021-32980

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active...

9.8CVSS5.8AI score0.0107EPSS