The vulnerability of the Simatic programmable logic controller’s software lies in the improper release of memory before deleting the last reference, allowing a intruder to trigger a service failure.

The vulnerability of the Simatic programmable logic controller’s software is related to the improper release of memory before deleting the last references. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...

Mitsubishi Electric MELSEC iQ-F series 加密问题漏洞

Mitsubishi Electric Automation China Co., Ltd. is a wholly-owned enterprise in China invested by Mitsubishi Electric Corporation. It mainly produces mechanical appliances for power distribution including low-voltage circuit breakers, electromagnetic openers and closers, electrical processing...

The vulnerability of the Simatic programmable logic controller’s software relates to operations involving resources after their expiration time. This allows a intruder to cause a service failure.

The vulnerability of the Simatic programmable logic controller’s software relates to operations involving resources after their expiration date. Exploiting this vulnerability can allow a malicious actor to cause service failures by sending specially crafted packets...

The vulnerability of the Simatic programmable logic controller’s software relates to operations involving resources after their expiration time. This allows a intruder to cause a service failure.

The vulnerability of the Simatic programmable logic controller’s software relates to operations involving resources after their expiration date. Exploiting this vulnerability can allow a malicious actor to cause service failures by sending specially crafted packets...

CVE-2022-23971

ASUS RT-AX56U’s updatePLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service...

Attackers Can Crash Cisco Email Security Appliances by Sending Malicious Emails

Cisco has released security updates to contain three vulnerabilities affecting its products, including one high-severity flaw in its Email Security Appliance ESA that could result in a denial-of-service DoS condition on an affected device. The weakness, assigned the identifier CVE-2022-20653 CVSS...

CVE-2022-20659

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network EPN Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This...

spaceLYnk 跨站脚本漏洞

The Schneider Electric spaceLYnk is a programmable logic controller from Schneider Electric France. The spaceLYnk suffers from a cross-site scripting vulnerability that originated when an attacker could use the vulnerability to inject and execute arbitrary malicious JavaScript code in the target...

Siemens SIMATIC S7-1500 系列产品输入验证错误漏洞

SIMATIC Drive Controller family products are machines designed for production automation, combining the functionality of the SIMATIC S7-1500 CPU and the SINAMICS S120 drive control.SIMATIC S7-1200 CPU family products are designed for discrete and continuous control in industrial environments such...

Siemens SIMATIC S7-1500 系列产品输入验证错误漏洞

SIMATIC Drive Controller family products are machines designed for production automation, combining the functionality of the SIMATIC S7-1500 CPU and the SINAMICS S120 drive control.SIMATIC S7-1200 CPU family products are designed for discrete and continuous control in industrial environments such...

Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 Reusing a Nonce, Key Pair in Encryption (CVE-2017-7902)

A Reusing a Nonce, Key Pair in Encryption issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A an...

Rockwell Automation Allen-Bradley Micrologix 1100 Improper Handling of Length Parameter Inconsistency (CVE-2020-6111)

An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000...

Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 Improper Restriction of Excessive Authentication Attempts (CVE-2017-7898)

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions;...

Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 Exposure of Sensitive Information to an Unauthorized Actor (CVE-2017-7899)

An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00...

The vulnerability in the web interface of the software system for monitoring and managing Cisco Prime Infrastructure network equipment, as well as the Cisco Evolved Programmable Network Manager software for managing network services, allows a perpetrator to write arbitrary files.

The vulnerability of the web interface for managing Cisco Prime Infrastructure network equipment and the Cisco Evolved Programmable Network Manager software relates to deficiencies in path name checking for access-limited directories. Exploiting this vulnerability could allow a malicious actor to...

Cisco Prime Infrastructure and Evolved Programmable Network Manager Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network Manager EPNM could allow an attacker to conduct a path traversal attack on an affected device or conduct a cross-site scripting XSS attack against a user of the...

Cisco Prime Infrastructure 和 Evolved Programmable Network Manager 跨站脚本漏洞

Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure are both products of Cisco Corporation.Cisco Evolved Programmable Network Manager is a network management Cisco Prime Infrastructure is a software application. Cisco Prime Infrastructure is a software application used to...

Cisco Evolved Programmable Network Manager和Cisco Prime Infrastructure 安全漏洞

Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure are both products of Cisco Corporation.Cisco Evolved Programmable Network Manager is a network management Cisco Prime Infrastructure is a software application. Cisco Evolved Programmable Network Manager is a network...

PT-2022-1438 · Cisco · Cisco Prime Infrastructure +1

Name of the Vulnerable Software and Affected Versions: Cisco Prime Infrastructure versions affected versions not specified Cisco Evolved Programmable Network Manager versions affected versions not specified Description: The issue is related to insufficient input validation of the HTTPS URL by the...

Unspecified vulnerability in IDEC PLC (CNVD-2022-02761)

The IDEC PLC is a programmable controller. A security vulnerability exists in the IDEC PLC that can be exploited by an attacker to obtain user credentials from a file server, a backup repository, or a ZLD file saved on an SD card...