Vulnerabilities in ICS-CERT
93 resultsCVE-2018-10594—Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, EEPSS 69.0%CVE-2018-18990—LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can levEPSS 39.5%CVE-2019-6543—AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 20EPSS 17.3%CVE-2019-6545—AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 20EPSS 13.9%CVE-2018-10630—For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication diEPSS 10.9%CVE-2018-10636—CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could causEPSS 9.5%CVE-2018-19000—LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data.EPSS 8.8%CVE-2018-8840—A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 EPSS 8.4%CVE-2018-17930—A stack-based buffer overflow vulnerability has been identified in Teledyne DALSA Sherlock Version 7.2.7.4 and prior, which may allow remoteEPSS 7.3%CVE-2018-8847—Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution.EPSS 6.8%CVE-2017-16744—A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on MicrosEPSS 6.2%CVE-2017-16748—An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and priEPSS 5.1%CVE-2019-6557—Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution.EPSS 5.0%CVE-2018-14805—ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key valEPSS 4.8%CVE-2018-19004—LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data EPSS 3.7%CVE-2018-10598—CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to cEPSS 3.5%CVE-2018-8867—In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystemsEPSS 3.5%CVE-2019-6551—Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior allow an attacker to bypass user authentication using a specially crafteEPSS 3.3%CVE-2018-7507—WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read EPSS 2.9%CVE-2018-7494—WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be readEPSS 2.9%