CVE-2021-37400

An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded...

CVE-2021-37401

An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded...

CVE-2021-20826

Unprotected transport of credentials vulnerability in IDEC PLCs FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier allows...

IDEC PLC安全漏洞

The IDEC PLC is a programmable controller. A security vulnerability exists in the IDEC PLC that could allow an attacker to obtain PLC web server user credentials from the communication between the PLC and the software. The following products and versions are affected: FC6A Series MICROSmart...

CVE-2021-43083

Apache PLC4X - PLC4C Only the C language implementation was effected was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this issue. However, in order to exploit this vulnerability, a user would have to actively connect to a...

CVE-2021-20608

Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC by sendin...

The vulnerability of the module of central processors in programmable logic controllers such as MELIPC, MELSEC iQ-R, MELSEC Q, and MELSEC L allows a intruder to trigger a service failure.

The vulnerability of the microcontroller modules in programmable logic controllers such as MELIPC, MELSEC iQ-R, MELSEC Q, and MELSEC L is related to errors in processing input data length parameters. Exploiting this vulnerability can allow an attacker, operating remotely, to cause malfunctions...

The vulnerability of programmable logic controllers MELSEC iQ-R, MELSEC Q, and MELSEC L, related to uncontrolled resource consumption, allows a intruder to cause malfunctions during maintenance operations.

The vulnerability of the programmable logic controllers MELSEC iQ-R, MELSEC Q, and MELSEC L is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause malfunctions in the service provided by the controller, using...

The software for programming Wecon PLC Editor on the Microsoft Windows operating system is vulnerable, allowing a hacker to execute arbitrary code.

The vulnerability of the Wecon PLC Editor software for programming PLCs on the Microsoft Windows operating system lies in the writing of code beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

Mitsubishi Electric GX Works2 安全漏洞

The Mitsubishi Electric GX Works2 is a programmable controller from Mitsubishi Electric Japan. The Mitsubishi Electric GX Works2 contains a security vulnerability that can be exploited by an attacker to tamper with program files in the Mitsubishi Electric PLC by sending maliciously crafted packet...

The vulnerability in the web interface of the Cisco Prime Infrastructure monitoring and management system, as well as the Cisco Evolved Programmable Network Manager (EPNM), allows a perpetrator to execute arbitrary code and gain access to protected information.

The vulnerability of the web interface for managing Cisco Prime Infrastructure network equipment and the Cisco Evolved Programmable Network Manager software relates to the lack of protective measures for the web page structure. Exploiting this vulnerability allows a malicious actor to execute...

The vulnerability of the CLI component of the Cisco Prime Infrastructure monitoring and network management system, as well as the Cisco Evolved Programmable Network (EPN) Manager software, allows a malicious individual to gain unauthorized access to the device.

The vulnerability of the CLI component of the Cisco Prime Infrastructure monitoring and network management system, as well as the Cisco Evolved Programmable Network EPN Manager software, is related to insufficient protection for registration data. Exploiting this vulnerability can allow an attack...

The software for programming Wecon PLC Editor on the Microsoft Windows operating system is vulnerable, allowing a hacker to execute arbitrary code.

The vulnerability of the Wecon PLC Editor software for programming PLCs on the Microsoft Windows operating system is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the microprogrammed logic controller ioLogik’s software, related to deficiencies in the authentication process, allows attackers to escalate their privileges within the system.

The vulnerability of microprogrammed software in programmable logic controllers like ioLogik is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow unauthorized individuals to enhance their privileges within the system through specially crafted requests...

The vulnerability of microprogrammed software in programmable logic controllers like ioLogik, related to deficiencies in access control, allows a intruder to gain access to the device.

The vulnerability of microprogrammed software in programmable logic controllers like ioLogik is related to deficiencies in access control. Exploiting this vulnerability can allow an intruder to gain access to the device...

The vulnerability of the check_password function in the web server of the programmable logic controller ioLogik, related to buffer overflow in the stack, allows a intruder to trigger a service failure or execute arbitrary code.

The vulnerability of the checkpassword function in the web server of the programmable logic controller ioLogik is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to cause service interruptions or execute arbitrary code using a specially crafted reque...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an...

CVE-2021-34784 Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an...

CVE-2021-34784 Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an...

FATEK Automation WinProladder 缓冲区错误漏洞

FATEK Automation WinProladder is a PLC from FATEK Automation in China.An out-of-bounds read vulnerability exists in FATEK Automation WinProladder, which can be exploited by attackers to read unauthorized information...