The vulnerability of the software environment of Siemens Tecnomatix Plant Simulation allows a perpetrator to execute arbitrary code.

The vulnerability of the software environment of Siemens Tecnomatix Plant Simulation lies in the writing beyond buffer boundaries. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created SPP file...

Fuji Electric TELLUS/TELLUS Lite Out-of-Bounds Read Vulnerability (CNVD-2025-16533)

Fuji Electric TELLUS and Fuji Electric TELLUS Lite are both products of Fuji Electric, Japan.Fuji Electric TELLUS is a specialized software for advanced features, user-friendliness and remote control.Fuji Electric TELLUS Lite is a remote control software. Fuji Electric TELLUS and Fuji Electric...

PT-2023-4020 · Siemens · Tecnomatix Plant Simulation

Name of the Vulnerable Software and Affected Versions: Tecnomatix Plant Simulation V2201 versions prior to V2201.0008 Tecnomatix Plant Simulation V2302 versions prior to V2302.0002 Description: A heap-based buffer overflow vulnerability has been identified in the affected application while parsin...

cancelUnstake lack payoutRewards before mint shares

Lines of code Vulnerability details cancelUnstake will cancel the withdrawal request in the queue can mint shares as the current stakeRate. But it doesn't payoutRewards before mintStakes. Therefor it will mint stRsr as a lower rate, which means it will get more rsr. Impact Withdrawers in the...

PT-2023-6479 · Siemens · Tecnomatix Plant Simulation

Name of the Vulnerable Software and Affected Versions: Tecnomatix Plant Simulation versions prior to V2201.0008 Tecnomatix Plant Simulation versions prior to V2302.0002 Description: A vulnerability has been identified in the affected application, which contains an out of bounds write past the end...

(Pwn2Own) Prosys OPC UA Simulation Server OpenSecureChannel Resource Exhaustion Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Prosys OPC UA Simulation Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OpenSecureChannel messages. By sending a...

New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids

A new strain of malicious software that's engineered to penetrate and disrupt critical systems in industrial environments has been unearthed. Google-owned threat intelligence firm Mandiant dubbed the malware COSMICENERGY , adding it was uploaded to the VirusTotal public malware scanning utility i...

PT-2023-4018 · Siemens · Tecnomatix Plant Simulation

Name of the Vulnerable Software and Affected Versions: Tecnomatix Plant Simulation versions prior to V2201.0008 Tecnomatix Plant Simulation versions prior to V2302.0002 Description: The issue is related to a stack-based buffer overflow in the affected application when parsing specially crafted SP...

PT-2023-4021 · Siemens · Tecnomatix Plant Simulation

Name of the Vulnerable Software and Affected Versions: Tecnomatix Plant Simulation V2201 versions prior to V2201.0008 Tecnomatix Plant Simulation V2302 versions prior to V2302.0002 Description: A type confusion vulnerability has been identified in the affected application while parsing STP files...

PT-2023-4072 · Siemens · Tecnomatix Plant Simulation

Name of the Vulnerable Software and Affected Versions: Tecnomatix Plant Simulation versions prior to V2201.0008 Tecnomatix Plant Simulation versions prior to V2302.0002 Description: The issue is related to a stack-based buffer overflow in the affected application when parsing specially crafted ST...

Zero Trust + Deception: Join This Webinar to Learn How to Outsmart Attackers!

Cybersecurity is constantly evolving, but complexity can give hostile actors an advantage. To stay ahead of current and future attacks, it's essential to simplify and reframe your defenses. Zscaler Deception is a state-of-the-art next-generation deception technology seamlessly integrated with the...

Zero Trust + Deception: Join This Webinar to Learn How to Outsmart Attackers!

Cybersecurity is constantly evolving, but complexity can give hostile actors an advantage. To stay ahead of current and future attacks, it's essential to simplify and reframe your defenses. Zscaler Deception is a state-of-the-art next-generation deception technology seamlessly integrated with the...

(Pwn2Own) Prosys OPC UA Simulation Server Resource Exhaustion Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Prosys OPC UA Simulation Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of message chunks. By sending a large number ...

Rockwell Automation Arena Simulation Software Buffer Overflow Vulnerability (CNVD-2023-49821)

Rockwell Automation Arena Simulation Software is a suite of simulation software from Rockwell Automation that provides 3D animation and graphics capabilities. A buffer overflow vulnerability exists in Rockwell Automation Arena Simulation Software, which can be exploited by an attacker to submit...

Rockwell Automation Arena Simulation Software Buffer Overflow Vulnerability (CNVD-2023-49823)

Rockwell Automation Arena Simulation Software is a suite of simulation software from Rockwell Automation that provides 3D animation and graphics capabilities. A buffer overflow vulnerability exists in Rockwell Automation Arena Simulation Software, which can be exploited by an attacker to execute...

Rockwell Automation Arena Simulation Software Buffer Overflow Vulnerability

Rockwell Automation Arena Simulation Software is a suite of simulation software from Rockwell Automation that provides 3D animation and graphics capabilities. A buffer overflow vulnerability exists in Rockwell Automation Arena Simulation Software, which can be exploited by an attacker to remotely...

Rockwell Automation Arena Simulation Software

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Arena Simulation Software Vulnerabilities: Incorrect Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

The vulnerability of the sub-component “Application” within the Oracle Financial Services Behavior Detection Platform of the banking analytics system’s simulation model. This vulnerability allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the sub-component “Application” within the Oracle Financial Services Behavior Detection Platform of a bank analytics system’s simulation model involves insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain...

Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...