109 matches found
Design/Logic Flaw
The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cleartext password. It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. Access to these communications is protected by a password stored in cleartext in the wmdlcdrv.ini driver configuration...
Hardcoded credentials
Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities...
CVE-2022-30276
The CVE-2022-30276 issue affects Motorola MOSCAD IP Gateway and ACE IP Gateway (MDLC lines) through 2022-05-02. The root cause is the IPGW protocol (port 5001/TCP) lacking authentication, enabling an adversary who can reach the port to invoke a range of engineering functions (e.g., RTU configurat...
CVE-2022-30276
The Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an authentication requirement. They feature IP Gateway modules which allow for interfacing between Motorola Data Link Communication MDLC networks potentially over a variety of serial, RF and/or Ethernet links and TCP/IP networks...
CVE-2022-30269
Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In the case of the Easy Configurator, application images as PLX/DAT/APP/CRC files are uploaded via the...
CVE-2022-30269
Motorola ACE1000 RTUs up to 2022-05-02 are affected by CVE-2022-30269: the ACE1000 allows custom application installation via STS, the C Toolkit, or the Easy Configurator, with images uploaded via Web UI or transferred via SFTP/SSH. The vulnerability stems from missing firmware signing/authentica...
CVE-2022-30275
The CVE-2022-30275 entry concerns Motorola MOSCAD Toolbox software (through 2022-05-02) that stores a password in plaintext in the wmdlcdrv.ini driver configuration file. The same password is used for access control to MOSCAD/STS projects via the Legacy Password feature, and an insecure CRC of th...
CVE-2022-30275
The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cleartext password. It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. Access to these communications is protected by a password stored in cleartext in the wmdlcdrv.ini driver configuration...
CVE-2022-29960
Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities...
CVE-2022-29960
CVE-2022-29960 affects Emerson OpenBSI (engineering environment for ControlWave/Bristol Babcock RTUs) through 2022-04-29. The root cause is the use of DES with hardcoded cryptographic keys to protect system credentials, engineering files, and sensitive utilities. Exploitation requires local acces...
Oracle Linux 8 : ol8addon (ELSA-2022-17957)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-17957 advisory. - Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larg...
Siemens SICAM MMU, SICAM T, and SICAM SGU Authentication Bypass By Capture-Replay (CVE-2020-10045)
A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An error in the challenge-response procedure could allow an attacker to replay authentication traffic and gain access to protected areas of the web application. This plugin onl...
Siemens SICAM A8000 RTUs Protection Mechanism Failure (CVE-2020-28396)
A vulnerability has been identified in SICAM A8000 CP-8000 All versions V16, SICAM A8000 CP-8021 All versions V16, SICAM A8000 CP-8022 All versions V16. A web server misconfiguration of the affected device can cause insecure ciphers usage by a users browser. An attacker in a privileged position...
CVE-2021-22816
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a Denial of Service of the RTU when receiving a specially crafted request over Modbus, and the RTU is configured as a Modbus server. Affected Products: SCADAPack 312E, 313E, 314E, 330E, 333E, 334...
CVE-2021-22816
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a Denial of Service of the RTU when receiving a specially crafted request over Modbus, and the RTU is configured as a Modbus server. Affected Products: SCADAPack 312E, 313E, 314E, 330E, 333E, 334...
Flaws in Ovarro TBox RTUs Could Open Industrial Systems to Remote Attacks
As many as five vulnerabilities have been uncovered in Ovarro's TBox remote terminal units RTUs that, if left unpatched, could open the door for escalating attacks against critical infrastructures, like remote code execution and denial-of-service. "Successful exploitation of these vulnerabilities...
CVE-2020-15781
A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs All versions V05.30. The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting victim views the log messages via the web browser,...
CVE-2020-15781
CVE-2020-15781 affects Siemens SICAM A8000 SICAM WEB firmware prior to version 05.30. The login page fails to adequately sanitize input, allowing an attacker to generate specially crafted log messages that, when viewed in a browser, may be interpreted and executed as code (XSS). Impacted product:...
CVE-2020-15781
A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs All versions V05.30. The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting victim views the log messages via the web browser,...
Operational Technology Networks or OT
Operational Technology Networks or OT Notes: It’s mixing up OT with maritime, so probably isn’t suitable as is. The first section is really good, very relevant. We can use all of that. Once we get in to NMEA data, then it goes off topic. I suggest: Network equipment such as the Scalance Then a...