CVE-2024-41927

Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated...

CVE-2024-41927

The CVE-2024-41927 entry covers a cleartext transmission of sensitive information in multiple IDEC PLCs (CWE-319). Affected products include IDEC’s FC6A/FC6B MICROSmart modules (various firmware versions) and FT1A/FT1B lines, with specific version ceilings noted in vendor advisories. The root cau...

CVE-2024-41927

Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated...

CVE-2023-52488 serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO

In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: convert from raw to noinc regmap functions for FIFO The SC16IS7XX IC supports a burst mode to access the FIFOs where the initial register address is sent $00, followed by all the FIFO data without having to...

CVE-2022-2003 AutomationDirect DirectLOGIC with Serial Communication Cleartext Transmission

AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC...

AutomationDirect DirectLOGIC with Serial Communication

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Low attack complexity Vendor: AutomationDirect Equipment: DirectLOGIC with Serial Communication Vulnerability: Cleartext Transmission of Sensitive Information 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the original...

UVI-2021-1001277 tty: serial: 8250: serial_cs: Fix a memory leak in error handling path

tty: serial: 8250: serialcs: Fix a memory leak in error handling path This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.52 by commit...

Bluefin (Ingenico) IPP320 failing to communicate with Sage Exchange Desktop via ICA Channel Serial COM Port

Serial COM port redirected device Bluefin Ingenico IPP320 with encryption, fails to complete the communication with the Sage Payment Solutions...

A for TP-Link debug Protocol TDDP）vulnerability Mining the story-vulnerability warning-the black bar safety net

I wrote this article originally in order to simplify the WiFi penetration testing research work. We want to use last year by the Core Security released WIWO, it can be a computer network interface and a WiFi Router between the establishment of a transparent channel. Research the first step is to...