Unpatchable 'Starbleed' Bug in FPGA Chips Exposes Critical Devices to Hackers

A newly discovered unpatchable hardware vulnerability in Xilinx programmable logic products could allow an attacker to break bitstream encryption, and clone intellectual property, change the functionality, and even implant hardware Trojans. The details of the attacks against Xilinx 7-Series and...

Intel FPGA Programmable Acceleration Card N3000 Elevation of Privilege Vulnerability

The Intel FPGA Programmable Acceleration Card N3000 is a full-duplex 100 Gbps in-system reprogrammable acceleration card for multi-workload network application acceleration. An elevation of privilege vulnerability exists in the Intel FPGA Programmable Acceleration Card N3000. An attacker can...

CVE-2019-14625

The CVE-2019-14625 issue affects the Intel FPGA Programmable Acceleration Card N3000 (all versions) and is described as improper access control in on-card storage. The underlying problem allows a privileged local attacker to potentially cause a denial of service. The Intel advisory confirms this ...

CVE-2019-14626

The CVE-2019-14626 issue affects the Intel FPGA Programmable Acceleration Card N3000 (PCIe function). The root cause is improper access control in the PCIe function, which may allow a privileged local user to escalate privileges. Affected versions are all versions of the N3000. Reports/entries de...

WAGO PFC200 Input Validation Error Vulnerability

The WAGO PFC 200 is a programmable logic controller PLC from the German company WAGO. An input validation error vulnerability exists in the cloud connectivity feature in WAGO PFC 200 using firmware versions 03.02.0214, 03.01.0713, and 03.00.3912. An attacker could exploit this vulnerability to ga...

WAGO PFC100 Resource Management Error Vulnerability

The WAGO PFC100 is a programmable logic controller PLC from WAGO Germany. A source management error vulnerability exists in the WAGO PFC100 funding, which can be exploited by an attacker to cause a denial of service...

WAGO PFC 200 Operating System Command Injection Vulnerability

The WAGO PFC 200 is a programmable logic controller PLC from the German company WAGO. An operating system command injection vulnerability exists in the cloud connectivity feature of the WAGO PFC 200 using firmware versions 03.02.0214, 03.01.0713, and 03.00.3912. The vulnerability stems from a...

The vulnerability in the vManage web interface of Cisco SD-WAN’s programmatically defined network allows a attacker to compromise the confidentiality and integrity of the protected information.

The vulnerability in the vManage web interface of Cisco’s programmable network architecture involves a lack of protection for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the confidentiality and integrity of the protected information...

Multiple Siemens Products Resource Consumption Vulnerability

Siemens SIMATIC S7-300 CPUs etc. are products of Siemens, Germany.SIMATIC S7-300 CPUs is a CPU Central Processing Unit module.Siemens SIMATIC S7-1200 is a PLC Programmable Logic Controller of the S7-1200 series. Siemens SIMATIC S7-400 is a programmable logic controller for manufacturing and proce...

The vulnerability of the user interface of the programmatically defined Cisco SD-WAN network allows a hacker to execute arbitrary commands with user privileges from the vmanage system within the vulnerable system.

The vulnerability of the programmable user interface in Cisco SD-WAN networks is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with privileges as the vmanage user on the vulnerable system...

SIEMENS SCALANCE X witches series authentication bypass vulnerability

SCALANCE X witches are used to connect industrial components such as programmable logic controllers PLCs or human machine interfaces HMIs. An authentication bypass vulnerability exists in the SIEMENS SCALANCE X witches family. An attacker could exploit this vulnerability to obtain sensitive...

Buffer Overflow Vulnerability in WECON PLC Editor

WECON PLC Editor is a programming software for Programmable Logic Controllers PLC from WECON Technologies, China. A buffer overflow vulnerability exists in WECON PLC Editor, which can be exploited by an attacker to cause a denial of service or code execution with the privileges of the application...

Denial of service vulnerability in schneider M580 (CNVD-2020-04562)

Schneider Electric SA is a global electrical company headquartered in France and a global specialist in energy efficiency management and automation. A denial of service vulnerability exists in the schneider M580, which can be exploited by an attacker to cause the loss of the PLC's internal...

Denial of Service Vulnerability in Omron PLC at Omron Automation (China) Co.

The OMRON PLC is a full-featured compact PLC that provides high value-added machine control for industry-leading conveyor decentralized control and more. A denial of service vulnerability exists in the Omron PLC of Omron China Ltd. that can be exploited by attackers to cause a denial of service...

CVE-2019-18236

Multiple buffer overflow vulnerabilities exist when the PLC Editor Version 1.3.520190129 processes project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application...

WAGO PFC 200 'I/O-Check' Buffer Overflow Vulnerability

The WAGO PFC 200 and WAGO PFC 100 are both programmable logic controllers PLCs from WAGO Germany. A buffer overflow vulnerability exists in the 'I/O-Check' function in the WAGO PFC 200 and PFC100. The vulnerability originates when a networked system or product performs an operation on memory...

WAGO PFC 200 Buffer Overflow Vulnerability

The WAGO PFC 200 is a programmable logic controller PLC from the German company WAGO. A buffer overflow vulnerability exists in the I/O-Check function in the WAGO PFC 200. The vulnerability originates when a networked system or product performs an operation on memory without properly validating...

WAGO PFC200 Buffer Overflow Vulnerability (CNVD-2019-46395)

The WAGO PFC200 is a programmable logic controller PLC from WAGO Germany. A buffer overflow vulnerability exists in the WAGO PFC200. The vulnerability originates when a networked system or product performs an operation on memory without properly validating data boundaries, resulting in incorrect...

CVE-2019-18832

Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Button implements encryption at rest which uses a one-time programmable OTP AES encryption key. This key is shared across all ClickShare Buttons of model R9861500D01...

Denial of Service Vulnerability in NA400 of Nanda Aotuo Technology Jiangsu Co.

The NA400 is a programmable controller. A denial of service vulnerability exists in the NA400 of Nanda Aotuo Technology Jiangsu Co. An attacker can cause a denial of service to the device by continuously sending specific packets...