Research Advisory - Vulnerable Disclosure 16 |
CVE-2020-7536 |
|
Schneider Electric |
Modicon M340 CPUs |
BMXP34* versions prior to V3.30 |
SNMP Service on Modicon M340 and associated Communication Modules |
Confirmed |
Research Advisory - Vulnerable Disclosure 15 |
15.1 - 000160 - CVE-2020-7802 , 15.2 - 000161 - CVE-2020-7801 |
|
SSS(Synergy Systems & Solutions) |
15.1 - RTU 15.2 - RTU |
Version - RTU 6049-E70 |
15.2 Default Permission, 15.2 Unauthorized Actor |
Confirmed |
Research Advisory - Vulnerable Disclosure 14 |
14.1 - 000150 - CVE-2020-7800 , 14.2 - 000151 - CVE-2019-16879 |
|
SSS(Synergy Systems & Solutions) |
14.1- RTU 14.2 - RTU |
Version - RTU 6049-E70 |
14.1 Improper check for unusual, 14.2 No authentication of function |
Confirmed |
Research Advisory - Vulnerable Disclosure 13 |
13.1 - 000140 - CVE-2019-20046 , 13.2 - 000141 - CVE-2019-20045 |
|
SSS(Synergy Systems & Solutions) |
13.1- RTU 13.2 - RTU |
Version - RTU 6049-E70 |
13.1 - Improper authentication, 13.2 - Improper input validation |
Confirmed |
Research Advisory - Vulnerable Disclosure 12 |
0001655 |
|
Schneider Electric |
PLC |
Undisclosed |
Undisclosed |
Confirmed |
Research Advisory - Vulnerable Disclosure 11 |
|
|
Rockwell Automation |
PLC |
Micrologix 1100 |
1. XSS 2. RFI |
Under Investigation |
Research Advisory - Vulnerable Disclosure 10 |
ICSA-19-290-01 |
|
Aveva |
Aveva Vijeo Citect & Schneider Citect |
Version-7.50 |
Server Crash |
Confirmed |
Research Advisory - Vulnerable Disclosure 9 |
|
|
Rockwell Automation |
PLC |
Undisclosed |
Undisclosed |
Under Investigation |
Research Advisory - Vulnerable Disclosure 8 |
CVE-2019-10981 |
|
Aveva |
Aveva Vijeo Citect & Schneider Citect |
Version - 7.40 |
Credentials Leaking in Memory Dump. |
Confirmed |
Research Advisory - Responsible Disclosure 7 - Multiple devices |
CVE-2019-6812 |
|
Schneider Electric |
Multiple Devices |
BMXP342020 and BMXNOR0200H |
Hard-coded credentials in Firmware |
Confirmed |
Research Advisory - Responsible Disclosure 6 |
CVE-2019-6813 |
|
Schneider Electric |
RTU |
BMX-NOR-0200H |
Agitate RTU by SNMP Truncate packet |
Confirmed |
Research Advisory - Responsible Disclosure 5 - Multiple devices |
CVE-2019-6812 |
|
Schneider Electric |
Multiple Devices |
BMXNOR0200H |
Hard-coded credentials in Firmware |
Confirmed |
Research Advisory - Responsible Disclosure 4 |
4.1 - CVE-2019-6833 |
|
Schneider Electric |
HMI |
4.1 - HMIGTO3510 |
4.1- Command stored in buffer |
4.1 - Confirmed 4.2 - Pending |
Research Advisory - Vulnerable Disclosure 3 - Multiple Vulnerabilities |
CVE-2019-6812 |
|
Schneider Electric |
RTU |
BMXP342020 |
Hard-coded credentials in Firmware |
Confirmed |
Research Advisory - Vulnerable Disclosure 2 - Multiple Vulnerabilities |
2.1 - CVE-2019-6831 2.2 - CVE-2019-6810 |
|
Schneider Electric |
2.1 - RTU 2.2 - RTU |
2.1 - BMX-NOR-0200H 2.2 - BMX-NOR-0200H |
2.1 - DOS 2.2 - Unauthentic Command Execution |
2.1 - Confirmed 2.2 - Confirmed 2.3 - Confirmed |
Research Advisory - Responsible Disclosure 1 |
CVE-2018-7811 |
|
Schneider Electric |
PLC |
BMXP342020 |
CSRF |
Confirmed |