The vulnerability of the embedded software of the programmable logic controller OVEEN PLK110 allows a intruder to perform overwriting of the system’s memory space.

The vulnerability of the embedded software of the OVEEN PLK110 programmable logic controller is related to the existence of an undocumented capability in the write commands. Exploiting this vulnerability allows a malicious actor to perform overwrites in the system’s memory space writing data to a...

Heap Buffer Overflow Vulnerability in Multiple Delta Electronics Products

Delta Electronics WPLSoft and others are software control platforms used by Delta Electronics to edit the Delta DVP series of programmable logic controllers PLCs. A heap buffer overflow vulnerability exists in multiple Delta Electronics products. An attacker could exploit this vulnerability to...

SIMATIC S7-300 and S7-400 CPU Denial of Service Vulnerability

SIMATIC S7-300 CPUs and S7-400 CPUs are central processing unit modules for programmable controllers from Siemens. A denial of service vulnerability exists in the SIMATIC S7-300 CPUs and S7-400 CPUs. An attacker could exploit this vulnerability by sending specially crafted packets to cause a deni...

Phoenix Contact ILC Security Bypass Vulnerability

Phoenix Contact ProConOs and MultiProg are programmable logic controllers PLCs for use in industrial PCs from the Phoenix Contact group. A security bypass vulnerability exists in the Phoenix Contact ILC PLCs, which can be exploited by an unauthenticated attacker to access read and write PLC...

CVE-2016-6443

A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information:...

CVE-2016-6443

A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information:...

CVE-2016-6443

CVE-2016-6443 affects Cisco Prime Infrastructure and Evolved Programmable Network Manager (EPNM) with a SQL database interface vulnerability. The issue is a lack of input validation in SQL queries, allowing an authenticated, remote attacker to execute a subset of arbitrary SQL statements that can...

CVE-2016-5505

Unspecified vulnerability in the RDBMS Programmable Interface component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in the RDBMS Programmable Interface component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors...

CVE-2016-5505

CVE-2016-5505 affects Oracle Database Server (RDBMS Programmable Interface) in versions 11.2.0.4 and 12.1.0.2. The vulnerability is local and allows an attacker to affect confidentiality via unknown vectors; the CVSSv3 base score is 5.5 (Medium) with local access, low attack complexity, and no us...

CVE-2016-5505

Unspecified vulnerability in the RDBMS Programmable Interface component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors...

Unspecified Vulnerability in Oracle Database Server RDBMS Programmable Interface Component

Oracle Database Server is the United States Oracle Oracle company's set of relational database management system. RDBMS Programmable Interface is one of the database programming interface components. A local security vulnerability exists in the RDBMS Programmable Interface component of Oracle...

Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerability

Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network Manager EPNM are both products of the U.S. Cisco Cisco.PI is a set of solutions for wireless management through Cisco Prime LAN Management Solution LMS and Cisco Prime Network Control System NCS technologies; EPNM is a network...

Cisco Prime Infrastructure and Evolved Programmable Network Manager Database Interface SQL Injection Vulnerability

A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. The vulnerability is...

Schneider Electric Model TSXP572634M PLC Bypasses Certification Vulnerability

Schneider Electric Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. When the configuration software is connected to the PLC, all computers that are successfully connected to the P...

AB 1769 PLC ARP Syntax Denial of Service Vulnerability

The AB 1769 PLC is an all-in-one, industrial-grade, high-performance programmable controller. The AB 1769 PLC suffers from an ARP syntax denial of service vulnerability. An attacker can cause the device protocol stack to crash or even cause the device to go down by modifying the ARP header...

PLC Blaster Worm Targets Industrial Control PLCs

LAS VEGAS – Security researchers at Black Hat USA described a proof-of-concept worm that targets weaknesses within automated industrial control systems used to manage critical infrastructure and manufacturing. The worm, according to OpenSource Security, has the capability to autonomously search f...

Multiple vulnerabilities in WAGO IO PLCs (CNVD-2016-05505)

The WAGO IO PLC 758-870 and 750-849 are bus editable logic controller modules from WAGO Germany. A security bypass vulnerability and a power lifting vulnerability exists in the WAGO IO PLC 758-870 and 750-849 versions, which can be exploited by an attacker to execute arbitrary code, bypass securi...

Vulnerability of Cisco IOS software, which allows a malicious actor to trigger a service failure

Vulnerability in Cisco IOS – when using with Kailash FPGA programmable switch matrix, on devices RSP720-3C-10GE and RSP720-3CXL-10GE, allows malicious actors to remotely cause malfunctions in the switching equipment by using specially crafted IP packets...

CVE-2016-1408

Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager EPNM 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488...