Denial of Service Vulnerability in Hologic LE5109L PLC (CNVD-2018-18906)

HOLLIS Group is a professional automation company integrating R&D, production, sales and technical service. A denial of service vulnerability exists in the HELISE LE5109L PLC, which can be exploited by an attacker to cause the PLC to be remotely controlled by constructing specific private protoco...

Remote Controller Removal Vulnerability in HOLLYWOOD LE5109L PLCs

HOLLIS Group is a professional automation company integrating R&D, production, sales and technical service. A remote controller removal vulnerability exists in the Hologic LE5109L PLC, where an attacker can construct specific modbus packets to remotely remove all program and configuration...

Arbitrary Program Removal Vulnerability in HOLLYWOOD LE5109L PLCs

HOLLIS Group is a professional automation company integrating R&D, production, sales and technical service. An arbitrary program removal vulnerability exists in the HELISE LE5109L PLC, which can be exploited by an attacker to cause malicious removal of programs from the PLC controller via...

Remote Control Vulnerability in Haiwell C10S0R(-e) PLCs

C10S0R-e PLC is a product in the programmable logic controller PLC series of Xiamen Haiwei Technology Co. The Haiwell C10S0R-e PLC suffers from a remote control vulnerability, which can be exploited by an attacker to control PLC startup and stopping via unauthorized construction of specific netwo...

Information Disclosure Vulnerability in Haiwell C10S0R(-e) PLCs

C10S0R-e PLC is a product in the programmable logic controller PLC series of Xiamen Haiwei Technology Co. The Haiwell C10S0R-e PLC suffers from an information disclosure vulnerability that can be exploited by an attacker to obtain PLC configuration information via unauthorized construction of...

Haiwell C10S0R(-e) PLC Arbitrarily Change Configuration Information Vulnerability

C10S0R-e PLC is a product in the programmable logic controller PLC series of Xiamen Haiwei Technology Co. The Haiwell C10S0R-e PLC is vulnerable to arbitrary change of configuration information, which can be exploited by an attacker to change the configuration information of the PLC through...

Memory Arbitrary Tampering Vulnerability in Haiwell C10S0R(-e) PLCs

C10S0R-e PLC is a product in the programmable logic controller PLC series of Xiamen Haiwei Technology Co. The Haiwell C10S0R-e PLC suffers from an arbitrary memory tampering vulnerability, which can be exploited by an attacker to control the output of the PLC via unauthorized construction of...

Password Leakage Vulnerability in DCCE MAC1100 PLCs

MAC1100 PLC is a programmable logic controller manufactured by Dalian Polytechnic Computer Control Engineering Co. A password leakage vulnerability exists in the DCCE MAC1100 PLC, which can be exploited by an attacker to obtain the PLC user name and password while the computer is connected to the...

Denial of Service Vulnerability in DCCE MAC1100 PLCs

MAC1100 PLC is a programmable logic controller manufactured by Dalian Polytechnic Computer Control Engineering Co. A denial of service vulnerability exists in the DCCE MAC1100 PLC, which can be exploited by an attacker to cause the PLC to shut down and the CPU to deny service via unauthorized...

Podcast: The Industrial World is Facing a Security Crisis

As more industrial systems become connected, so follows increased awareness of security issues surrounding industrial control systems, programmable logic controllers and SCADA. These once rare worlds of operational technology OT and IoT have now become part of the mainstream cybersecurity...

Remote Code Upload Vulnerability in DCCE MAC1100 PLCs

The MAC1100 PLC Programmable Logic Controller PLC is a product in the Dalian Computer Control DCCE Programmable Logic Controller PLC series. A remote code upload vulnerability exists in the DCCE MAC1100 PLC. An attacker can exploit this vulnerability to construct malicious control code, remotely...

Buffer overflow vulnerability in multiple Schneider Electric products (CNVD-2018-11262)

Schneider Electric Modicon M340, etc. are programmable logic controller products of Schneider Electric France. A buffer overflow vulnerability exists in the web service used to process SOAP requests in several Schneider Electric products. An attacker could exploit this vulnerability to cause a...

PLCWinNT software suffers from a memory leak vulnerability

CoDeSys is a complete development environment for programmable logic control PLCs, in which simulation functions can be implemented by configuring the PLCWinNT software. A memory leak vulnerability exists in the PLCWinNT software that corresponds to the V2 version of CoDeSys. An attacker can...

Information Disclosure Vulnerability in Hologic LE5109L PLCs

HELISE Group is a professional automation company integrating R&D, production, sales and technical service. With integrated Ethernet, PROFIBUS-DP, RS232 and RS485 interfaces, HELISE's PLCs have been widely used in electric power, chemical industry, metallurgy, energy and other fields. An...

Denial of Service Vulnerability in Hologic LE5109L PLC (CNVD-2018-08756)

HELISE Group is a professional automation company integrating R&D, production, sales and technical service. With integrated Ethernet, PROFIBUS-DP, RS232 and RS485 interfaces, HELISE's PLCs have been widely used in electric power, chemical industry, metallurgy, energy and other fields. A denial of...

Denial of Service Vulnerability in Tengen Controls T920 PLCs

T-920 Programmable Logic Controller PLC is a product in the T9 series Programmable Logic Controller PLC series of China TengControl Technology TENGCONTROL TECHNOLOGY. The product is widely used in tobacco, petrochemical, water and other important industrial control site. A denial of service...

Denial of Service Vulnerability in Tengen Controls T920 PLC (CNVD-2018-08788)

T-920 Programmable Logic Controller PLC is a product in the T9 series Programmable Logic Controller PLC series of China TengControl Technology TENGCONTROL TECHNOLOGY. The product is widely used in tobacco, petrochemical, water and other important industrial control site. A denial of service...

Allen Bradley Micrologix 1400 Series B FRN Access Control Vulnerability (CNVD-2018-08278)

Allen Bradley Micrologix 1400 Series B FRN is a programmable logic controller from Rockwell Automation. An access control vulnerability exists in the data, program, and function file permissions functions in the Allen Bradley Micrologix 1400 Series B FRN 21.2 and earlier. An attacker could exploi...

CVE-2018-8836

Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be sent to Port...

Denial of Service Vulnerability in Multiple Siemens Products (CNVD-2018-06025)

The SIMATIC CP 343-1 Advanced is an Ethernet communication module that supports PROFINET, the new generation of automation bus standards based on industrial Ethernet technology. 1500 is a programmable logic controller. A denial of service vulnerability exists in several Siemens products. An...