CVE-2021-32986

After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without...

CVE-2022-25230

Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One v4.60 suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325...

Horner Automation Cscape EnvisionRV Input Validation Error Vulnerability

Horner Automation Cscape EnvisionRV is a programming software for industrial control system development from Horner Automation, U.S. An input validation error vulnerability exists in Horner Automation Cscape EnvisionRV, which could be exploited by an attacker to execute arbitrary code in the...

WECON LeviStudioU

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: WECON Equipment: LeviStudioU Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow remote code execution. 3. TECHNICAL...

DOPSoft Stack Buffer Overflow Vulnerability

DOPSoft is a Human Machine Interface HMI programming software from Delta Electronics. A stack buffer overflow vulnerability exists in DOPSoft 4.00.11 and earlier versions. The vulnerability can be exploited by an attacker to execute arbitrary code via a specially crafted project file...

Schneider Electric homeLYnk and spaceLYnk Unauthorized Access Vulnerability

Schneider Electric homeLYnk and spaceLYnk are both automation programming software for different logic controllers from Schneider Electric, France. An unauthorized access vulnerability exists in Schneider Electric homeLYnk and spaceLYnk, which arises from the presence of a broken or dangerous...

Binary Vulnerability in Kinco Builder

Kinco Builder is a PLC programming software for KS101M-04DX K209M-56DT HP070-33DT devices. A binary vulnerability exists in Kinco Builder, which can be exploited by attackers to cause a denial of service...

Denial of Service Vulnerability in Schneider Control Expert

Control Expert is a suite of programming software for Schneider Electric logic controller products. A denial of service vulnerability exists in Schneider Control Expert. An attacker could exploit this vulnerability to cause a denial of service...

Denial of Service Vulnerability in GX Works2 (CNVD-2021-16895)

GX Works2 is a PLC programming software. A memory out-of-bounds access vulnerability exists in GX Works2. An attacker could exploit this vulnerability to cause the program to crash...

Code Injection Vulnerability in GX Works2

GX Works2 is a PLC programming software. A code injection vulnerability exists in GX Works2. An attacker can exploit this vulnerability to gain server privileges...

Programming Cat Small Office Customized Classes has a dll hijacking vulnerability

Programming Cat Small Office Customized Class is a programming learning software. Programming Cat Small Office Customized Class has a dll hijacking vulnerability. An attacker can exploit the vulnerability to load a malicious dll and execute malicious code...

Red Lion Controls Crimson 安全漏洞

Crimson is a programming software from Red Lion. Crimson suffers from a resource improperly closed or freed vulnerability. An attacker can exploit this vulnerability by sending a specially crafted message to leak arbitrary memory locations...

Siemens LOGO! 8 BM 加密问题漏洞

Siemens LOGO! 8 BM is a programming software for industrial environments for the Windows platform from Siemens Germany. A security vulnerability exists in Siemens LOGO! 8 BM, which can be exploited by an attacker to gain unauthorized full access to all services...

Denial of Service Vulnerability in Mitsubishi Electric Corporation GX Works2 (CNVD-2020-49073)

GX Work2 is a PLC programming software developed by Mitsubishi Electric Automation Co., Ltd. for PLC design, debugging, maintenance and other work, which is widely used in electric power, machinery manufacturing, iron and steel, petroleum, chemical and other industrial control fields. A denial of...

Denial of Service Vulnerability in Mitsubishi Electric Corporation GX Works2 (CNVD-2020-49072 )

GX Work2 is a PLC programming software developed by Mitsubishi Electric Automation Co., Ltd. for PLC design, debugging, maintenance and other work, which is widely used in electric power, machinery manufacturing, iron and steel, petroleum, chemical and other industrial control fields. A denial of...

Denial of Service Vulnerability in Proficy Machine Edition (CNVD-2020-32607)

Proficy Machine Edition is a PLC programming software developed by Emerson Trading Shanghai Co., Ltd. for designing, debugging, programming, and maintaining GE RX 3i and GE RX7i series PLCs, which is widely used in industrial control fields such as electric power, machinery manufacturing, steel,...

Schneider Electric Modicon M580 UMAS cleartext data transmission vulnerability

Summary An exploitable information disclosure vulnerability exists in the UMAS functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.80. An attacker can sniff network traffic to exploit this vulnerability. Tested Versions Schneider Electric...

XG5000 suffers from dll hijacking vulnerability

XG5000 is a software for programming and debugging XGT/XGB series PLCs. XG5000 suffers from a dll hijacking vulnerability that can be exploited by attackers to execute malicious code...

Horner Automation/APG Cscape Programming Software Detection (Windows SMB Login)

SMB login-based detection of Horner Automation formerly Horner APG Cscape Programming software. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

WECON LeviStudioU Stack Heap Buffer Overflow Vulnerability

WECON LeviStudio is a set of HMI programming software from WECON China. WECON LeviStudioU suffers from a stack heap buffer overflow vulnerability that could allow an attacker to execute remote code...