EUVD-2022-24503

Malicious code in bioql PyPI...

EUVD-2023-12816

Malicious code in bioql PyPI...

CVE-2024-33687

Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and NX Series CPU Unit all versions. If a user program in the affected product is altered, the product may not be able to detect the alteration...

CVE-2019-10943

A vulnerability has been identified in SIMATIC Drive Controller family All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC incl. SIPLUS variants All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 incl. SIPLUS variants All versions = V20.8, SIMATIC S7-1200 CPU family incl. SIPL...

CVE-2022-49840 bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()

In the Linux kernel, the following vulnerability has been resolved: bpf, testrun: Fix alignment problem in bpfprogtestrunskb We got a syzkaller problem because of aarch64 alignment fault if KFENCE enabled. When the size from user bpf program is an odd number, like 399, 407, etc, it will cause the...

CVE-2024-33687

Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and NX Series CPU Unit all versions. If a user program in the affected product is altered, the product may not be able to detect the alteration...

CVE-2024-33687

CVE-2024-33687 concerns Omron NJ/NX series CPU units (all versions) with an insufficient verification of data authenticity (CWE-345). The issue allows altered user programs to potentially go undetected. Root cause is improper verification of data authenticity in affected devices. Impact notes fro...

CVE-2022-1161 ICSA-22-090-05 Rockwell Automation Logix Controllers

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to chang...

CVE-2022-1161

CVE-2022-1161 affects Rockwell Automation’s Logix platforms (ControlLogix, CompactLogix, GuardLogix) via Studio 5000 Logix Designer. The root cause is that Studio 5000 writes user‑readable program code to a separate location from the executed compiled code, enabling an attacker to modify one copy...

Rockwell Automation Logix Controllers

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Logix Controllers Vulnerability: Inclusion of Functionality from Untrusted Control Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an...

Siemens SIMATIC S7-1200 and S7-1500 CPU Families Missing Support For Integrity Check (CVE-2019-10943)

An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the...

Siemens SIMATIC S7-1200 Improper Privilege Management (CVE-2016-2846)

Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a user program block protection mechanism via unspecified vectors. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 70300 C Tenable...

CVE-2021-37401

An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded...

CVE-2021-37400

An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded...

CVE-2021-37401

IDEC PLCs are affected by CVE-2021-37401 (Plaintext storage of a password). The trusted‑credentials leakage occurs when an attacker obtains user credentials from file servers, backup repositories, or ZLD files saved on SD cards, enabling unauthorized PLC program upload/alteration/download. The jo...

Siemens Simatic Improper Access Control

A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC incl. SIPLUS variants All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 incl. SIPLUS variants All versions = 20.8, SIMATIC ET200SP incl. SIPLUS variants Open Controller CPU 1515SP PC All versions,...

CVE-2019-10943

A vulnerability has been identified in SIMATIC Drive Controller family All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC incl. SIPLUS variants All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 incl. SIPLUS variants All versions = V20.8, SIMATIC S7-1200 CPU family incl. SIPL...

CVE-2019-10943

A vulnerability has been identified in SIMATIC Drive Controller family All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC incl. SIPLUS variants All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 incl. SIPLUS variants All versions = V20.8, SIMATIC S7-1200 CPU family incl. SIPL...

Code injection

A vulnerability has been identified in SIMATIC Drive Controller family All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC incl. SIPLUS variants All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 incl. SIPLUS variants All versions = V20.8, SIMATIC S7-1200 CPU family incl. SIPL...

CVE-2019-10943

A vulnerability has been identified in SIMATIC Drive Controller family All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC incl. SIPLUS variants All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 incl. SIPLUS variants All versions = V20.8, SIMATIC S7-1200 CPU family incl. SIPL...