The vulnerability of the microprogrammed logic controller Schneider Electric Modicon M340, related to insufficient validation of input data, allows a intruder to trigger a service failure.

The vulnerability of the microprogramming software of Schneider Electric’s Modicon M340 programmable logic controllers is related to insufficient verification of input data. Exploiting this vulnerability can allow an attacker to cause a service failure by sending a specially crafted TCP packet to...

Siemens LOGO! 8 BM

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

The vulnerabilities of microprogrammed software in programmable logic controllers such as CompactLogix 1768, CompactLogix 1769, CompactLogix 5370, CompactLogix 5380, CompactLogix 5480, ControlLogix 5550, ControlLogix 5560, ControlLogix 5570, ControlLogix 5580, DriveLogix 5560, DriveLogix 5730, DriveLogix 1794-L34, Compact GuardLogix 5370, Compact GuardLogix 5380, GuardLogix 5570, GuardLogix 5580, and SoftLogix 5800 stem from insufficient protection of registration data. This allows attackers to elevate their privileges and alter the configuration of vulnerable devices.

The vulnerabilities of microprogrammed software in programmable logic controllers such as CompactLogix 1768, CompactLogix 1769, CompactLogix 5370, CompactLogix 5380, CompactLogix 5480, ControlLogix 5550, ControlLogix 5560, ControlLogix 5570, ControlLogix 5580, DriveLogix 5560, DriveLogix 5730,...

The vulnerability of the programmable logic controller MELSEC iQ-R, related to uncontrolled resource consumption, allows a intruder to trigger a service failure.

The vulnerability of the programmable logic controller MELSEC iQ-R is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause malfunctions in the service process using a specially crafted package...

PLC Resource Management Error Vulnerability

The Qualcomm PLC is a programmable logic controller from Qualcomm Incorporated. A security vulnerability exists in the PLC that can be exploited by an attacker to cause the PLC's web visualization component to stop and become unresponsive, resulting in a loss of remote visibility of the PLC's sta...

Rockwell Automation MicroLogix 1400 Buffer Overflow Vulnerability

Micrologix 1400 is a programmable logic controller from Rockwell Automation. A buffer overflow vulnerability exists in Rockwell Automation MicroLogix 1400 version 21.6 and earlier. An attacker can exploit this vulnerability by sending specially crafted Modbus packets to retrieve or modify random...

Denial of Service Vulnerability in Omron CP1L-EM40DR-D

The Omron CP1L-EM40DR-D is a programmable logic controller from Omron Japan. A denial of service vulnerability exists in the Omron CP1L-EM40DR-D, which can be exploited by an attacker to cause a denial of service on the device...

Delta DVP20ES200TE has a Denial of Service Vulnerability

The Delta DVP20ES200TE is a programmable logic controller from Delta Taiwan. The Delta DVP20ES200TE suffers from a denial of service vulnerability that can be exploited by attackers to cause a denial of service attack...

Fuji Electric Tellus Lite V-Simulator 和 Fuji Electric V-Server Lite 缓冲区错误漏洞

Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric Japan.Fuji Electric Tellus Lite V-Simulator is a remote monitoring software for industrial environments. Fuji Electric V-Server Lite is a remote monitoring software for industrial environments...

SIEMENS RWG1.M12D S55370-C170 has a denial of service vulnerability

SIEMENS RWG1.M12D S55370-C170 programmable general-purpose controllers synthesize Siemens' many years of experience in the building, HVAC, and other industries, based on universal hardware design, programmable software platforms, and powerful communication processing capabilities. SIEMENS RWG1.M1...

Schneider TM218LDAE24DRHN IPv4 protocol stack suffers from a denial of service vulnerability

The TM218LDAE24DRHN is a programmable logic controller PLC product under the Modicon banner of Schneider Electric, a French company. A denial of service vulnerability exists in the Schneider TM218LDAE24DRHN IPv4 protocol stack, which can be exploited by an attacker to cause the device to go down...

Denial of Service Vulnerability in ARP Protocol in MITSUBISHI Electric FX5U-32MT/ES

The Mitsubishi Electric FX5U-32MT/ES is a programmable logic controller PLC product of the MELSEC FX series. A denial of service vulnerability exists in the ARP protocol of the MITSUBISHI Electric FX5U-32MT/ES, which can be exploited by attackers to cause the device to fail to function properly...

Scalance X Products Hard-Coded Encryption Key Vulnerability

SCALANCE X is a switch for connecting industrial components such as programmable logic controllers plc or human machine interfaces HMIs. The Scalance X Products hard-coded encryption key vulnerability can be exploited by an attacker to handle man-in-the-middle scenarios and decrypt previously...

The vulnerability of the CmtViewer application, which manages programmable panels, stems from the lack of limits on authentication attempts. This allows a perpetrator to gain full access to the device.

The vulnerability of the CmtViewer application for controlling programmable panels is related to the lack of restrictions on the number of authentication attempts. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain full access to the device...

The vulnerability of the CmtViewer application, which manages programmable panels, stems from the storage of protected information in an unencrypted form. This allows a perpetrator to gain access to the protected information.

The vulnerability of the CmtViewer application for controlling programmable panels lies in the storage of protected information in an unencrypted form. Exploiting this vulnerability could allow a malicious actor to gain access to the protected information remotely...

The vulnerability of the CmtViewer application, which involves session management errors, allows a hacker to gain unauthorized access.

The vulnerability of the CmtViewer application for controlling programmable panels is related to session management errors. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access by intercepting the session...

E9Patch - A Powerful Static Binary Rewriting Tool

E9Patch is a powerful static binary rewriting tool for x8664 Linux ELF binaries. E9Patch is: Scalable : E9Patch can reliably rewrite large/complex binaries including web browsers 100MB in size. Compatible : The rewritten binary is a drop-in replacement of the original, with no additional...

Phoenix Contact PLCnext Control Devices Security Breach

Phoenix Contact PLCnext Control Devices is a programmable logic controller for industrial environments from Phoenix Contact, Germany. A security vulnerability exists in Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS, which can be exploited by an attacker to open a reverse shel...

Misubishi Electric MELSEC iQ-F series Security Vulnerability

The Misubishi Electric MELSEC iQ-F series is a programmable logic controller from Misubishi Electric Japan. A security vulnerability exists in the MELSEC iQ-F series, which can be exploited by an attacker to cause a denial of service, due to improper checking or handling of an exception by the...

CVE-2020-6111

An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000...