FUXA 1.2.8 - Authentication Bypass + RCE Exploit

Exploit Title: FUXA 1.2.8 - Authentication Bypass + RCE Exploit Date: 2026-02-25 Exploit Author: Joshua van der Poll https://github.com/joshuavanderpoll/ Software Link: https://github.com/frangoteam/FUXA/tree/v1.2.8 Vendor Homepage: https://github.com/frangoteam/FUXA Version: FUXA 1.2.8. Do not u...

Improper Authentication

Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Improper Authentication via the authentication process. An attacker can gain administrative access and execute arbitrary code by bypassing authentication...

Siemens WinCC OA

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC WinCC OA Vulnerability: Use of Client-side Authentication CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in multiple operational...

Siemens SIMATIC WinCC (Update E)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2018-17904

Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code...

CVE-2018-17904

Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code...

7-Technologies IGSS Denial of Service (Update A)

Overview ICS-CERT has become aware of multiple denial-of-service DoS vulnerabilities in the 7-Technologies 7T Interactive Graphical SCADA System IGSS supervisory control and data acquisition SCADA human-machine interface HMI application. All vulnerabilities are remotely exploitable. 7T has...

Information Disclosure Vulnerability in Taiwan Tibbo Group AggreGate SCADA-HMI Industrial Software

AggreGate SCADA/HMI is a system for visualizing and operating processes, production flows, machines and equipment. It is a multi-user distributed solution that provides monitoring and surveillance for many industries. An information disclosure vulnerability exists in Taiwan Tibbo Group's AggreGat...

Ecava IntegraXor

CVSS v3 5.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Ecava Equipment: IntegraXor Vulnerabilities: SQL Injection AFFECTED PRODUCTS The following version of IntegraXor, a web SCADA/HMI solution, is affected: Ecava IntegraXor v 6.1.1030.1 and prior. IMPACT Successful...

Progea Movicon 11.5.1181 Search Path Issues Vulnerability

Progea Movicon versions 11.5.1181 and below suffer from search path related vulnerabilities. Vendor: Progea Equipment: Movicon SCADA/HMI Vulnerability: Uncontrolled Search Path Element, Unquoted Search Path or Element Advisory URL...

Progea Movicon 11.5.1181 Search Path Issues

Vendor: Progea Equipment: Movicon SCADA/HMI Vulnerability: Uncontrolled Search Path Element, Unquoted Search Path or Element Advisory URL https://ipositivesecurity.com/2017/10/28/ics-progea-movicon-scadahmi-vulnerabilities/ ICS-CERT Advisory https://ics-cert.us-cert.gov/advisories/ICSA-17-290-01...

Ecava IntegraXor

CVSS v3 7.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Ecava Equipment: IntegraXor Vulnerability: SQL Injection AFFECTED PRODUCTS The following versions of IntegraXor, a web SCADA/HMI solution, are affected: IntegraXor Versions 5.2.1231.0 and prior. IMPACT Successful...

GEOVAP Reliance 4 Control Server Privilege Escalation Vulnerability

GEOVAP Reliance 4 Control Server suffers from an unquoted search path issue impacting the service 'RelianceOpcDaWrapper' for Windows deployed as part of Reliance 4 SCADA/HMI system installer including Reliance OPC Server. This could potentially allow an authorized but non-privileged local user to...

GEOVAP Reliance 4 Control Server Unquoted Service Path Elevation Of Privilege

Summary Reliance is a professional SCADA/HMI system designed for the visualization and control of industrial processes and for building automation. Description The application suffers from an unquoted search path issue impacting the service 'RelianceOpcDaWrapper' for Windows deployed as part of...

MICROSYS PROMOTIC Stack Buffer Overflow

OVERVIEW An anonymous researcher working with HP’s Zero Day Initiative has identified a stack-based buffer overflow vulnerability in the MICROSYS, spol. s r.o. PROMOTIC application. MICROSYS, spol. s r.o. has produced a new version that mitigates this vulnerability. This vulnerability could be...

Tibbo AggreGate SCADA/HMI Server Service uploadDirectory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tibbo AggreGate SCADA/HMI. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Windows service "AggreGate Server Service" agserverservice.exe. Through...

KAKO HMI Hardcoded Password Security Bypass Vulnerability

KAKO HMI is a Scada HMI. The KAKO HMI has a built-in hard-coded password that allows a remote attacker to exploit a vulnerability to bypass authentication mechanisms and gain access to affected devices...

Industrial safety: BlackEnergy（dark）the use of the Siemens WinCC system has been repaired loopholes to launch attacks-vulnerability warning-the black bar safety net

Researchers recently found that the malware BlackEnergy（dark forces are using Siemens SIMATIC WinCC（Siemens the most classic process monitoring system has been repaired loopholes to re-attack the SCADA HMI system. ! Comeback: the BlackEnergy then update the BlackEnergy（dark）is an automated networ...

Sielco Sistemi Winlog <= 2.07.16 Buffer Overflow

No description provided by source. !/usr/bin/ruby Exploit Title: Sielco Sistemi Winlog Buffer Overflow = v2.07.16 Date: 05.06.2012 Exploit Author: m1k3 Vendor Homepage: http://www.sielcosistemi.com/en/download/public/winloglite.html Software Link:...

progea movicon / powerhmi <= 11.2.1085 - Multiple Vulnerabilities

No description provided by source. Luigi Auriemma Application: Progea Movicon / PowerHMI http://www.progea.com Versions: = 11.2.1085 Platforms: Windows Bug: memory corruption Exploitation: remote Date: 13 Sep 2011 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction ...