Alerts and Advisories




January   February   March   April   May   June   July   August  


  • Vulnerability in AVEVA's Equipment (30 May 2019)

    Insufficiently Protected Credentials vulnerability has been discovered in AVEVA's Equipment- Vijeo Citect and CitectSCADA. Successful exploitation of this vulnerability could allow a locally authenticated user to obtain Citect user credentials.

  • Multiple vulnerabilities in Emerson's Equipment (28 May 2019)

    Multiple vulnerabilities such as Stack-based Buffer Overflow, Heap-based Buffer Overflow have been discovered in Emerson's Equipment- Ovation OCR400 Controller. Successful exploitation of these vulnerabilities may allow privilege escalation or remote code execution, or it may halt the controller.

  • Vulnerability Summary (27 May 2019)

    Summary of vulnerabilities for the Week of May 20, 2019.

  • Multiple vulnerabilities in Computrols' Equipment (21 May 2019)

    Multiple vulnerabilities such as Cross-site Request Forgery, Information Exposure Through Discrepancy, Cross-site Scripting, Command Injection, Information Exposure Through Source Code, Use of Hard-coded Cryptographic Key, SQL Injection, Authentication Bypass Using an Alternate Path or Channel, Inadequate Encryption Strength have been discovered in Computrols' Equipment- CBAS Web. Successful exploitation of these vulnerabilities could allow unauthorized actions with administrative privileges, disclosure of sensitive information, execution of code within a user’s browser, execution of unauthorized OS commands, unauthorized access to the database, execution of unauthorized SQL commands, authentication bypass, or decryption of passwords.

  • Vulnerability in Mitsubishi Electric's Equipment (21 May 2019)

    Uncontrolled Resource Consumption vulnerability has been discovered in Mitsubishi Electric's Equipment- MELSEC-Q series Ethernet module. Successful exploitation of this vulnerability may render the device unresponsive, requiring a physical reset of the PLC (Programmable Logic Controller).

  • Vulnerability Summary (20 May 2019)

    Summary of vulnerabilities for the Week of May 13, 2019.

  • Vulnerability in Schneider Electric's Equipment (16 May 2019)

    Use of Insufficiently Random Values vulnerability has been discovered in Schneider Electric's Equipment- Modicon M580, Modicon M340, Modicon Premium, and Modicon Quantum. Successful exploitation of this vulnerability could allow an attacker to hijack TCP connections or cause information leakage.

  • Vulnerability in Fuji Electric's Equipment (16 May 2019)

    Out-of-bounds Read vulnerability has been discovered in Fuji Electric's Equipment- Alpha7 PC Loader. Successful exploitation of this vulnerability could crash the device.

  • Vulnerability in Omron's Equipment (14 May 2019)

    Untrusted Search Path vulnerability has been discovered in Omron's Equipment- Network Configurator for DeviceNet. Successful exploitation of this vulnerability could allow an attacker to achieve arbitrary code execution under the privileges of the application.

  • Vulnerability in Siemens' SIMATIC WinCC and SIMATIC PCS 7 Equipment (14 May 2019)

    Missing Authentication for Critical Function vulnerability has been discovered in Siemens' Equipment- SIMATIC WinCC and SIMATIC PCS 7. Successful exploitation of this vulnerability could allow an unauthenticated attacker with access to the affected devices to execute arbitrary code.

  • Vulnerability in Siemens' LOGO! Soft Comfort Equipment (14 May 2019)

    Deserialization of Untrusted Data vulnerability has been discovered in Siemens' Equipment- LOGO! Soft Comfort. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user into opening a manipulated project.

  • Multiple vulnerabilities in Siemens' LOGO!8 BM Equipment (14 May 2019)

    Multiple vulnerabilities such as Missing Authentication for Critical Function, Improper Handling of Extra Values, Plaintext Storage of a Password have been discovered in Siemens' Equipment- LOGO!8 BM. Successful exploitation of these vulnerabilities could allow device reconfiguration, access to project files, decryption of files, and access to passwords.

  • Uncontrolled Resource Consumption vulnerability in Siemens' Equipment (14 May 2019)

    Uncontrolled Resource Consumption vulnerability has been discovered in Siemens' Equipment- SINAMICS PERFECT HARMONY GH180 Drives NXG I and NXG II. Successful exploitation of this vulnerability could allow an attacker with access to the Ethernet Modbus Interface to cause a denial-of-service condition exceeding the number of available connections.

  • Improper Input Validation vulnerability in Siemens' Equipment (14 May 2019)

    Improper Input Validation vulnerability has been discovered in Siemens' Equipment- SINAMICS PERFECT HARMONY GH180 Fieldbus Network. Successful exploitation of this vulnerability could cause a denial-of-service condition.

  • Multiple vulnerabilities in Siemens' SCALANCE W1750D Equipment (14 May 2019)

    Multiple vulnerabilities such as Command Injection, Information Exposure, Cross-site Scripting have been discovered in Siemens' Equipment- SCALANCE W1750D. Successful exploitation of these vulnerabilities could allow an attacker execute arbitrary commands within the underlying operating system, discover sensitive information, take administrative actions on the device, or expose session cookies for an administrative session.

  • Multiple vulnerabilities in Siemens' Equipment- SIMATIC PCS 7, WinCC Runtime Professional, WinCC (TIA Portal) (14 May 2019)

    Multiple vulnerabilities such as SQL Injection, Uncaught Exception, Exposed Dangerous Method have been discovered in Siemens' Equipment- SIMATIC PCS 7, WinCC Runtime Professional, WinCC (TIA Portal). Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary commands on the affected system.

  • Multiple vulnerabilities in Siemens' Equipment (14 May 2019)

    Multiple vulnerabilities such as Use of Hard-coded Credentials, Insufficient Protection of Credentials, Cross-site Scripting have been discovered in Siemens' Equipment- SIMATIC WinCC Runtime Advanced, WinCC Runtime Professional, WinCC (TIA Portal); HMI Panels. Successful exploitation of these vulnerabilities could allow an attacker with network access to the device to read/write variables via SNMP.

  • Vulnerability Summary (13 May 2019)

    Summary of vulnerabilities for the Week of May 06, 2019.

  • Vulnerability Summary (06 May 2019)

    Summary of vulnerabilities for the Week of April 29, 2019.

  • Multiple vulnerabilities in Sierra Wireless' Equipment (02 May 2019)

    Multiple vulnerabilities such as OS Command Injection, Use of Hard-coded Credentials, Unrestricted Upload of File with Dangerous Type, Cross-site Scripting, Cross-site Request Forgery, Information Exposure, Missing Encryption of Sensitive Data have been discovered in Sierra Wireless' Equipment- AirLink ALEOS. Successful exploitation of these vulnerabilities could allow attackers to remotely execute code, discover user credentials, upload files, or discover file paths.

  • Multiple vulnerabilities in General Electric's Equipment (02 May 2019)

    Multiple vulnerabilities such as Uncontrolled Search Path, Use of Hard-coded Credentials, Improper Access Controls have been discovered in General Electric's Equipment- Communicator. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges, manipulate widgets and UI elements, gain control over the database, or execute administrative commands.

  • Multiple vulnerabilities in Orpak's Equipment (02 May 2019)

    Multiple vulnerabilities such as Use of Hard-coded Credentials, Cross-site Scripting, SQL Injection, Missing Encryption of Sensitive Data, Code Injection, Stack-based Buffer Overflow have been discovered in Orpak's Equipment- SiteOmat. Successful exploitation of these vulnerabilities could result in arbitrary remote code execution resulting in possible denial-of-service conditions and unauthorized access to view and edit monitoring, configuration, and payment information.

  • Vulnerability in Rockwell Automation's Equipment (28 Mar 2019)

    Resource Exhaustion vulnerability has been discovered in Rockwell Automation's Equipment- PowerFlex 525 AC Drives. Successful exploitation of this vulnerability could result in resource exhaustion, denial of service, and/or memory corruption.

  • Vulnerability in ENTTEC's Equipment (26 Mar 2019)

    Missing Authentication for Critical Function vulnerability has been discovered in ENTTEC's Equipment- Datagate MK2, Storm 24, Pixelator. Successful exploitation of this vulnerability could reboot this device allowing a continual denial of service condition.

  • Vulnerability in Phoenix Contact's Equipment (26 Mar 2019)

    Command Injection vulnerability has been discovered in Phoenix Contact's Equipment- RAD-80211-XD. Successful exploitation of this vulnerability could allow an attacker to execute system level commands with administrative privileges.

  • Vulnerability in Siemens' Equipment (26 Mar 2019)

    Expected Behavior Violation vulnerability has been discovered in Siemens' Equipment- SCALANCE X. Successful exploitation of this vulnerability could allow an attacker to feed data over a mirror port and into the mirrored network.

  • Vulnerability Summary (25 Mar 2019)

    Summary of vulnerabilities for the Week of March 18, 2019.

  • Multiple vulnerabilities in Medtronic's Equipment (21 Mar 2019)

    Multiple vulnerabilities such as Improper Access Control, Cleartext Transmission of Sensitive Information have been discovered in Medtronic's Equipment- MyCareLink Monitor, CareLink Monitor, CareLink 2090 Programmer, specific Medtronic implanted cardiac devices. Successful exploitation of these vulnerabilities may allow an attacker with adjacent short-range access to one of the affected products to interfere with, generate, modify, or intercept the radio frequency (RF) communication of the Medtronic proprietary Conexus telemetry system, potentially impacting product functionality and/or allowing access to transmitted sensitive data.

  • Vulnerability in AVEVA's Equipment (19 Mar 2019)

    Uncontrolled Search Path Element vulnerability has been discovered in AVEVA's Equipment- InduSoft Web Studio, InTouch Edge HMI. Successful exploitation of this vulnerability could allow execution of unauthorized code or commands.

  • Multiple vulnerabilities in Columbia Weather Systems' Equipment (19 Mar 2019)

    Multiple vulnerabilities such as Cross-site Scripting, Path Traversal, Improper Authentication, Improper Input Validation, Code Injection have been discovered in Columbia Weather Systems' Equipment- Weather MicroServer. Successful exploitation of these vulnerabilities may allow disclosure of data, cause a denial-of-service condition, and allow remote code execution.

  • Vulnerability Summary (18 Mar 2019)

    Summary of vulnerabilities for the Week of March 11, 2019.

  • Vulnerability in PEPPERL+FUCHS's Equipment (14 Mar 2019)

    Path Traversal vulnerability has been discovered in PEPPERL+FUCHS's Equipment- WirelessHART-Gateways. Successful exploitation of this vulnerability could allow access to files and restricted directories stored on the device through the manipulation of file parameters.

  • Vulnerability in Gemalto's Equipment (14 Mar 2019)

    Uncontrolled Search Path Element vulnerability has been discovered in Gemalto's Equipment- Sentinel UltraPro. Successful exploitation of this vulnerability could allow execution of unauthorized code or commands.

  • Vulnerability in LCDS' Equipment (14 Mar 2019)

    Out-of-Bounds Write vulnerability has been discovered in LCDS' Equipment- LAquis SCADA. Successful exploitation of this vulnerability could allow remote code execution.

  • Multiple vulnerabilities in WIBU-SYSTEMS AG's Equipment (12 Mar 2019)

    Multiple vulnerabilities such as Information Exposure, Out-of-bounds Write, Heap-based Buffer Overflow have been discovered in WIBU-SYSTEMS AG's Equipment- WibuKey Digital Rights Management (DRM). Successful exploitation of these vulnerabilities may allow information disclosure, privilege escalation, or remote code execution.

  • Vulnerability Summary (11 Mar 2019)

    Summary of vulnerabilities for the Week of March 4, 2019.

  • Vulnerability in Rockwell Automation's Equipment (05 Mar 2019)

    Stack-based Buffer Overflow vulnerability has been discovered in Rockwell Automation's Equipment- RSLinx Classic. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the target device.

  • Vulnerability Summary (04 Mar 2019)

    Summary of vulnerabilities for the Week of February 25, 2019.

  • Vulnerability in PSI GridConnect GmbH's Equipment (28 Feb 2019)

    Cross-site Scripting vulnerability has been discovered in PSI GridConnect GmbH's Equipment- Telecontrol Gateway and Smart Telecontrol Unit family, IEC104 Security Proxy. Successful exploitation of this vulnerability could allow an attacker to execute dynamic scripts in the context of the application, which could allow cross-site scripting attacks.

  • Multiple vulnerabilities in Moxa's Equipment (26 Feb 2019)

    Multiple vulnerabilities such as Classic Buffer Overflow, Cross-site Request Forgery, Cross-site Scripting, Improper Access Controls, Improper Restriction of Excessive Authentication Attempts, Missing Encryption of Sensitive Data, Out-of-bounds Read, Unprotected Storage of Credentials, Predictable from Observable State, Uncontrolled Resource Consumption have been discovered in Moxa's Equipment- IKS, EDS. Successful exploitation of these vulnerabilities could allow the reading of sensitive information, remote code execution, arbitrary configuration changes, authentication bypass, sensitive data capture, reboot of the device, device crash, or full compromise of the device.

  • Vulnerability Summary (25 Feb 2019)

    Summary of vulnerabilities for the Week of February 18, 2019.

  • Vulnerability in Horner Automation's Equipment (19 Feb 2019)

    Improper Input Validation vulnerability has been discovered in Horner Automation's Equipment- Cscape. Successful exploitation of this vulnerability could crash the device being accessed, which may allow the attacker to read confidential information and remotely execute arbitrary code.

  • Vulnerability in Rockwell Automation's Equipment (19 Feb 2019)

    Cross-site Scripting and Authentication Bypass vulnerability have been discovered in Rockwell Automation's Equipment- Allen-Bradley PowerMonitor 1000. Successful exploitation of these vulnerabilities could allow a remote attacker to affect the confidentiality, integrity, and availability of the device.

  • Vulnerability in Delta Electronics' Equipment (19 Feb 2019)

    Out-of-bounds Read vulnerability has been discovered in Delta Electronics' Equipment- Delta Industrial Automation CNCSoft. Successful exploitation of this vulnerability could cause a buffer overflow condition that may allow information disclosure or crash the application.

  • Multiple vulnerabilities in Intel's Equipment (19 Feb 2019)

    Multiple vulnerabilities such as Improper Authentication, Protection Mechanism Failure, Permission Issues, Key Management Errors, Insufficient Control Flow Management have been discovered in Intel's Equipment- Data Center Manager SDK. Successful exploitation of these vulnerabilities may allow escalation of privilege, denial of service, or information disclosure.

  • Vulnerability Summary (18 Feb 2019)

    Summary of vulnerabilities for the Week of February 11, 2019.

  • Vulnerability in Pangea Communications' Equipment (14 Feb 2019)

    Authentication Bypass Using an Alternate Path or Channel vulnerability has been discovered in Pangea Communications' Equipment- Internet FAX Analog Telephone Adapter (ATA). Successful exploitation of this vulnerability could cause the device to reboot and create a continual denial-of-service condition.

  • Vulnerability in gpsd Open Source Project's Equipment (14 Feb 2019)

    Stack-based Buffer Overflow vulnerability has been discovered in Open Source Project's Equipment- gpsd, microjson. Successful exploitation of this vulnerability could allow remote code execution, data exfiltration, or denial-of service via device crash.

  • Vulnerability in OSIsoft's Equipment (12 Feb 2019)

    Cross-site Scripting vulnerability has been discovered in OSIsoft's Equipment- PI Vision. Successful exploitation of this vulnerability could allow an attacker to read and modify the contents of the PI Vision web page and data related to the PI Vision application in the victim’s browser.

  • Vulnerability in Siemens' EN100 Ethernet Communication Module and SIPROTEC 5 Relays Equipment (12 Feb 2019)

    Improper Input Validation vulnerability has been discovered in Siemens' Equipment- EN100 Ethernet Communication Module and SIPROTEC 5 Relays. The EN100 Ethernet communication module and SIPROTEC 5 relays are affected by a security vulnerability that could allow an attacker to conduct a denial-of-service attack over the network.

  • Improper Input Validation vulnerability in Siemens' Equipment (12 Feb 2019)

    Improper Input Validation vulnerability has been discovered in Siemens' Equipment- WibuKey Digital Rights Management (DRM) used with SICAM 230. Successful exploitation of these vulnerabilities may allow information disclosure, privilege escalation, or remote code execution.

  • Vulnerability in Siemens' SIMATIC S7-300 CPU Equipment (12 Feb 2019)

    Improper Input Validation vulnerability has been discovered in Siemens' Equipment- SIMATIC S7-300 CPU. Successful exploitation of this vulnerability could crash the device being accessed, resulting in a denial-of-service condition.

  • Multiple vulnerabilities in Siemens' Intel AMT of SIMATIC IPCs Equipment(12 Feb 2019)

    Multiple vulnerabilities such as Cryptographic Issues, Improper Restriction of Operations within the Bounds of a Memory Buffer, Resource Management Errors have been discovered in Siemens' Equipment- Intel Active Management Technology (AMT) of SIMATIC IPCs. Successful exploitation of these vulnerabilities may allow arbitrary code execution, a partial denial-of-service condition, or information disclosure.

  • Multiple vulnerabilities in Siemens' CP1604 and CP1616 Equipment (12 Feb 2019)

    Multiple vulnerabilities such as Cleartext Transmission of Sensitive Information, Cross-site Scripting, Cross-site Request Forgery have been discovered in Siemens' Equipment- CP1604 and CP1616. Successful exploitation of these vulnerabilities could result in a denial-of-service condition and information exposure. An attacker could inject arbitrary JavaScript in a specially crafted URL request to execute on unsuspecting user’s systems, allowing an attacker to trigger actions via the web interface that a legitimate user is allowed to perform.

  • Vulnerability Summary (11 Feb 2019)

    Summary of vulnerabilities for the Week of February 4, 2019.

  • Vulnerability in Siemens' Equipment (07 Feb 2019)

    Improper Input Validation vulnerability has been discovered in Siemens' Equipment- EN100 Ethernet module. The EN100 Ethernet module for the SWT 3000 management platform is affected by security vulnerabilities that could allow an attacker to conduct a denial-of-service attack over the network.

  • Vulnerability in Siemens' Equipment (07 Feb 2019)

    Uncaught Exception vulnerability has been discovered in Siemens' Equipment- SICAM A8000 RTU. The SICAM A8000 RTU series is affected by a security vulnerability that could allow unauthenticated remote users to cause a denial-of-service condition on the web server of affected products.

  • Vulnerability in Kunbus' Equipment (05 Feb 2019)

    Multiple vulnerabilities such as Improper Authentication, Missing Authentication for Critical Function, Improper Input Validation have been discovered in Kunbus' Equipment- PR100088 Modbus gateway. Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution and/or cause a denial-of-service condition.

  • Vulnerability in Siemens' Equipment (05 Feb 2019)

    Improper Input Validation vulnerability has been discovered in Siemens' Equipment- SIMATIC S7-1500 CPU. Successful exploitation of these vulnerabilities could allow a denial of service condition of the device.

  • Vulnerability in WECON's Equipment (05 Feb 2019)

    Multiple vulnerabilities such as Stack-based Buffer Overflow, Heap-based Buffer Overflow, Memory Corruption have been discovered in WECON's Equipment- LeviStudioU. Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary code.

  • Vulnerability in Rockwell Automation's Equipment (05 Feb 2019)

    Improper Input Validation vulnerability has been discovered in Rockwell Automation's Equipment- EtherNet/IP Web Server Modules. Successful exploitation of this vulnerability could allow a remote attacker to deny communication with Simple Network Management Protocol (SNMP) service.

  • Multiple vulnerabilities in AVEVA's Equipment (05 Feb 2019)

    Multiple vulnerabilities such as Missing Authentication for Critical Function, Resource Injection have been discovered in AVEVA's Equipment- InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition). Successful exploitation of these vulnerabilities could allow a remote attacker to execute an arbitrary process using a specially crafted database connection configuration file.

  • Vulnerability Summary (04 Feb 2019)

    Summary of vulnerabilities for the Week of January 28, 2019.

  • Multiple vulnerabilities in Schneider Electric's Equipment (31 Jan 2019)

    Multiple vulnerabilities such as Use of Hard-coded Credentials, Code Injection, SQL Injection have been discovered in Schneider Electric's Equipment- EVLink Parking. Successful exploitation of these vulnerabilities could allow an attacker to stop the device and prevent charging, execute arbitrary commands, and access the web interface with full privileges.

  • Multiple vulnerabilities in IDenticard's Equipment (31 Jan 2019)

    Multiple vulnerabilities such as Use of Hard-coded Credentials, Use of Hard-coded Password, Inadequate Encryption Strength have been discovered in IDenticard's Equipment- PremiSys. Successful exploitation of these vulnerabilities could allow an attacker to view sensitive information via backups, obtain access to credentials, and/or obtain full access to the system with admin privileges.

  • Global Positioning System Week Number Rollover Event (30 Jan 2019)

    Advisory on possible effects of the April 6, 2019 GPS Week Number Rollover on Coordinated Universal Time.

  • Vulnerability in AVEVA's Equipment (29 Jan 2019)

    Insufficiently Protected Credentials vulnerability has been discovered in AVEVA's Equipment- Wonderware System Platform. This vulnerability could allow unauthorized access to the credentials for the ArchestrA Network User Account.

  • Vulnerability in Mitsubishi Electric's Equipment (29 Jan 2019)

    Resource Exhaustion vulnerability has been discovered in Mitsubishi Electric's Equipment- MELSEC-Q series PLCs. Successful exploitation of this vulnerability could allow a remote attacker to send specially crafted packets to the device, causing Ethernet communication to stop.

  • Vulnerability in Yokogawa's Equipment (29 Jan 2019)

    Unrestricted Upload of Files with Dangerous Type vulnerability has been discovered in Yokogawa's Equipment- License Manager Service. Successful exploitation of this vulnerability could allow an attacker to remotely upload files, allowing execution of arbitrary code.

  • Vulnerability in BD's Equipment (29 Jan 2019)

    Improper Access Control vulnerability has been discovered in BD's Equipment- FACSLyric. Successful exploitation of this vulnerability may allow an attacker to gain unauthorized access to administrative level privileges on a workstation, which could allow arbitrary execution of commands.

  • Vulnerability in Stryker's Equipment (29 Jan 2019)

    Reusing a Nonce vulnerability has been discovered in Stryker's Equipment- Secure II MedSurg Bed, S3 MedSurg Bed, and InTouch ICU Bed. Successful exploitation of this vulnerability could allow data traffic manipulation, resulting in partial disclosure of encrypted communication or injection of data.

  • Vulnerability Summary (28 Jan 2019)

    Summary of vulnerabilities for the Week of January 21, 2019.

  • Multiple vulnerabilities in PHOENIX CONTACT's Equipment (24 Jan 2019)

    Multiple vulnerabilities such as Cross-site Request Forgery, Improper Restriction of Excessive Authentication Attempts, Cleartext Transmission of Sensitive Information, Resource Exhaustion, Incorrectly Specified Destination in a Communication Channel, Insecure Storage of Sensitive Information, and Memory Corruption have been discovered in PHOENIX CONTACT's Equipment- FL SWITCH. Successful exploitation of these vulnerabilities may allow attackers to have user privileges, gain access to the switch, read user credentials, deny access to the switch, or perform man-in-the-middle attacks.

  • Multiple vulnerabilities in Advantech's Equipment (24 Jan 2019)

    Multiple vulnerabilities such as Improper Authentication, Authentication Bypass, SQL Injection have been discovered in Advantech's Equipment- WebAccess/SCADA. Successful exploitation of these vulnerabilities may allow an attacker to access and manipulate sensitive data.

  • Multiple vulnerabilities in Johnson Controls' Equipment (22 Jan 2019)

    Multiple vulnerabilities such as Path Traversal, Improper Authentication have been discovered in Johnson Controls' Equipment- Facility Explorer. Successful exploitation of these vulnerabilities could allow an attacker to read, write, and delete sensitive files to gain administrator privileges in the Facility Explorer system.

  • Multiple vulnerabilities in Dräger's Equipment (22 Jan 2019)

    Multiple vulnerabilities such as Improper Input Validation, Information Exposure Through Log Files, Improper Privilege Management have been discovered in Dräger's Equipment- Infinity Delta. Successful exploitation of these vulnerabilities could cause information disclosure of device logs, denial of service through device reboots of the patient monitors, and privilege escalation.

  • Vulnerability Summary (21 Jan 2019)

    Summary of vulnerabilities for the Week of January 14, 2019.

  • Multiple vulnerabilities in ControlByWeb's Equipment (17 Jan 2019)

    Multiple vulnerabilities such as Improper Authentication, Cross-site Scripting have been discovered in ControlByWeb's Equipment- X-320M. Successful exploitation of these vulnerabilities may allow arbitrary code execution and could cause the device being accessed to require a physical factory reset to restore the device to an operational state.

  • Vulnerability in ABB's Equipment (17 Jan 2019)

    Improper Input Validation vulnerability has been discovered in ABB's Equipment- CP400 Panel Builder TextEditor 2.0. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, and cause a denial-of-service condition within the Text Editor application.

  • Multiple vulnerabilities in Omron's Equipment (17 Jan 2019)

    Multiple vulnerabilities such as Code Injection, Command Injection, Use After Free, Type Confusion have been discovered in Omron's Equipment- CX-Supervisor. Successful exploitation of these vulnerabilities could result in a denial-of-service condition, and/or allow an attacker to achieve code execution with privileges within the context of the application.

  • Multiple vulnerabilities in LCDS' Equipment (15 Jan 2019)

    Multiple vulnerabilities such as Improper Input Validation, Out-of-Bounds Read, Code Injection, Untrusted Pointer Dereference, Out-of-Bounds Write, Relative Path Traversal, Injection, Use of Hard-Coded Credentials, Authentication Bypass Using an Alternate Path or Channel have been discovered in LCDS' Equipment- LAquis SCADA. Successful exploitation of these vulnerabilities could allow remote code execution, data exfiltration, or cause a system crash.

  • Vulnerability Summary (14 Jan 2019)

    Summary of vulnerabilities for the Week of January 07, 2019.

  • Vulnerability in Emerson's Equipment (10 Jan 2019)

    Authentication Bypass vulnerability has been discovered in Emerson's Equipment- DeltaV Distributed Control System Workstations. Successful exploitation of this vulnerability could allow an attacker to shut down a service, resulting in a denial of service.

  • Vulnerability in Omron's Equipment (10 Jan 2019)

    Type Confusion vulnerability has been discovered in Omron's Equipment- CX-Protocol within CX-One. Successful exploitation of these vulnerabilities could allow an attacker to execute code under the privileges of the application.

  • Vulnerability in Pilz's Equipment (10 Jan 2019)

    Clear-text Storage of Sensitive Information vulnerability has been discovered in Pilz's Equipment- PNOZmulti Configurator. Successful exploitation of this vulnerability could allow sensitive data to be read from the system.

  • Vulnerability in Tridium's Equipment (10 Jan 2019)

    Cross-site Scripting vulnerability has been discovered in Tridium's Equipment- Niagara Enterprise Security, Niagara AX, and Niagara 4. Successful exploitation of this vulnerability could allow an authenticated user to inject client-side scripts into some web pages that could then be viewed by other users.

  • Multiple vulnerabilities in Schneider Electric's Equipment (08 Jan 2019)

    Multiple vulnerabilities such as Path Traversal, Unrestricted Upload of File with Dangerous Type, XXE have been discovered in Schneider Electric's Equipment- IIoT Monitor. Successful exploitation of these vulnerabilities could allow a remote attacker to access files available to system users, arbitrarily upload and execute malicious files, and embed incorrect documents into the system output to expose restricted information.

  • Vulnerability in Schneider Electric's Equipment (08 Jan 2019)

    Use After Free vulnerability has been discovered in Schneider Electric's Equipment- Zelio Soft 2. Successful exploitation of this vulnerability could allow for remote code execution when opening a specially crafted project file.

  • Vulnerability Summary (07 Jan 2019)

    Summary of vulnerabilities for the Week of December 31, 2018.

  • Vulnerability in Hetronic's Equipment (03 Jan 2019)

    Authentication Bypass by Capture-Replay vulnerability has been discovered in Hetronic's Equipment- Nova-M. Successful exploitation of this vulnerability could allow unauthorized users to view commands, replay commands, control the device, or stop the device from running.

  • Vulnerability in Yokogawa's Equipment (03 Jan 2019)

    Resource Management Error vulnerability has been discovered in Yokogawa's Equipment- Vnet/IP Open Communication Driver. Successful exploitation of this vulnerability could allow an attacker to cause Vnet/IP network communications to controlled devices to become unavailable.

  • Vulnerability in Schneider Electric's Equipment (03 Jan 2019)

    Improper Input Validation vulnerability has been discovered in Schneider Electric's Equipment- Pro-face GP-Pro EX. Successful exploitation of this vulnerability could allow an attacker to modify code to launch an arbitrary executable upon launch of the program.