Lucene search
K

47 matches found

ATTACKERKB
ATTACKERKB
added 2022/07/26 10:15 p.m.1 views

CVE-2022-29951

JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol configurable on ports 1024-65534 on either TCP or UDP for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing...

9.1CVSS7.2AI score0.00982EPSS
Exploits0References3
0day.today
0day.today
added 2022/03/10 12:0 a.m.405 views

Siemens S7-1200 - Unauthenticated Start / Stop Command Vulnerability

Exploit Title: Unauthenticated Siemens S7-1200 CPU Start/Stop Command Exploit Author: RoseSecurity Vendor Homepage: https://www.siemens.com/global/en.html Version: V4.5 and below Tested on: Siemens S7-1200 CPU: 1215C IP == PLC IP address Start Command curl -i -s -k -X $'POST' \ -H $'Host: ' -H...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/10 12:0 a.m.369 views

Siemens S7-1200 - Unauthenticated Start/Stop Command

Exploit Title: Unauthenticated Siemens S7-1200 CPU Start/Stop Command Date: 09/03/2022 Exploit Author: RoseSecurity Vendor Homepage: https://www.siemens.com/global/en.html Version: V4.5 and below Tested on: Siemens S7-1200 CPU: 1215C IP == PLC IP address Start Command curl -i -s -k -X $'POST' \ -...

0.2AI score
Exploits0
OSV
OSV
added 2021/10/22 12:15 p.m.6 views

CVE-2021-38481

The scheduler service running on a specific TCP port enables the user to start and stop jobs. There is no sanitation of the supplied JOB ID provided to the function. An attacker may send a malicious payload that can enable the user to execute another SQL expression by sending a specific string...

9.8CVSS5.9AI score0.00943EPSS
Exploits0References1
Prion
Prion
added 2021/10/22 12:15 p.m.28 views

Spoofing

The scheduler service running on a specific TCP port enables the user to start and stop jobs. There is no sanitation of the supplied JOB ID provided to the function. An attacker may send a malicious payload that can enable the user to execute another SQL expression by sending a specific string...

7.5CVSS9.7AI score0.00943EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/10/11 12:0 a.m.4 views

PT-2021-7667 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier Description: The issue is related to the use of hard-coded credentials in Adobe ColdFusion, which could result in application denial-of-service by gaining access to...

7.5CVSS7.2AI score0.44021EPSS
Exploits0References6
OSV
OSV
added 2020/09/09 7:15 p.m.4 views

CVE-2020-10049

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.10.2. The start-stop scripts for the services of the affected application could allow a local attacker to include arbitrary commands that are executed when services are started or stopped interactively by system...

7.3CVSS7.1AI score0.0026EPSS
Exploits0References1
Prion
Prion
added 2020/09/09 7:15 p.m.15 views

Design/Logic Flaw

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.10.2. The start-stop scripts for the services of the affected application could allow a local attacker to include arbitrary commands that are executed when services are started or stopped interactively by system...

4.4CVSS7.1AI score0.0026EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2020/05/15 12:0 a.m.3 views

Opto 22 SoftPAC Project Access Control Error Vulnerability

Opto 22 SoftPAC Project is an automation software suite from Opto 22 USA. The product is capable of providing industrial automation, process control, building automation, remote monitoring, data acquisition and industrial IoT. An Access Control Error vulnerability exists in Opto 22 SoftPAC Projec...

9.1CVSS7.1AI score0.01074EPSS
Exploits0References1
ICS
ICS
added 2020/03/03 12:0 a.m.74 views

ICSA-20-063-02_PHOENIX CONTACT Emalytics Controller ILC

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Phoenix Contact Equipment: Emalytics Controller ILC 2050 BIL Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability...

9.4CVSS9.5AI score0.01846EPSS
Exploits0References2
OSV
OSV
added 2019/10/24 4:15 p.m.5 views

CVE-2019-5013

An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the start/stopLaunchDProcess command. The command takes a user-supplied string argument and executes launchctl under root context. A user with local access can use this...

7.8CVSS5.9AI score0.00597EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/26 12:0 a.m.4 views

Siemens SIMATIC S7-300 PLC Privilege Bypass Vulnerability

The Siemens SIMATIC S7-300 CPU is a modular general-purpose controller from Siemens for the manufacturing industry. The Siemens SIMATIC S7-300 PLC module is vulnerable to an unauthorized, execute CPU attack via privilege bypass. An attacker can construct special application layer data messages th...

7.3AI score
Exploits0
CNVD
CNVD
added 2019/07/11 12:0 a.m.2 views

Privilege Bypass Vulnerability in Schneider Electric P3420 PLC Module

Schneider Electric Modicon M340 PLC is a programmable controller product of Schneider Electric France. A privilege bypass vulnerability exists in the Schneider Electric P3420 PLC module. An attacker can cause the PLC to start and stop by constructing PLC start-stop data messages using private...

6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2019/04/30 12:0 a.m.17 views

PT-2019-16789 · Crestron · Crestron Am-100 +1

Name of the Vulnerable Software and Affected Versions: Crestron AM-100 version 1.6.0.2 Crestron AM-101 version 2.7.0.2 Description: The issue allows a remote, unauthenticated attacker to act as a moderator for a slide show by sending crafted HTTP POST requests to the "conference.cgi" endpoint. Th...

9.1CVSS9.2AI score0.03334EPSS
Exploits1References2
CNVD
CNVD
added 2018/04/12 12:0 a.m.5 views

Remote Control Vulnerability in MAC1100 PLCs

The MAC1100 PLC Programmable Logic Controller PLC is a product in the Dalian Computer Control DCCE Programmable Logic Controller PLC series. A remote control vulnerability exists in the MAC1100 PLC. An attacker can use the vulnerability to remotely and directly control the start and stop of the...

7AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/03/19 2:29 a.m.32 views

CVE-2017-18240

The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL when the service is...

5.5CVSS6.5AI score0.00374EPSS
Exploits0References1
Kitploit
Kitploit
added 2018/02/03 1:0 p.m.31 views

ICMPExfil - Exfiltrate data with ICMP

ICMP Exfil allows you to transmit data via valid ICMP packets. You use the client script to pass in data you wish to exfiltrate, then on the device you're transmitting to you run the server. Anyone watching-- human or security system-- will just see valid ICMP packets, there's nothing malicious...

7AI score
Exploits0References1
CNVD
CNVD
added 2017/08/04 12:0 a.m.6 views

Siemens 300/400 Series PLC Remote Control Vulnerability

Programmable controller PLC is developed on the basis of relay control and computer control, and gradually developed into a new type of industrial automatic control device based on microprocessor and integrating modern technologies such as computer technology, automatic control technology and...

7AI score
Exploits0References1
0day.today
0day.today
added 2015/12/14 12:0 a.m.42 views

Siemens Simatic S7 1200 CPU Command Module (MSF) Exploit

Exploit for hardware platform in category remote exploits Exploit Title: Simatic S7 1200 CPU command module Date: 15-12-2015 Exploit Author: Nguyen Manh Hung Vendor Homepage: http://www.siemens.com/ Tested on: Siemens Simatic S7-1214C CVE : None require 'msf/core' class Metasploit3 'Simatic S7-12...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2015/12/14 12:0 a.m.30 views

Siemens Simatic S7 1200 - CPU Command Module (Metasploit)

Siemens Simatic S7 1200 - CPU Command Module Metasploit Exploit Title: Simatic S7 1200 CPU command module Date: 15-12-2015 Exploit Author: Nguyen Manh Hung Vendor Homepage: http://www.siemens.com/ Tested on: Siemens Simatic S7-1214C CVE : None require 'msf/core' class Metasploit3 'Simatic S7-1200...

7.5AI score
Exploits0
Rows per page
Query Builder