The vulnerability of the development environment for CX-Programmers and microprogramming software of PLC Omron CJ2M and Omron CJ2H, related to the transmission of passwords in an open manner, allows attackers to intercept the passwords.

The vulnerability of the development environment CX-Programmer, which is part of the CX-One software suite designed for programming and configuring Omron PLCs, as well as Omron microcontrollers like CJ2M and CJ2H, stems from the transmission of passwords in an open manner. Exploiting this...

F5 Networks BIG-IP : NTP vulnerability (K07082049)

Buffer overflow in the legacy Datum Programmable Time Server DPTS refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device. CVE-2017-6462 C Tenable Network Security, Inc. The descriptive text and package checks in...

The vulnerability of the programmable logic controller S7-SoftPLC, related to the output of operations beyond the buffer in memory, allows a intruder to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the programmable logic controller S7-SoftPLC arises from the execution of an operation outside the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

Eaton ELCSoft Out-of-Bounds Access Remote Code Execution Vulnerability

The Eaton ELCSoft programmable logic control software runs on a PC and can help configure the ELC controller. An out-of-bounds access remote code execution vulnerability exists in Eaton ELCSoft, where memory access exceeds the end of the allocation buffer due to the program process failing to...

Eaton ELCSoft DEV File Parsing Out-of-Bounds Write Remote Code Execution Vulnerability

The Eaton ELCSoft programmable logic control software runs on a PC and can help configure the ELC controller. An out-of-bounds write remote code execution vulnerability exists in Eaton ELCSoft, which can be exploited by an attacker to execute arbitrary code in the context of the current process...

Siemens 300/400 Series PLC Remote Control Vulnerability

Programmable controller PLC is developed on the basis of relay control and computer control, and gradually developed into a new type of industrial automatic control device based on microprocessor and integrating modern technologies such as computer technology, automatic control technology and...

Unauthorized Access Vulnerability in Digital Programmable Subscriber Switch of NSN9000i Series IPPBX System of Shenzhen Guowei Saina Technology Co.

NSN9000i series IPPBX system is a new-generation hybrid IPPBX system developed by Xena Technology based on the latest IP technology and domestic market. The system combines the digital program-controlled subscriber switch platform developed by SANA Technology and the popular Asterisk application...

CVE-2017-6698

A vulnerability in the Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. More...

CVE-2017-6699

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an...

CVE-2017-6700

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM could allow an unauthenticated, remote attacker to conduct a Document Object Model DOM based environment or client-side cross-site scripting XSS attack against a us...

CVE-2017-6700

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM could allow an unauthenticated, remote attacker to conduct a Document Object Model DOM based environment or client-side cross-site scripting XSS attack against a us...

Input validation

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions;...

Default credentials

A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version...

CVE-2017-7898

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions;...

CVE-2017-7898

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions;...

CVE-2017-7899

CVE-2017-7899 affects Rockwell Automation Allen-Bradley MicroLogix 1100 (1763-L16Axx, DWD) and MicroLogix 1400 (1766-L32Axx, BWAA, etc.) PLCs. The root issue is Information Exposure: user credentials are sent to the web server via HTTP GET requests, enabling potential unauthorized retrieval. Conn...

CVE-2017-7902

CVE-2017-7902 affects Rockwell Automation Allen‑Bradley MicroLogix 1100 (1763-L16Axx, 16.00 and earlier) and MicroLogix 1400 (1766-L32Axx, 16.00 and earlier). The issue is nonce reuse in encryption, enabling an attacker to capture and replay a valid request until the nonce changes, potentially co...

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager SQL Injection Vulnerabilities

Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network Manager EPNM are both products of the U.S. Cisco Cisco.PI is a set of solutions for wireless management through Cisco Prime LAN Management Solution LMS and Cisco Prime Network Control System NCS technologies; EPNM is a network...

Cisco PI/EPNM Cross-Site Scripting Vulnerability

Cisco Prime Infrastructure is a solution for wireless management through Cisco Technologies LMS and NCS. Cisco Prime Infrastructure PI, Evolved Programmable Network Manager EPNM has a security vulnerability in the web management interface, where an unauthenticated remote attacker executes a...

Cisco Prime Infrastructure and Evolved Programmable Network Manager Cross-Site Scripting Vulnerabilities

Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network Manager EPNM are both products of the U.S. Cisco Cisco.PI is a set of solutions for wireless management through Cisco Prime LAN Management Solution LMS and Cisco Prime Network Control System NCS technologies; EPNM is a network...