91 matches found
PT-2022-3094 · Omron · Sysmac Studio +1
Name of the Vulnerable Software and Affected Versions: Omron SYSMAC Nx product family PLCs NJ series, NY series, NX series, and PMAC series through 2022-005-18 Description: The issue is related to the lack of cryptographic authentication in the Omron SYSMAC Nx product family PLCs. This allows an...
Omron SYSMAC CS/CJ/CP Series and NJ/NX Series Cleartext Transmission of Sensitive Information (CVE-2022-31204, CVE-2022-31207)
The device may be vulnerable to flaws related to OT:ICEFALL. These vulnerabilities identify the insecure-by-design nature of OT devices and may not have a clear remediation path. As such, Nessus is unable to test specifically for these vulnerabilities but has identified the device to be one that...
PT-2022-3476 · Omron · Sysmac Studio +4
Name of the Vulnerable Software and Affected Versions: Machine automation controller NJ series versions 1.48 and earlier Machine automation controller NX7 series versions 1.28 and earlier Machine automation controller NX1 series versions 1.48 and earlier Automation software 'Sysmac Studio' versio...
APT Cyber Tools Targeting ICS/SCADA Devices
Summary Actions to Take Today to Protect ICS/SCADA Devices: • Enforce multifactor authentication for all remote access to ICS networks and devices whenever possible. • Change all passwords to ICS/SCADA devices and systems on a consistent schedule, especially all default passwords, to device-uniqu...
Feds: APTs Have Tools That Can Take Over Critical Infrastructure
Threat actors have built and are ready to deploy tools that can take over a number of widely used industrial control system ICS devices, which spells trouble for critical infrastructure providers—particularly those in the energy sector, federal agencies have warned. In a joint advisory, the...
[NB07-17] Multiple vulnerabilities in Takebishi Electric DeviceXplorer SYSMAC OPC server
Multiple vulnerabilities in Takebishi Electric DeviceXplorer SYSMAC OPC server ============================================================================ == OPC servers provide a standard way to interoperate automation and control systems, bridging data from several industrial protocols such as...
Takebishi Electric DeviceXPlorer OPC服务器远程代码执行漏洞
OPC OLE for Process Control 是一款为保证工业软件和设备的互联性而制订的程序接口国际标准。 Takebishi Electric DeviceXPlorer OPC服务器存在设计错误,远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 通过OPCDA接口,可导致在OPC Server上访问任意内存,可导致执行任意指令。如下版本的DeviceXPlorer OPC Server受此漏洞影响: DeviceXPlorer MELSEC OPC Server DeviceXPlorer SYSMAC OPC Server DeviceXPlorer FA-M3 O...
CVE-2007-1319
Unspecified vulnerability in the IOPCServer::RemoveGroup function in the OPCDA interface in Takebishi Electric DeviceXPlorer OLE for Process Control OPC Server before 3.12 Build3 allows remote attackers to execute arbitrary code via unspecified vectors involving access to arbitrary memory. NOTE:...
Code injection
Unspecified vulnerability in the IOPCServer::RemoveGroup function in the OPCDA interface in Takebishi Electric DeviceXPlorer OLE for Process Control OPC Server before 3.12 Build3 allows remote attackers to execute arbitrary code via unspecified vectors involving access to arbitrary memory. NOTE:...
CVE-2007-1319
The CVE refers to an arbitrary code execution vulnerability in the Takebishi DeviceXPlorer OPC Server family (HIDIC, SYSMAC, MELSEC, FA-M3, MODBUS) via the OPC DA interface. The issue stems from the server implementation of the IOPCServer::RemoveGroup method, which can access arbitrary memory and...
CVE-2007-1319
Unspecified vulnerability in the IOPCServer::RemoveGroup function in the OPCDA interface in Takebishi Electric DeviceXPlorer OLE for Process Control OPC Server before 3.12 Build3 allows remote attackers to execute arbitrary code via unspecified vectors involving access to arbitrary memory. NOTE:...