20 Years of Edge Computing

How long will you wait for something? That depends on what you're waiting for, of course. But in your daily interactions, think about how many "things" you interact with where you expect the response to be instantaneous - tapping on mobile apps, logging in and transacting with a retailer or a ban...

NSA Urgently Warns on Industrial Cyberattacks, Triconex Critical Bug

The U.S. National Security Agency NSA and the Cybersecurity and Infrastructure Security Agency CISA have issued an alert warning that adversaries could be targeting critical infrastructure across the U.S. Separately, ICS-CERT issued an advisory on a critical security bug in the Schneider Electric...

Binary Vulnerability in Siemens PLC at Siemens (China) Co.

Siemens is a global technology company that provides solutions for customers in the areas of power generation and transmission and distribution, infrastructure, industrial automation, drives and software with innovations in electrification, automation and digitalization. A binary vulnerability...

CVE-2020-10628

ControlEdge PLC R130.2, R140, R150, and R151 and RTU R101, R110, R140, R150, and R151 exposes unencrypted passwords on the network...

CVE-2020-10624

ControlEdge PLC R130.2, R140, R150, and R151 and RTU R101, R110, R140, R150, and R151 exposes a session token on the network...

Honeywell ControlEdge PLC and ControlEdge RTU Information Disclosure Vulnerability

Honeywell ControlEdge PLC and ControlEdge RTU are both products of Honeywell, Inc. The ControlEdge PLC is a programmable logic controller PLC.The ControlEdge RTU is a remote terminal unit RTU. An information disclosure vulnerability exists in the Honeywell ControlEdge PLC and RTU, which can be...

Honeywell ControlEdge PLC and ControlEdge RTU Information Disclosure Vulnerability (CNVD-2020-37479)

Honeywell ControlEdge PLC and ControlEdge RTU are both products of Honeywell, Inc. The ControlEdge PLC is a programmable logic controller PLC.The ControlEdge RTU is a remote terminal unit RTU. An information disclosure vulnerability exists in the Honeywell ControlEdge PLC and RTU that can be...

Introduction to PLCs and Ladder Logic

Introduction We do a lot of client work with ICS, IIoT, and SCADA. We've been to various power plants, factories, electricity substations and they all use the same technology in the form of a PLC. A PLC is a Programmable Logic Controller. PLCs are what keep our Critical National Infrastructure...

Denial of Service Vulnerability in Proficy Machine Edition

Proficy Machine Edition is a PLC programming software developed by Emerson Trading Shanghai Co. A denial of service vulnerability exists in Proficy Machine Edition, which can be exploited by an attacker to cause a denial of service...

Multiple Mitsubishi Electric Products Resource Management Error Vulnerability

The Misubishi Electric MELSEC iQ-R series is a programmable logic controller from Misubishi Electric. A resource management error vulnerability exists in several Mitsubishi Electric products. An attacker could cause a denial of service by sending a large amount of data to the MELSOFT transport po...

Memory Corruption Vulnerability in Speed Control PLC Development Software

Speed Control Cloud Shanghai Intelligent Technology Co., Ltd, in cooperation with Shanghai Jiao Tong University, is a high-tech company specializing in the research and development of cloud box, HMI, PLC and other industrial Internet of Things automation products. A memory corruption vulnerabilit...

CVE-2020-6081

An exploitable code execution vulnerability exists in the PLCTask functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability...

3S-Smart Software Solutions CODESYS Runtime Remote Code Execution Vulnerability

3S-Smart Software Solutions CODESYS Runtime is a controller real-time runtime system based on IEC61131-3 standard programming from 3S-Smart Software Solutions, Germany. The system transforms any embedded or PC-based device into an IEC61131-3 compliant industrial controller. A security vulnerabili...

Denial of Service Vulnerability in GX Works2 (CNVD-2020-32342)

GX Works2 is a PLC programming software. A denial of service vulnerability exists in GX Works2. An attacker could cause a denial of service by sending constructed malicious packets that cause it to experience an illegal memory access resulting in a denial of service, or could potentially execute...

Denial of Service Vulnerability in GX Works2 (CNVD-2020-28228)

GX Works2 is a PLC programming software. GX Works2 suffers from a denial of service vulnerability that can be exploited by an attacker to cause a denial of service...

The vulnerability of the programming software for PLCs (programmable logic controllers), namely EcoStruxure Control Expert, is related to deficiencies in access control. This vulnerability allows a intruder to bypass the authentication process between EcoStruxure Control Expert and the PLC.

The vulnerability of the EcoStruxure Control Expert programming tool for programmable logic controllers is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to bypass the authentication process between the EcoStruxure Control Expert and the...

Command Execution Vulnerability in WideField3

WideField3 is a PLC programming software developed by Yokogawa Electric Group. A command execution vulnerability exists in WideField3, which can be exploited by an attacker to execute malicious code...

Unspecified Vulnerability in Multiple Schneider Electric Products (CNVD-2021-25704)

Schneider Electric Modicon M218 Logic Controller, etc. are a programmable logic controller from Schneider Electric France. A security vulnerability exists in a number of Schneider Electric products, which arises from a program that transmits sensitive information in clear text and can be exploite...

Multiple Schneider Electric Products Data Forgery Issue Vulnerabilities

Schneider Electric Modicon M218 Logic Controller, etc. are a programmable logic controller from Schneider Electric France. A data forgery vulnerability exists in multiple Schneider Electric products, which can be exploited by attackers to execute malicious code...

The vulnerability of the programmable user-programmable gate array (PPVM) for Xilinx Spartan, Artix, Kintex, and Virtex programmable integrated circuits lies in the possibility of intercepting/mocking the file containing the encrypted control bitstream, allowing a hacker to gain full control over the programmable integrated circuits.

The vulnerability of the programmable user-programmable gate array PPVM for Xilinx Spartan, Artix, Kintex, and Virtex programmable logic integrated circuits lies in the ability to intercept or replace the file containing the encrypted control bitstream. Exploiting this vulnerability can allow an...