B&R Industrial Automation Security Vulnerabilities

Siemens TIA Administrator Detection

The remote host is running Siemens TIA (Totally Integrated Automation) Administrator. This software is used to manage Siemens TIA...

CVE-2023-37305

An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public...

CVE-2023-37300

An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell...

Security Bulletin: IBM Event Streams are vulnerable in terms of both confidentiality and integrity. (CVE-2024-20918, CVE-2024-20926, CVE-2024-20952).

Summary IBM Event Streams are vulnerable in terms of both confidentiality and integrity. Multiple Java components within IBM Event Streams are susceptible to these vulnerabilities, enabling remote attackers to execute malicious actions through these components. Vulnerability Details ** CVEID:...

CVE-2023-37303

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

**Check Point Security Gateway RCE Exploit Tool...

Propovoice CRM <= 1.7.6.2 - Unauthenticated Stored Cross-Site Scripting

Description The Propovoice CRM – Best CRM & Invoicing Plugin to Manage Leads, Clients and Billings automation plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.6.2 due to insufficient input sanitization and output escaping. This makes it...

Siemens SIMATIC WinCC (TIA Portal) Detection

Siemens SIMATIC WinCC Totally Integrated Automation Portal (TIA Portal) is installed on the remote Windows host. This software is commonly used for engineering SIMATIC S7 programmable logic...

changedetection 0.45.20 Remote Code Execution Exploit

...

CVE-2023-38122

Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this....

CVE-2023-45674

Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot's web app that allows authenticated attackers to extract arbitrary data from its database (including the user table). This issue may lead to Information...

CVE-2021-42048

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero...

CVE-2021-42049

An issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information (such as PII). This allows oversighters to whitewash...

Oracle Web Determinations Detection

The remote web server hosts Oracle Web Determinations, a web-based interactive assessment system that is a component of Oracle Policy...

Security Bulletin: AIX is affected by a denial of service due to Python (CVE-2024-0450)

Summary Vulnerability in Python could allow a remote attacker to cause a denial of service (CVE-2024-0450). Python is used by AIX as part of Ansible node management automation. Vulnerability Details ** CVEID: CVE-2024-0450 DESCRIPTION: **Python CPython is vulnerable to a denial of service, caused.....

Siemens SIMATIC STEP 7 (TIA Portal) Detection

Siemens SIMATIC STEP 7 Totally Integrated Automation Portal (TIA Portal) is installed on the remote Windows host. This software is commonly used for engineering SIMATIC S7 programmable logic...

Exploit for Command Injection in Tp-Link Tapo C200 Firmware

TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE)...

CVE-2021-42045

An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a...

Operating System (OS) Detection (SNMP)

SNMP sysDescr based Operating System (OS)...

MovableType - Remote Command Injection

MovableType 5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8. 2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via...

Rockwell Automation MicroLogix 1100 PLC < Series B FRN 12.0 MitM Replay Authentication Bypass

The Rockwell Automation MicroLogix 1100 PLC integrated web server has a firmware version that is prior to Series B FRN 12.0. It is, therefore, affected by an authentication bypass vulnerability due to a failure to properly restrict session replays. A man-in-the-middle attacker via HTTP traffic can....

CVE-2023-35946

Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to write....

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell...

changedetection &lt; 0.45.20 - Remote Code Execution (RCE)

...

changedetection 0.45.20 Remote Code Execution

...

CVE-2024-28830

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions &lt;2.3.0p7, &lt;2.2.0p28, &lt;2.1.0p45 and &lt;=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files accessible to...

Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024

CVE-2024-4358 An Vulnerability detection and Mass...

Important: linux-firmware security update

The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329) hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine...

Important: linux-firmware security update

The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329) hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine...

Ivanti EPM Cloud Services Appliance Code Injection

Ivanti EPM Cloud Services Appliance (CSA) before version 4.6.0-512 is susceptible to a code injection vulnerability because it allows an unauthenticated user to execute arbitrary code with limited permissions...

StruxureWare SCADA Expert ClearSCADA Detection

StruxureWare SCADA Expert ClearSCADA (formerly Schneider Electric ClearSCADA), a suite of tools targeting factory and process automation solutions, is installed on the remote Windows...

CVE-2024-34707

Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges can modify the BANNER_TOP, BANNER_BOTTOM, and BANNER_LOGIN configuration settings via the /admin/constance/config/ endpoint. Normally these settings are used to provide custom banner text...

CVE-2023-50232

Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the...

Siemens SIMATIC TIA Portal Detection

The remote host is running Siemens SIMATIC TIA (Totally Integrated Automation) Portal. This software is commonly used for engineering SIMATIC S7 programmable logic...

Exploit for CVE-2022-36537

CVE-2022-36537 Summary R1Soft Server Backup Manager uses...

Apache APISIX - Remote Code Execution

A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. When the admin key was changed or the port of Admin API was changed to a port...

Loxone Smart Home Miniserver Web Server Version Detection

The remote device is a Loxone Smart Home Miniserver, a home automation solution. Nessus was able to extract the version from the web sever's...

WordPress BulletProof Security 5.1 Information Disclosure

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up....

Exploit for Code Injection in Vmware Spring Framework

Spring Core RCE/CVE-2022-22965 影响范围：JDK&gt;=9...

Exploit for Improper Authentication in Fit2Cloud Jumpserver

blackjump 中文 |...

Exploit for Improper Authentication in Fit2Cloud Jumpserver

blackjump 中文 |...

Siemens Web Server Login Page of Industrial Controllers Cross-Site Request Forgery (CVE-2022-30694)

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross- site request forgery attack. This plugin only works with Tenable.ot. Please visit...

CVE-2024-5990 ThinManager® ThinServer™ Improper Input Validation Vulnerability

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected...

Jenkins LTS < 2.277.2 / Jenkins weekly < 2.287 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.277.2 or Jenkins weekly prior to 2.287. It is, therefore, affected by multiple vulnerabilities: Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not...

CVE-2024-5990

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected...

CVE-2024-4563

The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit...

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability

A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.....

CVE-2023-45733

Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...

Exploit for Command Injection in Tp-Link Archer Ax21 Firmware

Description CVE-2023–1389 is an Unauthenticated Command...