The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest (level 100) context, granting read/write privileges to any party able to reach the HTTP interface. Authentication controls are only enforced after a web user is created via U.htm, which dynamically enables the user module. Because this function is accessible prior to authentication, a remote user can create a new account with administrative read/write permissions enabling the user module and imposing authentication under attacker-controlled credentials. This action can effectively lock legitimate operators out of local and web-based configuration and administration.
Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects . All firmware versions with the Serial Number from 2000 to 5166
An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network-based attacker to delete data causing denial of service conditions.
Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.
Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02
Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
Improper Input Validation vulnerability allows Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R series CPU modules, MELSEC iQ-R series, MELSEC iQ-L series, MELSEC Q series, MELSEC-L series, Mitsubishi Electric CNC M800V/M80V series, Mitsubishi Electric CNC M800/M80/E80 series and Mitsubishi Electric CNC M700V/M70V/E70 series allows a remote unauthenticated attacker to execute arbitrary commands by sending specific packets to the affected products. This could lead to disclose or tamper with information by reading or writing control programs, or cause a denial-of-service (DoS) condition on the products by resetting the memory contents of the products to factory settings or resetting the products remotely.
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device.
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution.
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.
A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier.
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryTalk AssetCentre.
A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements.
A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.
The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements.
A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.
The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements.
A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in FactoryTalk AssetCentre.
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endpoints that deserialize untrusted data without sufficiently verifying that the resulting data will be valid. This vulnerability may allow a remote, unauthenticated attacker to gain full access to the FactoryTalk AssetCentre main server and all agent machines.
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users.
In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly.
The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.
An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution.
A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.
An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service.
An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. User is able to execute arbitrary OS commands on the server.
An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code.
The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the attacker to affect the availability, integrity, and confidentiality of the device.
In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as --compress-prog) in allowlist mode, leading to approval-free execution paths that were intended to require approval. Only an exact string such as --compress-program was denied.
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Honeywell also recommends updating to the most recent version of this product.
Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
Dangerous File Upload vulnerabilities allow upload of malicious scripts. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability.
Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability.
An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request.
An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to perform Administrative actions using service accounts.
A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to execute arbitrary commands with root privileges.
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts the OPTIONS method. An attacker could potentially use this information to carry out other attacks. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts access by IP address. When a worm that randomly searches for IP addresses intrudes into the network, it could potentially be attacked by the worm. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
Delta Electronics DIAView has multiple vulnerabilities.
Delta Electronics DIAView has multiple vulnerabilities.
WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie's 'name' and 'roles' parameters to elevate from ordinary user to administrative privileges without authentication.
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email claim, allowing a remote unauthenticated attacker to generate arbitrary tokens and impersonate any DeviceOn account, including the root super admin. Successful exploitation permits full administrative control of the DeviceOn instance and can be leveraged to execute code on managed agents through DeviceOn’s remote management features.
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘search_term’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges.
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_config_id’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords.
A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electric smartRTU, or cause a denial-of service condition on the product.
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 all versions, G-50-W all versions, G-50A all versions, GB-50 all versions, GB-50A all versions, GB-24A all versions, G-150AD all versions, AG-150A-A all versions, AG-150A-J all versions, GB-50AD all versions, GB-50ADA-A all versions, GB-50ADA-J all versions, EB-50GU-A all versions, EB-50GU-J all versions, AE-200J all versions, AE-200A all versions, AE-200E all versions, AE-50J all versions, AE-50A all versions, AE-50E all versions, EW-50J all versions, EW-50A all versions, EW-50E all versions, TE-200A all versions, TE-50A all versions, TW-50A all versions, and CMS-RMD-J all versions allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information.
Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings. This issue affects GX10 / GX20 / GP10 / GP20 Paperless Recorders: R5.04.01 or earlier; GM Data Acquisition System: R5.05.01 or earlier; DX1000 / DX2000 / DX1000N Paperless Recorders: R4.21 or earlier; FX1000 Paperless Recorders: R1.31 or earlier; μR10000 / μR20000 Chart Recorders: R1.51 or earlier; MW100 Data Acquisition Units: All versions; DX1000T / DX2000T Paperless Recorders: All versions; CX1000 / CX2000 Paperless Recorders: All versions.
Delta Electronics COMMGR v1 and v2 uses insufficiently randomized values to generate session IDs (CWE-338). An attacker could easily brute force a session ID and load and execute arbitrary code.
Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to insecure storage of FactoryTalk® Security user tokens, which could allow a threat actor to steal a token and, impersonate another user.
A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to storing credentials in the configuration file of EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, or ArchiveLogCleanUp packages.
An encryption vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to a weak encryption methodology and could allow a threat actor to extract passwords belonging to other users of the application.
Moxa’s cellular routers, secure routers, and network security appliances are affected by a critical vulnerability, CVE-2024-9140. This vulnerability allows OS command injection due to improperly restricted commands, potentially enabling attackers to execute arbitrary code. This poses a significant risk to the system’s security and functionality.
A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point.
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "capture_packages" operation.
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "restore_config_from_utility" operation.
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "backup_config_to_utility" operation.
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "wlan_scan" operation.
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "cfg_cmd_set_eth_conf" operation.
Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication.
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product.
A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution.
Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability.
A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. This vulnerability exists due to the lack of proper data input validation, which allows files to be overwritten.
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime.
The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers to gain remote code execution with elevated privileges on the affected devices. This issue affects DVW-W02W2-E2 through version 2.5.2.
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.
Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.
Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted packet.
The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients.
A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M to 1.626C, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device.
Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device.
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges.
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet.
Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server.
In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.
In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.
Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information.
A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a threat actor would have to send a maliciously crafted CIP request to device.
Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets. The device has the functionality, through a CIP class, to execute exported functions from libraries. There is a routine that restricts it to execute specific functions from two dynamic link library files. By using a CIP class, an attacker can upload a self-made library to the device which allows the attacker to bypass the security check and execute any code written in the function.
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability. Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and potentially gain remote code execution abilities.
All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.
Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.
Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning.
Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning.
Controller DoS due to stack overflow when decoding a message from the server. See Honeywell Security Notification for recommendations on upgrading and versioning.
Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation. See Honeywell Security Notification for recommendations on upgrading and versioning.
Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.
Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users.
FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later)
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.
Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service.
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator.
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass.
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated attacker to remotely execute arbitrary code.
In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution.
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacker may read/write in arbitrary area of the device memory, which may lead to overwriting the firmware, causing a denial-of-service (DoS) condition, and/or arbitrary code execution.
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization.
In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory.
Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier) allows a remote unauthenticated attacker to disclose information in the products or cause a denial of service (DoS) condition as a result by sniffing credential information (username and password). The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.
Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. This path traversal could result in remote code execution.
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to the administrator group.
Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces (APIs). This could create arbitrary files, which could be used in API operations and could ultimately result in remote code execution.
The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when deserialized, could activate an opcode for a backup scheduling function without authentication. This function allows the user to designate all function arguments and the file to be executed. This could allow the attacker to start any new process and achieve remote code execution.
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization.
Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution.
Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution.
The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.
The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.
Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of service. The Honeywell ControlEdge PLC and RTU product line exposes an SSH service on port 22/TCP. Login as root to this service is permitted and credentials for the root user are hardcoded without automatically changing them upon first commissioning. The credentials for the SSH service are hardcoded in the firmware. The credentials grant an attacker access to a root shell on the PLC/RTU, allowing for remote code execution, configuration manipulation and denial of service.
Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0053, there is a Honeywell Experion PKS Safety Manager insufficient logic security controls issue. The affected components are characterized as: Honeywell FSC runtime (FSC-CPU, QPP), Honeywell Safety Builder. The potential impact is: Remote Code Execution, Denial of Service. The Honeywell Experion PKS Safety Manager family of safety controllers utilize the unauthenticated Safety Builder protocol (FSCT-2022-0051) for engineering purposes, including downloading projects and control logic to the controller. Control logic is downloaded to the controller on a block-by-block basis. The logic that is downloaded consists of FLD code compiled to native machine code for the CPU module (which applies to both the Safety Manager and FSC families). Since this logic does not seem to be cryptographically authenticated, it allows an attacker capable of triggering a logic download to execute arbitrary machine code on the controller's CPU module in the context of the runtime. While the researchers could not verify this in detail, the researchers believe that the microprocessor underpinning the FSC and Safety Manager CPU modules is incapable of offering memory protection or privilege separation capabilities which would give an attacker full control of the CPU module. There is no authentication on control logic downloaded to the controller. Memory protection and privilege separation capabilities for the runtime are possibly lacking. The researchers confirmed the issues in question on Safety Manager R145.1 and R152.2 but suspect the issue affects all FSC and SM controllers and associated Safety Builder versions regardless of software or firmware revision. An attacker who can communicate with a Safety Manager controller via the Safety Builder protocol can execute arbitrary code without restrictions on the CPU module, allowing for covert manipulation of control operations and implanting capabilities similar to the TRITON malware (MITRE ATT&CK software ID S1009). A mitigating factor with regards to some, but not all, of the above functionality is that these require the Safety Manager physical keyswitch to be in the right position.
The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS (9600/TCP) protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication flaws as reported in FSCT-2022-0057. Control logic is downloaded to PLC volatile memory using the FINS Program Area Read and Program Area Write commands or to non-volatile memory using other commands from where it can be loaded into volatile memory for execution. The logic that is loaded into and executed from the user program area exists in compiled object code form. Upon execution, these object codes are first passed to a dedicated ASIC that determines whether the object code is to be executed by the ASIC or the microprocessor. In the former case, the object code is interpreted by the ASIC whereas in the latter case the object code is passed to the microprocessor for object code interpretation by a ROM interpreter. In the abnormal case where the object code cannot be handled by either, an abnormal condition is triggered and the PLC is halted. The logic that is downloaded to the PLC does not seem to be cryptographically authenticated, thus allowing an attacker to manipulate transmitted object code to the PLC and either execute arbitrary object code commands on the ASIC or on the microprocessor interpreter.
The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software (which compiles IEC 61131-3 conformant POU code to native machine code for execution by the PLC's runtime). The resulting machine code is executed by a runtime, typically controlled by a real-time operating system. The logic that is downloaded to the PLC does not seem to be cryptographically authenticated, allowing an attacker to manipulate transmitted object code to the PLC and execute arbitrary machine code on the processor of the PLC's CPU module in the context of the runtime. In the case of at least the NJ series, an RTOS and hardware combination is used that would potentially allow for memory protection and privilege separation and thus limit the impact of code execution. However, it was not confirmed whether these sufficiently segment the runtime from the rest of the RTOS.
Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, and Mitsubishi Electric MC Works64 versions 4.04E and prior allows a remote unauthenticated attacker to execute an arbitrary malicious code by sending specially crafted packets to the GENESIS64, ICONICS Suite, GENESIS32, or MC Works64 server.
In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller.
In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. An attacker may perform authentication by specifying a small password that matches the corresponding part of the longer real CODESYS Gateway password.
Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number "24061" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number "24061" or prior and Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware version "08" or prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on the target products by sending specially crafted packets.
The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_rltHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_privgrpHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegf. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability.
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state).
Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code.
Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00
The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00.
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved.
The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage.
Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A (10.95.201.23) to 4.04E (10.95.210.01), ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI versions 10.95.3 to 10.97 allows a remote unauthenticated attacker to bypass the authentication of MC Works64, GENESIS64, Hyper Historian, AnalytiX and MobileHMI, and gain unauthorized access to the products, by sending specially crafted WebSocket packets to FrameWorX server, one of the functions of the products.
Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.
Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords
A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter agid before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER.
A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter type before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER.
A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egyid before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER.
A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER.
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges.
Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code.
An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability.
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if the credentials are incorrect.
A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability.
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.
CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.
CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.
CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.
CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.
Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack.
Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800.
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'.
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.
Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code execution.
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code.
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication.
The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords.
A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series Industrial Video Servers.
Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands.
Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.
A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior.
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior.
The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documented functionality that helps customer set up however, out of our research, we found multiple production systems running these exact default credentials and consider thereby this an exposure that should be mitigated. Moreover, future deployments should consider that these defaults should be forbidden (user should be forced to change them).
Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code.
Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account.
Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.
Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code.
Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors.
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed.
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.
ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.
For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. An attacker who successfully exploited this vulnerability could take full control of the computer.
Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories. Honeywell has released a firmware update to address the problem.
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service.
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force.
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication.
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unauthorized access.
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console.
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary code.
In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCPtcp/8082, which can insecurely deserialize untrusted data.
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller.
Resource Management Errors vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet.
TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to bypass access restriction and to stop the network functions or execute malware via a specially crafted packet.
Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet.
TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier does not properly manage sessions, which allows remote attackers to stop the network functions or execute malware via a specially crafted packet.
Buffer error vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet.
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A Buffer overflow in the built-in web server allows remote attackers to initiate DoS, and probably to execute arbitrary code (issue 1 of 2).
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Insufficient password requirements for the MGate web application may allow an attacker to gain access by brute-forcing account passwords.
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access.
Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function Module(R12CCPU-V Ethernet port (CH1, CH2): First 2 digits of serial number 11 or before, and RD55UP06-V Ethernet port: First 2 digits of serial number 08 or before), and MELIPC Series MI5000(MI5122-VW Ethernet port (CH1): First 2 digits of serial number 03 or before, or the firmware version 03 or before) allow remote attackers to cause a denial of service and/or malware being executed via unspecified vectors.
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet.
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet.
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet.
An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.
Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.
An exploitable heap buffer overflow vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.
An exploitable stack buffer overflow vulnerability exists in the command line utility getcouplerdetails of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets sent to the iocheckd service "I/O-Check" can cause a stack buffer overflow in the sub-process getcouplerdetails, resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.
An exploitable heap buffer overflow vulnerability exists in the iocheckd service ''I/O-Chec'' functionality of WAGO PFC 200 Firmware version 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.
An exploitable stack buffer overflow vulnerability exists in the iocheckd service ''I/O-Check'' functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12) and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a stack buffer overflow, resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability.
In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code with the privileges of the user running DiagAnywhere Server.
Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability.
In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, all versions, the software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.
In Omron PLC CJ series, all versions and Omron PLC CS series, all versions, an attacker could spoof arbitrary messages or execute commands.
Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages.
In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device.
CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Buffer Overflow.
Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products.
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator.
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication.
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php provides users with the ability to ping sites or IP addresses via Mobile Connection Test. When the Mobile Connection Test is submitted, action.php is called to execute the test. An attacker can use a shell command separator (;) in the host variable to execute operating system commands upon submitting the test data.
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and mitsadmin are able to escalate privileges to root without supplying a password due to insecure entries in /etc/sudoers on the RTU.)
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU. An unauthenticated user can obtain the exposed password credentials to gain access to the following services: DDNS service, Mobile Network Provider, and OpenVPN service.
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware updates. In other words, these devices use private-key values in /etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_ecdsa_key, and /etc/ssh/ssh_host_dsa_key files that are publicly available from the vendor web sites.
CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow.
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution.
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message.
An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All variants of the following CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control V3 Runtime System Toolkit, CODESYS Gateway V3, CODESYS V3 Development System.
A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may boot-up the terminal and gain root-level access to the device’s file system.
Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11424.
Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. Any commands (including device reboot, configuration download or upload, or firmware upgrade) are accepted and executed by the device without authentication.
Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to remote unauthenticated disclosure of sensitive information, including the administrator's password. Under certain conditions, it's also possible to retrieve additional information, such as content of HTTP requests to the device, or the previously used password, due to memory leakages.
There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 17042015 and prio,r a different vulnerability than CVE-2018-11423.
A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functions except for password change.
Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at ntdll!RtlQueueWorkItem+0x00000000000005e3.
Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at image00400000+0x000000000017a45e.
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call.
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call.
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET.
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key.
An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user.
The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access.
Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to capture sensitive data such as an administrative password.
Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code.
A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.
An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution.
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution.
Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol (CIP) network stack. The vulnerability allows the attacker to crash the CIP in a way that it does not accept new connections, but keeps the current connections active, which can prevent legitimate users from recovering control.
A vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. An input validation issue in a .dll file of RSLinx Classic where the data in a Forward Open service request is passed to a fixed size buffer, allowing an attacker to exploit a stack-based buffer overflow condition.
The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and allow changes to the product’s configuration or program. When applicable, upgrade product firmware to a version that includes enhanced security functionality compatible with Rockwell Automation's FactoryTalk Security services.
Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.
Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.
Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device.
Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution.
Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack.
Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories.
License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypass access restriction to send malicious files to the PC where License Manager Service runs via unspecified vectors.
Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter.
In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials.
Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors.
Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing configuration settings such as IP addresses.
Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code.
Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.
Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers.
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code.
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC.
An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC.
ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability.
Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution.
The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 allows an attacker to conduct Access Control attacks via the /FlexiCapture12/Login/Server/SevaUserProfile FlexiCaptureTmsSts2 parameter.
In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass.
In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application.
In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, a buffer overflow vulnerability exist in cgi program "set".
In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly authenticating remote users.
Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.
A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200 Series (All versions < V3.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions >= V3.0 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (V2.4.X_with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions =< V2.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 400 systems (All versions _with_ Siemens Healthineers Informatics products). A factory account with hardcoded password might allow attackers access to the device over port 5900/tcp. Successful exploitation requires no user interaction or privileges and impacts the confidentiality, integrity, and availability of the affected device. At the time of advisory publication, no public exploitation of this security vulnerability is known. Siemens Healthineers confirms the security vulnerability and provides mitigations to resolve the security issue.
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash.
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application to crash.
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length heap buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application to crash.
In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access.
In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the configuration files and application pages without authentication.
In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution.
In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths. Once the internal password file is retrieved, the password hash can be identified using a brute force attack. There is also an exploit allowing running of commands after authorization.
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code.
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code.
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code.
A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution.
An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization.
A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to discover an administrative account. If default on device, it is not using a SSL in settings and if multiple request of the page "Access Control" (IP-address device/ups/pas_cont.htm) account data will be sent in cleartext
An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to get a full access to device, bypassing the authorization system.
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks.
Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules.
An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices.
A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation could allow to cause a denial-of-service, or read and manipulate data as well as configuration settings of the affected device. At the stage of publishing this security advisory no public exploitation is known. Siemens provides mitigations to resolve it.
A buffer overflow vulnerability exist in the web-based GUI of Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to execute arbitrary code.
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'model_name' or 'mac_address'.
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'network.ieee8021x.delete_certs'.
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'system.opkg.remove'.
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gain administrator privileges because the use of hardcoded credentials.
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and get the administrator privileges.
A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions.
A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted request may cause a buffer overflow and could therefore execute arbitrary code on the web server or lead to a denial-of-service condition due to a crash in the web server.
An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.3.X and 2.4.X. An attacker can execute different unauthenticated remote operations because of the CoDeSys Runtime application, which is available via network by default on Port 2455. An attacker could execute some unauthenticated commands such as reading, writing, or deleting arbitrary files, or manipulate the PLC application during runtime by sending specially-crafted TCP packets to Port 2455.
The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter).
OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct request to the .html file for a specific screen, as demonstrated by monitor.html.
A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability has been identified. Attackers can exploit this vulnerability to access SoftCMS without knowing the user's password.
An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to craft special HTTP requests allowing an attacker to bypass web-service authentication allowing the attacker to obtain administrative privileges on the device.
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack.
A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network.
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method.
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to execute arbitrary code on the affected device.
A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution with high privileges.
A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server.
A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-privilege credentials.
A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files.
A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.
An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system to crash.
A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process.
An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authentication bypass that could allow remote code execution.
WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation.
WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management.
A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with network access to the SiPass integrated server to bypass the authentication mechanism and perform administrative operations.
A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453 that could allow an unauthenticated remote user to upload arbitrary code and execute it with the permissions of the operating-system user running the web server by sending specially crafted network packets to port 443/TCP or port 80/TCP.
A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow a remote attacker to execute arbitrary code in the context of a highly privileged account.
A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected products use a numeric password with a small maximum character size for the password.
A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected product reuses nonces, which may allow an attacker to capture and replay a valid request until the nonce is changed.
An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. User credentials are sent to the web server using the HTTP GET method, which may result in the credentials being logged. This could make user credentials available for unauthorized retrieval.
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. There are no penalties for repeatedly entering incorrect passwords.
An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download.
An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application.
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. An attacker can freely use brute force to determine parameters needed to bypass authentication.
A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application's configuration file contains parameters that represent passwords in plaintext.
An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution.
A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A malicious user could overflow the stack buffer by providing overly long strings to functions that handle the XML. Because the function does not verify string size before copying to memory, the attacker may then be able to crash the application or run arbitrary code.
A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages.
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified.
A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0.
Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and uploaded.
Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product.
An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is installed by default. The default system account is difficult to configure with non-default credentials after installation, and changing the default credentials in the embedded Tableau Server is not documented. If Tableau Server is used with Windows integrated security (Active Directory), the software is not vulnerable. However, when Tableau Server is used with local authentication mode, the software is vulnerable. The default system account could be used to gain unauthorized access.
An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succeed, but it will reset the password of the admin user to its default value.
An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files.
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text.
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password.
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Firmware can be updated over the network without authentication, which may allow remote code execution.
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. An attacker can freely use brute force to determine parameters needed to bypass authentication.
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Administration passwords can be retried without authenticating.
An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. The SoftCMS Application does not properly sanitize input that may allow a remote attacker access to SoftCMS with administrator's privilege through specially crafted input (SQL INJECTION).
An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP.
An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device.
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes.
A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP.
The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 prior to version v2635_SP1 could allow an attacker with network access to the web server to obtain administrative credentials under certain circumstances.
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields.
SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets.
Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value.
Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary code, via unspecified vectors.
Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value.
The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript code.
Stack-based buffer overflow on Rockwell Automation Allen-Bradley MicroLogix 1100 devices A through 15.000 and B before 15.002 allows remote attackers to execute arbitrary code via a crafted web request.
Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC request.
Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors.
Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors.
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.
Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors.
The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service.
Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scripts. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.This issue affects ABB Ability Edgenius: 3.2.0.0, 3.2.1.1.
Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.
The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. To exploit this vulnerability, a malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS). Exploitation of a CSRF could potentially lead to sensitive information disclosure and full remote access to the affected products.
Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207.
The Honeywell Experion PKS and OneWireless WDM contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in a failure during subtraction allowing remote code execution. Honeywell recommends updating to the most recent version of Honeywell Experion PKS:520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1. The affected Experion PKS products are C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E. The Experion PKS versions affected are from 520.1 through 520.2 TCU9 and from 530 through 530 TCU3. The OneWireless WDM affected versions are 322.1 through 322.4 and 330.1 through 330.3.
Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02
The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.
Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default. This could potentially allow attackers unauthorized access to the device through the open ports.
The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.
For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5. an XML External Entity Injection vulnerability exists that allows an attacker to read or call arbitrary files from the license server and/or from the network and also block the license handling.
An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP.
An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device.
Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder.
The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data.
Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System
Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in MELSOFT connection, or to stop the operation of the CPU module (causing a DoS condtion on the CPU module), by sending specially crafted packets. The product is needed to reset for recovery.
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not.
An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files that could result in subsequent execution of a malicious application if triggered. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.
Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages.
Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program.
In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z, and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.065T allows a remote unauthenticated attacker to disclose or tamper with sensitive information. As a result, unauthenticated attackers may obtain information about project files illegally.
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS.
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.
Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access (CDA) EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell Control Data Access (CDA) EpicMo (55565/TCP). The potential impact is: Firmware manipulation, Denial of service. The Honeywell Experion LX Distributed Control System (DCS) utilizes the Control Data Access (CDA) EpicMo protocol (55565/TCP) for device diagnostics and maintenance purposes. This protocol does not have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. There is no authentication functionality on the protocol in question. An attacker capable of invoking the protocols' functionalities could issue firmware download commands potentially allowing for firmware manipulation and reboot devices causing denial of service.
On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper validation of an integrity check value in all versions of the firmware.
On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute utility integrated in the WebUI to execute arbitrary code with root privileges on the OS due to an improper input validation in all versions of the firmware.
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote attacker to disclose or tamper with a file in which password hash is saved in cleartext.
Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to disclose or tamper with the information in the product by using an eavesdropped password hash.
Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution.
Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password.
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.
On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges.
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet.
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to controllable loop counter variable via a crafted lldp packet.
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO 750-862, WAGO 750-891, WAGO 750-890/xxx-xxx in versions FW03 and prior versions.
A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.
Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing or editing user profiles and application settings.
The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific uniform resource locator (URL) , violating the access-control (ACL) rules. This issue allows obtaining sensitive information that may aid in further attacks and privilege escalation.
In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser.
An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges.
An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.02(14), 03.01.07(13), and 03.00.39(12). A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An attacker can send an authenticated HTTPS POST request to direct the Cloud Connectivity software to connect to an attacker controlled Azure IoT Hub node.
An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.
An exploitable denial of service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of service, resulting in the device entering an error state where it ceases all network communications. An attacker can send unauthenticated packets to trigger this vulnerability.
An exploitable denial-of-service vulnerability exists in the iocheckd service ‘’I/O-Chec’’ functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC 100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of service, resulting in the device entering an error state where it ceases all network communications. An attacker can send unauthenticated packets to trigger this vulnerability.
Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot.
Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbitrary ADS packets when legitimate ADS traffic is observable.
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection.
An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to change UPS control and shutdown parameters or other critical settings without authorization.
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow a remote attacker to delete arbitrary system file due to lack of validation of the /login/bin/set_param to the file name with the value of 'system.delete.sd_file'
A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic.
A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization and are shared between several users. This may allow a current session to be compromised.
An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An attacker can exploit this vulnerability remotely.
An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICATION BYPASS).
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management.
An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view settings without authenticating.
Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets.
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read and modify sensitive data, delete data and render the FTSP system unavailable.
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.
A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attacker to exploit the vulnerability by remotely connecting to the serial port gateway, and/or protocol converter, depending on the configuration.
All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoint that may result in remote code execution (RCE). Rockwell Automation recommends applying patch 1126289. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx.
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728).
Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication.
| CVE ID ⇅ | Severity ↓ | Description | |
|---|---|---|---|
| CVE-2026-3611 | CRITICAL | The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentica… | › |
| CVE-2025-9574 | CRITICAL | Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP… | › |
| CVE-2025-3450 | CRITICAL | An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions b… | › |
| CVE-2025-58321 | CRITICAL | Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability. | › |
| CVE-2024-51555 | CRITICAL | Default Credentail vulnerabilities allows access to an Aspect device using publicly available defaul… | › |
| CVE-2024-51551 | CRITICAL | Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly av… | › |
| CVE-2024-51550 | CRITICAL | Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized dat… | › |
| CVE-2024-51549 | CRITICAL | Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. A… | › |
| CVE-2024-51545 | CRITICAL | Username Enumeration vulnerabilities allow access to application level username add, delete, modify … | › |
| CVE-2024-48840 | CRITICAL | Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT - … | › |
| CVE-2024-48839 | CRITICAL | Improper Input Validation vulnerability allows Remote Code Execution. Affected products: ABB ASPE… | › |
| CVE-2024-11317 | CRITICAL | Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login pr… | › |
| CVE-2024-6298 | CRITICAL | Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 … | › |
| CVE-2024-6209 | CRITICAL | Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 … | › |
| CVE-2023-4699 | CRITICAL | Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC… | › |
| CVE-2023-3572 | CRITICAL | In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated … | › |
| CVE-2023-1424 | CRITICAL | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi E… | › |
| CVE-2021-38397 | CRITICAL | Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file up… | › |
| CVE-2021-27446 | CRITICAL | The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated rem… | › |
| CVE-2021-27476 | CRITICAL | A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for … | › |
| CVE-2021-27474 | CRITICAL | Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functi… | › |
| CVE-2021-27472 | CRITICAL | A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation Fac… | › |
| CVE-2021-27470 | CRITICAL | A deserialization vulnerability exists in how the LogService.rem service in Rockwell Automation Fact… | › |
| CVE-2021-27468 | CRITICAL | The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes… | › |
| CVE-2021-27466 | CRITICAL | A deserialization vulnerability exists in how the ArchiveService.rem service in Rockwell Automation … | › |
| CVE-2021-27464 | CRITICAL | The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exp… | › |
| CVE-2021-27462 | CRITICAL | A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation Fact… | › |
| CVE-2021-27460 | CRITICAL | Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier components contain .NET remoting endp… | › |
| CVE-2021-38454 | CRITICAL | A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 … | › |
| CVE-2021-20998 | CRITICAL | In multiple managed switches by WAGO in different versions without authorization and with specially … | › |
| CVE-2020-14516 | CRITICAL | In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue… | › |
| CVE-2020-12522 | CRITICAL | The reported vulnerability allows an attacker who has network access to the device to execute code w… | › |
| CVE-2017-14459 | CRITICAL | An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login funct… | › |
| CVE-2017-16740 | CRITICAL | A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controll… | › |
| CVE-2016-9343 | CRITICAL | An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.0… | › |
| CVE-2016-8363 | CRITICAL | An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Seri… | › |
| CVE-2016-8352 | CRITICAL | An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEF… | › |
| CVE-2012-6069 | CRITICAL | The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which … | › |
| CVE-2026-28363 | CRITICAL | In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long… | › |
| CVE-2025-2605 | CRITICAL | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabi… | › |
| CVE-2024-6784 | CRITICAL | Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthori… | › |
| CVE-2024-51548 | CRITICAL | Dangerous File Upload vulnerabilities allow upload of malicious scripts. Affected products: ABB A… | › |
| CVE-2023-3710 | CRITICAL | Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) … | › |
| CVE-2019-5138 | CRITICAL | An exploitable command injection vulnerability exists in encrypted diagnostic script functionality o… | › |
| CVE-2026-3630 | CRITICAL | Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability. | › |
| CVE-2024-55026 | CRITICAL | An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows un… | › |
| CVE-2024-55024 | CRITICAL | An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb… | › |
| CVE-2024-55020 | CRITICAL | A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web … | › |
| CVE-2025-66603 | CRITICAL | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web s… | › |
| CVE-2025-66602 | CRITICAL | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web s… | › |
| CVE-2025-62582 | CRITICAL | Delta Electronics DIAView has multiple vulnerabilities. | › |
| CVE-2025-62581 | CRITICAL | Delta Electronics DIAView has multiple vulnerabilities. | › |
| CVE-2022-50926 | CRITICAL | WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows a… | › |
| CVE-2025-34256 | CRITICAL | Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerab… | › |
| CVE-2022-50593 | CRITICAL | Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP managem… | › |
| CVE-2022-50591 | CRITICAL | Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP managem… | › |
| CVE-2025-3128 | CRITICAL | A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS comman… | › |
| CVE-2025-3699 | CRITICAL | Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 a… | › |
| CVE-2025-1863 | CRITICAL | Insecure default settings have been found in recorder products provided by Yokogawa Electric Corpora… | › |
| CVE-2025-3495 | CRITICAL | Delta Electronics COMMGR v1 and v2 uses insufficiently randomized values to generate session IDs (CW… | › |
| CVE-2024-51547 | CRITICAL | Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX S… | › |
| CVE-2025-0498 | CRITICAL | A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation Fact… | › |
| CVE-2025-0497 | CRITICAL | A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation Fact… | › |
| CVE-2025-0477 | CRITICAL | An encryption vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation Factor… | › |
| CVE-2024-9140 | CRITICAL | Moxa’s cellular routers, secure routers, and network security appliances are affected by a critical … | › |
| CVE-2024-50375 | CRITICAL | A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following devi… | › |
| CVE-2024-50374 | CRITICAL | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')… | › |
| CVE-2024-50373 | CRITICAL | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')… | › |
| CVE-2024-50372 | CRITICAL | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')… | › |
| CVE-2024-50371 | CRITICAL | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')… | › |
| CVE-2024-50370 | CRITICAL | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')… | › |
| CVE-2024-10456 | CRITICAL | Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserializatio… | › |
| CVE-2024-43699 | CRITICAL | Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An u… | › |
| CVE-2024-7961 | CRITICAL | A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, th… | › |
| CVE-2024-8255 | CRITICAL | Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote co… | › |
| CVE-2024-7988 | CRITICAL | A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ tha… | › |
| CVE-2024-5989 | CRITICAL | Due to an improper input validation, an unauthenticated threat actor can send a malicious message to… | › |
| CVE-2024-5988 | CRITICAL | Due to an improper input validation, an unauthenticated threat actor can send a malicious message to… | › |
| CVE-2024-39331 | CRITICAL | In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it… | › |
| CVE-2024-4609 | CRITICAL | A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could a… | › |
| CVE-2024-3871 | CRITICAL | The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This inte… | › |
| CVE-2024-1917 | CRITICAL | Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and … | › |
| CVE-2024-1916 | CRITICAL | Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and … | › |
| CVE-2024-1915 | CRITICAL | Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSE… | › |
| CVE-2024-0803 | CRITICAL | Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and … | › |
| CVE-2024-0802 | CRITICAL | Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSE… | › |
| CVE-2024-0323 | CRITICAL | The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as S… | › |
| CVE-2024-21917 | CRITICAL | A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious … | › |
| CVE-2023-6943 | CRITICAL | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in … | › |
| CVE-2023-46141 | CRITICAL | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOE… | › |
| CVE-2023-0757 | CRITICAL | Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PH… | › |
| CVE-2023-47207 | CRITICAL | In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthe… | › |
| CVE-2023-39226 | CRITICAL | In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthe… | › |
| CVE-2023-5777 | CRITICAL | Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately d… | › |
| CVE-2023-43492 | CRITICAL | In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buf… | › |
| CVE-2023-38584 | CRITICAL | In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based bu… | › |
| CVE-2023-5642 | CRITICAL | Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the s… | › |
| CVE-2023-2262 | CRITICAL | A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication d… | › |
| CVE-2023-2071 | CRITICAL | Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies use… | › |
| CVE-2023-2917 | CRITICAL | The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerabi… | › |
| CVE-2023-1437 | CRITICAL | All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers… | › |
| CVE-2023-25770 | CRITICAL | Controller DoS may occur due to buffer overflow when an error is generated in response to a speciall… | › |
| CVE-2023-25178 | CRITICAL | Controller may be loaded with malicious firmware which could enable remote code execution. See Honey… | › |
| CVE-2023-25078 | CRITICAL | Server or Console Station DoS due to heap overflow occurring during the handling of a specially craf… | › |
| CVE-2023-24480 | CRITICAL | Controller DoS due to stack overflow when decoding a message from the server. See Honeywell Securi… | › |
| CVE-2023-23585 | CRITICAL | Experion server DoS due to heap overflow occurring during the handling of a specially crafted messag… | › |
| CVE-2023-3595 | CRITICAL | Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix com… | › |
| CVE-2023-2611 | CRITICAL | Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not availab… | › |
| CVE-2023-27396 | CRITICAL | FINS (Factory Interface Network Service) is a message communication protocol, which is designed to b… | › |
| CVE-2023-1698 | CRITICAL | In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create ne… | › |
| CVE-2023-28697 | CRITICAL | Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user… | › |
| CVE-2023-1140 | CRITICAL | Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that coul… | › |
| CVE-2023-1136 | CRITICAL | In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker c… | › |
| CVE-2023-1133 | CRITICAL | Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which … | › |
| CVE-2023-27855 | CRITICAL | In affected versions, a path traversal exists when processing a message in Rockwell Automation's Th… | › |
| CVE-2022-42971 | CRITICAL | A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause rem… | › |
| CVE-2022-42970 | CRITICAL | A CWE-306: Missing Authentication for Critical Function The software does not perform any authentica… | › |
| CVE-2023-22357 | CRITICAL | Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is no… | › |
| CVE-2022-41778 | CRITICAL | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied d… | › |
| CVE-2021-34569 | CRITICAL | In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet conta… | › |
| CVE-2022-33321 | CRITICAL | Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication… | › |
| CVE-2022-41772 | CRITICAL | Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives con… | › |
| CVE-2022-41688 | CRITICAL | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication … | › |
| CVE-2022-41657 | CRITICAL | Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided dat… | › |
| CVE-2022-40202 | CRITICAL | The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and p… | › |
| CVE-2022-38142 | CRITICAL | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied d… | › |
| CVE-2022-3386 | CRITICAL | Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An un… | › |
| CVE-2022-3385 | CRITICAL | Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An un… | › |
| CVE-2022-43775 | CRITICAL | The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could all… | › |
| CVE-2022-43774 | CRITICAL | The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that co… | › |
| CVE-2022-30318 | CRITICAL | Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there… | › |
| CVE-2022-30315 | CRITICAL | Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 has Insufficient Verification … | › |
| CVE-2022-31207 | CRITICAL | The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lac… | › |
| CVE-2022-31206 | CRITICAL | The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2… | › |
| CVE-2022-33318 | CRITICAL | Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 1… | › |
| CVE-2022-31806 | CRITICAL | In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is … | › |
| CVE-2022-31802 | CRITICAL | In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified passwo… | › |
| CVE-2022-25163 | CRITICAL | Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 d… | › |
| CVE-2021-27444 | CRITICAL | The Weintek cMT product line is vulnerable to various improper access controls, which may allow an u… | › |
| CVE-2022-1378 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2022-1377 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2022-1376 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2022-1375 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2022-1374 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2022-1372 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2022-1371 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2022-1370 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2022-1369 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2022-1367 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2022-1366 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2021-40390 | CRITICAL | An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Se… | › |
| CVE-2021-30064 | CRITICAL | On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and … | › |
| CVE-2021-32976 | CRITICAL | Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version … | › |
| CVE-2021-32974 | CRITICAL | Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware vers… | › |
| CVE-2022-27175 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2022-26887 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2022-26836 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2022-26667 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2022-26666 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2022-26514 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2022-26349 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2022-26338 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2022-26069 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2022-26065 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2022-26059 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2022-26013 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2022-25980 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2022-25880 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2022-25347 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal atta… | › |
| CVE-2022-0923 | CRITICAL | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil… | › |
| CVE-2022-23402 | CRITICAL | The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM… | › |
| CVE-2022-21194 | CRITICAL | The following Yokogawa Electric products do not change the passwords of the internal Windows account… | › |
| CVE-2021-39363 | CRITICAL | Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after … | › |
| CVE-2021-46560 | CRITICAL | The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device … | › |
| CVE-2022-23128 | CRITICAL | Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A … | › |
| CVE-2021-38389 | CRITICAL | Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which m… | › |
| CVE-2021-33023 | CRITICAL | Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which ma… | › |
| CVE-2021-38458 | CRITICAL | A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 … | › |
| CVE-2021-38456 | CRITICAL | A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3… | › |
| CVE-2021-38408 | CRITICAL | A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by… | › |
| CVE-2021-34578 | CRITICAL | This vulnerability allows an attacker who has access to the WBM to read and write settings-parameter… | › |
| CVE-2021-38393 | CRITICAL | A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of De… | › |
| CVE-2021-38391 | CRITICAL | A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta … | › |
| CVE-2021-38390 | CRITICAL | A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of De… | › |
| CVE-2021-32983 | CRITICAL | A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta El… | › |
| CVE-2021-32967 | CRITICAL | Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrati… | › |
| CVE-2021-32955 | CRITICAL | Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may all… | › |
| CVE-2021-21805 | CRITICAL | An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-See… | › |
| CVE-2021-33485 | CRITICAL | CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow. | › |
| CVE-2020-20741 | CRITICAL | Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB… | › |
| CVE-2021-21804 | CRITICAL | A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advante… | › |
| CVE-2021-30193 | CRITICAL | CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. | › |
| CVE-2021-30192 | CRITICAL | CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. | › |
| CVE-2021-30190 | CRITICAL | CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. | › |
| CVE-2021-30189 | CRITICAL | CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow. | › |
| CVE-2021-30188 | CRITICAL | CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow. | › |
| CVE-2019-18235 | CRITICAL | Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameter… | › |
| CVE-2021-22681 | CRITICAL | Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 t… | › |
| CVE-2021-22658 | CRITICAL | Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an… | › |
| CVE-2021-22652 | CRITICAL | Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authenticatio… | › |
| CVE-2020-28144 | CRITICAL | Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series F… | › |
| CVE-2020-27265 | CRITICAL | KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivit… | › |
| CVE-2020-25196 | CRITICAL | The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet … | › |
| CVE-2020-25153 | CRITICAL | The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require … | › |
| CVE-2020-23639 | CRITICAL | A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower … | › |
| CVE-2020-16226 | CRITICAL | Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a m… | › |
| CVE-2020-16245 | CRITICAL | Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulner… | › |
| CVE-2020-12007 | CRITICAL | A specially crafted communication packet sent to the affected devices could allow remote code execut… | › |
| CVE-2020-12011 | CRITICAL | A specially crafted communication packet sent to the affected systems could cause a denial-of-servic… | › |
| CVE-2020-10287 | CRITICAL | The IRC5 family with UAS service enabled comes by default with credentials that can be found on publ… | › |
| CVE-2020-14503 | CRITICAL | Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful … | › |
| CVE-2020-14501 | CRITICAL | Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-3… | › |
| CVE-2020-14507 | CRITICAL | Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities th… | › |
| CVE-2020-14505 | CRITICAL | Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in … | › |
| CVE-2020-14497 | CRITICAL | Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vu… | › |
| CVE-2020-5599 | CRITICAL | TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version … | › |
| CVE-2020-5595 | CRITICAL | TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version … | › |
| CVE-2020-5594 | CRITICAL | Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulner… | › |
| CVE-2020-12022 | CRITICAL | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerabili… | › |
| CVE-2020-12006 | CRITICAL | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal v… | › |
| CVE-2020-12002 | CRITICAL | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overfl… | › |
| CVE-2020-10638 | CRITICAL | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflo… | › |
| CVE-2019-5620 | CRITICAL | ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication fo… | › |
| CVE-2020-8481 | CRITICAL | For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, … | › |
| CVE-2020-6974 | CRITICAL | Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which all… | › |
| CVE-2020-10245 | CRITICAL | CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer ove… | › |
| CVE-2020-7007 | CRITICAL | In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or… | › |
| CVE-2020-6991 | CRITICAL | In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an att… | › |
| CVE-2020-6981 | CRITICAL | In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system w… | › |
| CVE-2020-6995 | CRITICAL | In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or l… | › |
| CVE-2020-6985 | CRITICAL | In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or l… | › |
| CVE-2020-6989 | CRITICAL | In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or l… | › |
| CVE-2020-6967 | CRITICAL | In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryT… | › |
| CVE-2020-6990 | CRITICAL | Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, … | › |
| CVE-2020-5547 | CRITICAL | Resource Management Errors vulnerability in TCP function included in the firmware of Mitsubishi Elec… | › |
| CVE-2020-5545 | CRITICAL | TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware v… | › |
| CVE-2020-5544 | CRITICAL | Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electr… | › |
| CVE-2020-5543 | CRITICAL | TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware v… | › |
| CVE-2020-5542 | CRITICAL | Buffer error vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU… | › |
| CVE-2019-9099 | CRITICAL | An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 device… | › |
| CVE-2019-9096 | CRITICAL | An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 device… | › |
| CVE-2019-9095 | CRITICAL | An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 device… | › |
| CVE-2020-5531 | CRITICAL | Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller… | › |
| CVE-2015-5628 | CRITICAL | Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50… | › |
| CVE-2015-5627 | CRITICAL | Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50… | › |
| CVE-2015-5626 | CRITICAL | Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50… | › |
| CVE-2019-5082 | CRITICAL | An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functiona… | › |
| CVE-2019-16871 | CRITICAL | Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stati… | › |
| CVE-2019-5079 | CRITICAL | An exploitable heap buffer overflow vulnerability exists in the iocheckd service "I/O-Check" functio… | › |
| CVE-2019-5075 | CRITICAL | An exploitable stack buffer overflow vulnerability exists in the command line utility getcouplerdeta… | › |
| CVE-2019-5081 | CRITICAL | An exploitable heap buffer overflow vulnerability exists in the iocheckd service ''I/O-Chec'' functi… | › |
| CVE-2019-5074 | CRITICAL | An exploitable stack buffer overflow vulnerability exists in the iocheckd service ''I/O-Check'' func… | › |
| CVE-2019-18257 | CRITICAL | In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow v… | › |
| CVE-2019-18269 | CRITICAL | Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability. | › |
| CVE-2019-18261 | CRITICAL | In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, al… | › |
| CVE-2019-18259 | CRITICAL | In Omron PLC CJ series, all versions and Omron PLC CS series, all versions, an attacker could spoof … | › |
| CVE-2019-3951 | CRITICAL | Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code o… | › |
| CVE-2019-18250 | CRITICAL | In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected p… | › |
| CVE-2019-18858 | CRITICAL | CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Control runtime systems, has a Bu… | › |
| CVE-2019-18226 | CRITICAL | Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in th… | › |
| CVE-2019-13551 | CRITICAL | Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a l… | › |
| CVE-2019-13547 | CRITICAL | Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyon… | › |
| CVE-2019-14931 | CRITICAL | An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-R… | › |
| CVE-2019-14930 | CRITICAL | An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-R… | › |
| CVE-2019-14929 | CRITICAL | An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-R… | › |
| CVE-2019-14926 | CRITICAL | An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-R… | › |
| CVE-2019-16265 | CRITICAL | CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow. | › |
| CVE-2019-13548 | CRITICAL | CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted… | › |
| CVE-2019-3975 | CRITICAL | Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated atta… | › |
| CVE-2019-9010 | CRITICAL | An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly veri… | › |
| CVE-2019-10938 | CRITICAL | A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7… | › |
| CVE-2019-10970 | CRITICAL | In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have nev… | › |
| CVE-2018-11425 | CRITICAL | Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 a… | › |
| CVE-2018-11422 | CRITICAL | Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration p… | › |
| CVE-2018-11421 | CRITICAL | Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring prot… | › |
| CVE-2018-11420 | CRITICAL | There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 1… | › |
| CVE-2018-11426 | CRITICAL | A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 … | › |
| CVE-2019-12899 | CRITICAL | Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at ntdll!RtlQueueWorkItem… | › |
| CVE-2019-12898 | CRITICAL | Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at image00400000+0x000000… | › |
| CVE-2019-3954 | CRITICAL | Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated atta… | › |
| CVE-2019-3953 | CRITICAL | Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated atta… | › |
| CVE-2019-12550 | CRITICAL | WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded u… | › |
| CVE-2019-12549 | CRITICAL | WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded p… | › |
| CVE-2018-10698 | CRITICAL | An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET serv… | › |
| CVE-2019-10712 | CRITICAL | The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 7… | › |
| CVE-2019-6526 | CRITICAL | Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A serie… | › |
| CVE-2019-3940 | CRITICAL | Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unau… | › |
| CVE-2014-9186 | CRITICAL | A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before … | › |
| CVE-2014-5435 | CRITICAL | An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PK… | › |
| CVE-2019-6552 | CRITICAL | Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, cau… | › |
| CVE-2019-6550 | CRITICAL | Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabil… | › |
| CVE-2018-19282 | CRITICAL | Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a deni… | › |
| CVE-2019-6553 | CRITICAL | A vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. An input… | › |
| CVE-2010-5305 | CRITICAL | The potential exists for exposure of the product's password used to restrict unauthorized access to … | › |
| CVE-2014-9189 | CRITICAL | Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versio… | › |
| CVE-2014-9187 | CRITICAL | Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions pri… | › |
| CVE-2019-6563 | CRITICAL | Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to … | › |
| CVE-2019-6557 | CRITICAL | Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow re… | › |
| CVE-2019-6524 | CRITICAL | Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication atte… | › |
| CVE-2019-9201 | CRITICAL | Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and o… | › |
| CVE-2019-5909 | CRITICAL | License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class… | › |
| CVE-2018-13792 | CRITICAL | Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCaptu… | › |
| CVE-2018-10612 | CRITICAL | In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user acce… | › |
| CVE-2018-0651 | CRITICAL | Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.1… | › |
| CVE-2018-18995 | CRITICAL | Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authenti… | › |
| CVE-2018-14816 | CRITICAL | Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that h… | › |
| CVE-2018-14806 | CRITICAL | Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker… | › |
| CVE-2018-18396 | CRITICAL | Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions versio… | › |
| CVE-2018-18395 | CRITICAL | Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version … | › |
| CVE-2018-18394 | CRITICAL | Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Soft… | › |
| CVE-2018-18393 | CRITICAL | Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions ve… | › |
| CVE-2018-17900 | CRITICAL | Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web a… | › |
| CVE-2018-14829 | CRITICAL | Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote… | › |
| CVE-2018-7791 | CRITICAL | A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M… | › |
| CVE-2018-7790 | CRITICAL | An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (a… | › |
| CVE-2018-14805 | CRITICAL | ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonym… | › |
| CVE-2018-10592 | CRITICAL | Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU contr… | › |
| CVE-2018-13791 | CRITICAL | The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 allows an attacker to conduct Access… | › |
| CVE-2018-7785 | CRITICAL | In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection… | › |
| CVE-2018-7784 | CRITICAL | In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when t… | › |
| CVE-2018-7780 | CRITICAL | In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior t… | › |
| CVE-2018-7778 | CRITICAL | In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has … | › |
| CVE-2018-10594 | CRITICAL | Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying … | › |
| CVE-2018-4846 | CRITICAL | A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 5… | › |
| CVE-2018-10623 | CRITICAL | Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operat… | › |
| CVE-2018-10621 | CRITICAL | Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-len… | › |
| CVE-2018-10617 | CRITICAL | Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-len… | › |
| CVE-2017-7933 | CRITICAL | In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, w… | › |
| CVE-2017-7931 | CRITICAL | In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator (URL) on the web … | › |
| CVE-2018-8871 | CRITICAL | In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may… | › |
| CVE-2017-9664 | CRITICAL | In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: applica… | › |
| CVE-2018-8845 | CRITICAL | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc… | › |
| CVE-2018-7505 | CRITICAL | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc… | › |
| CVE-2018-7499 | CRITICAL | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc… | › |
| CVE-2018-7497 | CRITICAL | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc… | › |
| CVE-2018-10589 | CRITICAL | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc… | › |
| CVE-2018-7761 | CRITICAL | A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Prem… | › |
| CVE-2018-7760 | CRITICAL | An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, … | › |
| CVE-2018-7246 | CRITICAL | A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074… | › |
| CVE-2018-7243 | CRITICAL | An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Ca… | › |
| CVE-2018-7242 | CRITICAL | Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon … | › |
| CVE-2018-7241 | CRITICAL | Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, an… | › |
| CVE-2016-8717 | CRITICAL | An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Acc… | › |
| CVE-2018-4841 | CRITICAL | A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with ne… | › |
| CVE-2018-7238 | CRITICAL | A buffer overflow vulnerability exist in the web-based GUI of Schneider Electric's Pelco Sarix Profe… | › |
| CVE-2018-7233 | CRITICAL | A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri… | › |
| CVE-2018-7232 | CRITICAL | A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri… | › |
| CVE-2018-7231 | CRITICAL | A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri… | › |
| CVE-2018-7229 | CRITICAL | A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri… | › |
| CVE-2018-7228 | CRITICAL | A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri… | › |
| CVE-2018-5455 | CRITICAL | A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell … | › |
| CVE-2018-5440 | CRITICAL | A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all… | › |
| CVE-2018-5459 | CRITICAL | An Improper Authentication issue was discovered in WAGO PFC200 Series 3S CoDeSys Runtime versions 2.… | › |
| CVE-2018-6911 | CRITICAL | The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to … | › |
| CVE-2018-6624 | CRITICAL | OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct reques… | › |
| CVE-2017-12729 | CRITICAL | A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutraliza… | › |
| CVE-2017-16743 | CRITICAL | An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Se… | › |
| CVE-2017-16724 | CRITICAL | A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. The… | › |
| CVE-2017-9944 | CRITICAL | A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < … | › |
| CVE-2017-13701 | CRITICAL | An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensi… | › |
| CVE-2017-12739 | CRITICAL | An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00,… | › |
| CVE-2017-14024 | CRITICAL | A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP… | › |
| CVE-2017-13997 | CRITICAL | A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft W… | › |
| CVE-2017-9957 | CRITICAL | A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in… | › |
| CVE-2017-7974 | CRITICAL | A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builde… | › |
| CVE-2017-7973 | CRITICAL | A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.… | › |
| CVE-2017-12708 | CRITICAL | An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in A… | › |
| CVE-2017-12706 | CRITICAL | A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_201… | › |
| CVE-2017-12698 | CRITICAL | An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_201708… | › |
| CVE-2015-6473 | CRITICAL | WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation. | › |
| CVE-2015-6472 | CRITICAL | WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential man… | › |
| CVE-2017-9939 | CRITICAL | A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could a… | › |
| CVE-2017-6869 | CRITICAL | A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453… | › |
| CVE-2017-9629 | CRITICAL | A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger… | › |
| CVE-2017-7903 | CRITICAL | A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 11… | › |
| CVE-2017-7902 | CRITICAL | A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen-Bradle… | › |
| CVE-2017-7899 | CRITICAL | An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 pr… | › |
| CVE-2017-7898 | CRITICAL | An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automa… | › |
| CVE-2017-6034 | CRITICAL | An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus… | › |
| CVE-2017-6028 | CRITICAL | An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modi… | › |
| CVE-2017-7915 | CRITICAL | An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G31… | › |
| CVE-2017-7913 | CRITICAL | A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 1… | › |
| CVE-2017-6027 | CRITICAL | An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server… | › |
| CVE-2017-6025 | CRITICAL | A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server.… | › |
| CVE-2017-7909 | CRITICAL | A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware… | › |
| CVE-2017-5158 | CRITICAL | An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywher… | › |
| CVE-2017-7689 | CRITICAL | A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions b… | › |
| CVE-2017-7575 | CRITICAL | Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the applica… | › |
| CVE-2017-7574 | CRITICAL | Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices… | › |
| CVE-2017-5178 | CRITICAL | An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonde… | › |
| CVE-2017-5159 | CRITICAL | An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. W… | › |
| CVE-2017-5154 | CRITICAL | An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection … | › |
| CVE-2017-5140 | CRITICAL | An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and… | › |
| CVE-2017-5139 | CRITICAL | An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and… | › |
| CVE-2016-9369 | CRITICAL | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions pr… | › |
| CVE-2016-9366 | CRITICAL | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions pr… | › |
| CVE-2016-9361 | CRITICAL | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions pr… | › |
| CVE-2016-9333 | CRITICAL | An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. The SoftCMS Application does … | › |
| CVE-2016-8567 | CRITICAL | An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded password… | › |
| CVE-2016-5818 | CRITICAL | An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented… | › |
| CVE-2016-5815 | CRITICAL | An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX se… | › |
| CVE-2016-9157 | CRITICAL | A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to ca… | › |
| CVE-2016-9155 | CRITICAL | The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41… | › |
| CVE-2016-5799 | CRITICAL | Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not … | › |
| CVE-2016-5792 | CRITICAL | SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary … | › |
| CVE-2016-4522 | CRITICAL | SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows re… | › |
| CVE-2016-5743 | CRITICAL | Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Upd… | › |
| CVE-2016-5804 | CRITICAL | Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before … | › |
| CVE-2016-4520 | CRITICAL | Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardco… | › |
| CVE-2016-4503 | CRITICAL | Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and conseque… | › |
| CVE-2016-2275 | CRITICAL | The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 … | › |
| CVE-2016-0868 | CRITICAL | Stack-based buffer overflow on Rockwell Automation Allen-Bradley MicroLogix 1100 devices A through 1… | › |
| CVE-2016-0859 | CRITICAL | Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to … | › |
| CVE-2016-0857 | CRITICAL | Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to exe… | › |
| CVE-2016-0856 | CRITICAL | Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to ex… | › |
| CVE-2016-0854 | CRITICAL | Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction scr… | › |
| CVE-2015-7938 | CRITICAL | Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authenti… | › |
| CVE-2012-6068 | CRITICAL | The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which… | › |
| CVE-2012-0931 | CRITICAL | Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software an… | › |
| CVE-2025-66606 | CRITICAL | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This prod… | › |
| CVE-2025-10571 | CRITICAL | Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.T… | › |
| CVE-2024-6515 | CRITICAL | Web browser interface may manipulate application username/password in clear text or Base64 encoding … | › |
| CVE-2024-4008 | CRITICAL | FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacke… | › |
| CVE-2023-3526 | CRITICAL | In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIEN… | › |
| CVE-2023-2746 | CRITICAL | The Rockwell Automation Enhanced HIM software contains an API that the application uses that is no… | › |
| CVE-2022-4126 | CRITICAL | Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Def… | › |
| CVE-2025-2523 | CRITICAL | The Honeywell Experion PKS and OneWireless WDM contains an Integer Underflow vulnerability … | › |
| CVE-2024-48845 | CRITICAL | Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of wea… | › |
| CVE-2024-9137 | CRITICAL | The affected product lacks an authentication check when sending commands to the server via the Moxa … | › |
| CVE-2023-1834 | CRITICAL | Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and Janu… | › |
| CVE-2021-27442 | CRITICAL | The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allo… | › |
| CVE-2020-8479 | CRITICAL | For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and relate… | › |
| CVE-2019-19108 | CRITICAL | An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, … | › |
| CVE-2020-8768 | CRITICAL | An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L be… | › |
| CVE-2023-4088 | CRITICAL | Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineeri… | › |
| CVE-2023-0104 | CRITICAL | The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decomp… | › |
| CVE-2024-4009 | CRITICAL | Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows at… | › |
| CVE-2025-3755 | CRITICAL | Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Ele… | › |
| CVE-2024-51554 | CRITICAL | Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly av… | › |
| CVE-2024-7960 | CRITICAL | The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view… | › |
| CVE-2023-5389 | CRITICAL | An attacker could potentially exploit this vulnerability, leading to the ability to modify files on… | › |
| CVE-2023-4562 | CRITICAL | Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main module… | › |
| CVE-2023-0811 | CRITICAL | Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM passw… | › |
| CVE-2022-3843 | CRITICAL | In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration inte… | › |
| CVE-2022-29830 | CRITICAL | Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.0… | › |
| CVE-2021-34566 | CRITICAL | In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a special… | › |
| CVE-2021-38395 | CRITICAL | Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralizat… | › |
| CVE-2022-30317 | CRITICAL | Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. Accordi… | › |
| CVE-2022-29898 | CRITICAL | On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration fil… | › |
| CVE-2022-29897 | CRITICAL | On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute utilit… | › |
| CVE-2022-25158 | CRITICAL | Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series F… | › |
| CVE-2022-25157 | CRITICAL | Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MEL… | › |
| CVE-2020-25176 | CRITICAL | Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (I… | › |
| CVE-2021-34584 | CRITICAL | Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a de… | › |
| CVE-2021-20597 | CRITICAL | Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety … | › |
| CVE-2021-30194 | CRITICAL | CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read. | › |
| CVE-2021-21001 | CRITICAL | On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised att… | › |
| CVE-2021-25848 | CRITICAL | Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort… | › |
| CVE-2021-25847 | CRITICAL | Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort… | › |
| CVE-2020-27267 | CRITICAL | KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity … | › |
| CVE-2020-27263 | CRITICAL | KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivit… | › |
| CVE-2020-12506 | CRITICAL | Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attac… | › |
| CVE-2020-12013 | CRITICAL | A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary S… | › |
| CVE-2019-19106 | CRITICAL | Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11… | › |
| CVE-2019-19104 | CRITICAL | The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows acc… | › |
| CVE-2020-6972 | CRITICAL | In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authenticatio… | › |
| CVE-2019-5161 | CRITICAL | An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of… | › |
| CVE-2019-5160 | CRITICAL | An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality… | › |
| CVE-2019-5080 | CRITICAL | An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functional… | › |
| CVE-2019-5078 | CRITICAL | An exploitable denial of service vulnerability exists in the iocheckd service "I/O-Check" functional… | › |
| CVE-2019-5077 | CRITICAL | An exploitable denial-of-service vulnerability exists in the iocheckd service ‘’I/O-Chec’’ functiona… | › |
| CVE-2019-6522 | CRITICAL | Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device mem… | › |
| CVE-2017-16726 | CRITICAL | Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in pro… | › |
| CVE-2018-10730 | CRITICAL | All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33… | › |
| CVE-2018-7245 | CRITICAL | An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management … | › |
| CVE-2018-7237 | CRITICAL | A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions pri… | › |
| CVE-2017-16727 | CRITICAL | A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort… | › |
| CVE-2017-6026 | CRITICAL | A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modico… | › |
| CVE-2016-8721 | CRITICAL | An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality… | › |
| CVE-2017-5152 | CRITICAL | An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource… | › |
| CVE-2017-5142 | CRITICAL | An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and… | › |
| CVE-2016-9362 | CRITICAL | An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 p… | › |
| CVE-2016-8565 | CRITICAL | Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, r… | › |
| CVE-2014-5415 | CRITICAL | Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT comp… | › |
| CVE-2014-5414 | CRITICAL | Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT comp… | › |
| CVE-2024-6516 | CRITICAL | Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be i… | › |
| CVE-2024-21915 | CRITICAL | A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (F… | › |
| CVE-2023-4203 | CRITICAL | Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scri… | › |
| CVE-2023-4202 | CRITICAL | Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scri… | › |
| CVE-2022-0947 | CRITICAL | A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attacker to exploit the vu… | › |
| CVE-2020-12029 | CRITICAL | All versions of FactoryTalk View SE do not properly validate input of filenames within a project dir… | › |
| CVE-2018-10731 | CRITICAL | All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33… | › |
| CVE-2017-2684 | CRITICAL | Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid u… | › |