Bulletins

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Festo Equipment : Controller CECC-S,-LK,-D Family Firmware Vulnerabilities : Exposure of Resource to Wrong Sphere, Untrusted Pointer Dereference, NULL Pointer Dereference, Files or Directories Accessible to External Parties, Out-of-bounds Write, Improper Privilege Management, Incorrect Permission Assignment …

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION : Exploitable remotely/low attack complexity Vendor : Festo Equipment : SBRD-Q/SBOC-Q/SBOI-Q Vulnerabilities : Incorrect Conversion between Numeric Types, Out-of-bounds Read, Reachable Assertion 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow the attacker to read arbitrary data or cause a denial-of-service condition. …

1. EXECUTIVE SUMMARY CVSS v4 6.1 ATTENTION : Low attack complexity Vendor : OpenPLC_V3 Equipment : OpenPLC_V3 Vulnerability : Reliance on Undefined, Unspecified, or Implementation-Defined Behavior 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial of service, making the PLC runtime process crash. 3. TECHNICAL DETAILS 3.1 …

1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Dingtian Equipment : DT-R002 Vulnerabilities : Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to retrieve credentials without authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of …

1. EXECUTIVE SUMMARY CVSS v3.1 6.8 ATTENTION : Exploitable remotely Vendor : Mitsubishi Electric Equipment : MELSEC-Q Series CPU module Vulnerability : Improper Handling of Length Parameter Inconsistency 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial of service (DoS). 3. TECHNICAL DETAILS …

1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Low attack complexity Vendor : Viessmann Equipment : Vitogate 300 Vulnerabilities : Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Client-Side Enforcement of Server-Side Security 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker …

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION : Low Attack Complexity Vendor : Schneider Electric Equipment : SESU Vulnerability : Improper Link Resolution Before File Access ('Link Following') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to write arbitrary data to protected locations, potentially leading …