Security Advisories
Software issues found by Dragos
Dragos Intel conducts hands-on research and testing for ICS/OT software, devices, and protocols to discover and address security vulnerabilities.
Limited Threat
Unitronics Vision Standard
CVE-2024-1480
Unauthenticated Password Retrieval
Vision 230, Vision 280, Vision 290, Vision 530, Vision 120: All versions
Limited Threat
Mitsubishi Electric’s MELSEC iQ-R Safety CPU and SIL2 Process CPU Module
CVE-2023-6815
Incorrect Privilege Assignment
MELSEC iQ-R Series Safety CPU (R08/16/32/120SFCPU): all versions., MELSEC iQ-R Series SIL2 Process CPU (R08/16/32/120PSFCPU): all versions.
Immediate Action
Phoenix Contact: Classic line industrial controllers
CVE-2023-46143
Integrity check fails to identify out-of-band logic changes
Automation Worx Software Suite: All versions, AXC 1050 (2700988): All versions, AXC 1050 XC (2701295): All versions, AXC 3050 (2700989): All versions, Config+: All versions, FC 350 PCI ETH (2730844): All versions , ILC1x0: All versions, ILC1x1: All versions, ILC 3xx: All versions, PC Worx: All versions, PC Worx Express: All versions, PC WORX RT BASIC (2700291): All versions, PC WORX SRT (2701680): All versions, RFC 430 ETH-IB (2730190): All versions, RFC 450 ETH-IB (2730200): All versions, RFC 460R PN 3TX (2700784): All versions, RFC 470S PN 3TX (2916794): All versions, RFC 480S PN 4TX (2404577): All versions
Limited Threat
Phoenix Contact: PLCnext
CVE-2023-46142
Incorrect Permission Assignment for Critical Resource
AXC F 1152 (1151412): v2024.0 and prior. , AXC F 2152 (2404267): v2024.0 and prior. , AXC F 3152 (1069208): v2024.0 and prior. , BPC 9102S (1246285): v2024.0 and prior. , EPC 1502 (1185416): v2024.0 and prior. , EPC 1522 (1185423): v2024.0 and prior. , PLCnext Engineer (1046008): v2024.0 and prior. , RFC 4072R (1136419): v2024.0 and prior. , RFC 4072S (1051328): v2024.0 and prior.
Limited Threat
Phoenix Contact: Automation Worx and classic line controllers
CVE-2023-46141
Incorrect Permission Assignment for Critical Resource
Automation Worx Software Suite: All versions, AXC 1050 (2700988): All versions, AXC 1050 XC (2701295): All versions, AXC 3050 (2700989): All versions, Config+: all versions, FC 350 PCI ETH (2730844): All versions, ILC1x0: All versions, ILC1x1: All versions, ILC 3xx: All versions, PC Worx: All versions, PC Worx Express: All versions, PC WORX RT BASIC (2700291): All versions, PC WORX SRT (2701680): All versions, RFC 430 ETH-IB (2730190): All versions, RFC 450 ETH-IB: (2730200): All versions, RFC 460R PN 3TX (2700784): All versions, RFC 470S PN 3TX (2916794): All versions, RFC 480S PN 4TX (2404577): All versions
Limited Threat
Phoenix Contact: MULTIPROG Engineering tool and ProConOS eCLR SDK
CVE-2023-0757
CVE-2023-5592
Incorrect Permission Assignment for Critical Resource
Integrity check fails to identify out-of-band logic changes
MULTIPROG: All versions, ProConOS eCLR (SDK): All versions
Possible Threat
Siemens Spectrum Power 7 Local Privilege Escalation
CVE-2023-38557
Local M2:M36 Privilege Escalation
Spectrum Power 7 version V23Q3 and earlier.
Limited Threat
SEL acSELerator RTAC Software Vulnerabilities
CVE-2023-31167
CVE-2023-34391
Directory Traversal
Insecure Filesystem Permissions
SEL-5033 version 1.35.151.20000 and earlier, SEL-5036 version 1.0.49152.777 and earlier
Limited Threat
OPTO 22 SNAP PAC S1 Vulnerabilities
CVE-2023-40706
CVE-2023-40708
CVE-2023-40709
CVE-2023-40710
Improper Restriction of Excessive Authentication Attempts
Improper Authorization
Denial of Service (DoS)
Denial of Service (DoS)
OPTO 22 SNAP PAC S1: Firmware version R10.3b
Limited Threat
Siemens Software Center DLL Hijacking Issues
CVE-2021-41544
CVE-2022-25634
Uncontrolled Search Path Element
Uncontrolled Search Path Element
Siemens Software Center versions prior to v3.0.
Possible Threat
PTC’s KEPServerEX Vulnerabilities
CVE-2023-29444
CVE-2023-29445
CVE-2023-29446
CVE-2023-29447
DLL Hijacking
DLL Hijacking
UNC Path Injection
Insufficiently Protected Credentials
PTC’s KEPServerEx, v6.13.250.0 and prior
Limited Threat
Omron PLC and Engineering Software Network and File Format Access
CVE-2022-45790
CVE-2019-18269
CVE-2022-45792
CVE-2022-45793
CVE-2022-45794
CVE-2022-34151
CVE-2022-33971
CVE-2023-0811
Memory protection is vulnerable to brute force.
Memory protection may be set to non-ASCII characters
File formats vulnerable to Zip-Slip
Binaries are writable by low-privileged users
File transfer lacks authentication
Backdoor account with administrative privileges
Arbitrary code execution to an authenticated attacker
Unauthenticated user to set arbitrary passwords
Omron PLC CJ series, All versions, Omron PLC CS series, All versions, Omron PLC CP series, All versions, Omron PLC NX series, All versions, Omron Safety Controllers (SL3300): All versions
Limited Threat
Digi TransPort Gateway Vulnerability
CVE-2022-4046
CVE-2022-4224
CVE-2023-29446
Insufficient Read and Write Protection to Logic and Runtime Data
Access to Sensitive System Files
CODESYS Control for BeagleBone SL: All Versions, CODESYS Control for emPC-A/iMX6 SL: All Versions, CODESYS Control for IOT2000 SL: All Versions, CODESYS Control for Linux SL: All Versions, CODESYS Control for PFC100 SL: All Versions, CODESYS Control for PFC200 SL: All Versions, CODESYS Control for PLCnext SL: All Versions, CODESYS Control for Raspberry Pi SL: All Versions, CODESYS Control for WAGO Touch Panels 600 SL: All Versions, CODESYS Control RTE (for Beckhoff CX) SL: All Versions, CODESYS Control RTE (SL): All Versions, CODESYS Control Runtime System Toolkit: All Versions, CODESYS Control Win (SL): All Versions, CODESYS HMI (SL): All Versions, CODESYS Control RTE (SL): Prior to v3.5.19.0, CODESYS Control RTE (for Beckhoff CX) SL: Prior to v3.5.19.0, CODESYS Control Win (SL): Prior to v3.5.19.0, CODESYS Runtime Toolkit: Prior to v3.5.19.0, CODESYS Safety SIL2 Runtime Toolkit: Prior to v3.5.19.0, CODESYS Safety SIL2 PSP: Prior to v3.5.19.0, CODESYS HMI (SL): Prior to v3.5.19.0, CODESYS Development System V3: Prior to v3.5.19.0, CODESYS Control for BeagleBone SL: Prior to V4.8.0.0, CODESYS Control for emPC-A/iMX6 SL: Prior to V4.8.0.0, CODESYS Control for IOT2000 SL: Prior to V4.8.0.0, CODESYS Control for Linux SL: Prior to V4.8.0.0, CODESYS Control for PFC100 SL: Prior to V4.8.0.0 , CODESYS Control for PFC200 SL: Prior to V4.8.0.0, CODESYS Control for PLCnext SL: Prior to V4.8.0.0 , CODESYS Control for Raspberry Pi SL: Prior to V4.8.0.0, CODESYS Control for WAGO Touch Panels 600 SL: Prior to V4.8.0.0
Limited Threat
CODESYS V2 and V3 Logic Integrity and Permissions Issues
CVE-2023-28355
Integrity check fails to identify out-of-band logic changes
CODESYS Control V3 (All Versions)
Limited Threat
Moxa NPort 6000 and RealCOM Encryption Weakness and Missing Authentication
CVE-2022-43993
CVE-2022-43994
PITM and Traffic Intercept
No Client Authentication
NPort 6000 Series: v2.2 and prior, Windows Driver Manager Series (Windows 7 to 10 and Windows Server 2008 R2 to 2019, WHQL certified): v3.4 and prior, Windows Driver Manager Series (Windows 11 and Server 2022 and later, WHQL certified): v4.0 and prior
Limited Threat
Emerson AMS Device Manager Remote Access and Privilege Elevation
CVE-2022-31652
CVE-2022-31653
Network Share Exposure with Default Credentials
Local Credential Exposure
AMS Device Manager: v14.5 an prior
Possible Threat
Schneider Electric’s Easergy Builder Installer Code Execution
CVE-2022-34755
Uncontrolled Search Path Element
Easergy Builder: v1.6.7.0 and prior
Limited Threat
Automation Direct’s DirectLogic 06 PLC, C-More EA9 HMI, and ECOM Ethernet Module
CVE-2022-2006
CVE-2022-2005
CVE-2022-2004
CVE-2022-2003
Uncontrolled Resource Consumption
Cleartext Transmission of Sensitive Information
Uncontrolled Resource Consumption
Insufficiently Protected Credentials
DirectLogic 06 PLCs prior to v2.72, ECOM Ethernet module, C-More HMI
Limited Threat
PHOENIX CONTACT’s RAD-ISM-900-EN-BD Devices
CVE-2022-29898
CVE-2022-29897
RCE and Unrestricted File Upload via Configuration Uploader
RCE via Traceroute Utility
RAD-ISM-900-EN-BD: all versions, RAD-ISM-900-EN-BD/B: all versions, RAD-ISM-900-EN-BD-BUS: all versions
Limited Threat
GE MDS Radio Network and Serial Vulnerabilities
CVE-2017-17562
CVE-2022-24119
CVE-2022-24116
CVE-2022-24118
CVE-2022-24120
CVE-2022-24117
Unauthenticated Remote Code Execution
iNET and iNET-II Factory Backdoor Use
iNET and iNET-II Wi-Fi Security Weaknesses
Factory Reset Authentication System
iNET and iNET-II Plaintext storage of system credentials
Unprotected Firmware Update
iNET/iNET II series radio firmware versions prior to rev. 8.3.0, SD series radio firmware versions prior to rev. 6.4.7, TD220X series radio firmware versions prior to rev. 2.0.16, TD220MAX series radio firmware versions prior to rev. 1.2.6
Limited Threat
Emerson Secure Setup Utility Certificate Weaknesses
CVE-2021-37581
CVE-2021-37582
Man-in-the-middle
Weak File Permissions
Emerson Security Setup Utility: v1.6.8 and prior, PlantWeb Insight: v2.3.4 and prior, Emerson v4 WirelessHART Gateways, (1410, 1420, 1552, 1410D): v4.8.0 and prior, Emerson v6 WirelessHART Gateways (1410S): v6.6.0 and prior
Limited Threat
Lilee Systems/Alstom Rail CMU-2110
CVE-2022-23407
CVE-2022-23406
CVE-2022-23405
CVE-2022-23404
Unauthenticated firmware update
Backdoor accounts including remote ‘root’ access
Unprotected bootloader access via Diagnostic Port
PTC Message Access and Manipulation
v2.6_build38. Other versions may also be affected
Limited Threat
Moxa Multiple Vulnerabilities
CVE-2021-37752
CVE-2021-37753
CVE-2021-37755
CVE-2021-37757
CVE-2021-37751
CVE-2021-37754
CVE-2021-37758
CVE-2021-37756
Authenticated Command Injection via HTTP
Authentication Bypass via Moxa Service
Plaintext Credential Storage
Unauthenticated Buffer Overflow via Moxa Service
Missing Brute Force Protections for Moxa Service
Valid User Disclosure via Moxa Service
Cross-site Scripting
Unprotected Firmware Update
TAP-213 Series: v1.2 and prior, OnCell G3150A: v1.5 and prior, OnCell G3470A: v1.7 and prior, WDR-3124A: v1.3 and prior, AWK-3131A: v1.16 and prior, AWK-4131A: v1.16 and prior, AWK-1131A: v1.22 and prior, AWK-1137C: v1.6 and prior
Limited Threat
AVEVA Edge Vulnerabilities
CVE-2021-42796
CVE-2021-42794
CVE-2021-42797
CVE-2021-42795
Improper Access Control
Exposure of Sensitive Information to an Unauthorized Actor
Path Traversal
Uncontrolled Resource Consumption
AVEVA Edge and InduSoft Web Studio R2020 and prior.
Possible Threat
mySCADA myDESIGNER Zip Slip
CVE-2021-41578
Path Traversal
mySCADA myDESIGNER 8.20.0 and below
Possible Threat
LCDS LAquis SCADA
CVE-2021-41579
Path Traversal
LAquis SCADA 4.3.1.1085 and below
Possible Threat
Schneider Electric’s GP Pro Ex
CVE-2021-22775
Uncontrolled Search Path Element
GP-Pro EX: v4.09.250 and prior.
Limited Threat
Emerson WirelessHART Gateways
CVE-2021-31528
CVE-2021-31527
CVE-2021-31526
CVE-2021-28490
CVE-2006-3082
CVE-2006-6235
CVE-2007-1263
CVE-2021-31529
Code execution via Undocumented Hardware Interfaces
Web application user permissions enforced in client browser
Web application directory traversal allows overwriting firmware
Web application cross-site request forgery
Upgrade and licensing features may allow arbitrary code execution and signature bypass
Upgrade and licensing features may allow arbitrary code execution and signature bypass
Upgrade and licensing features may allow arbitrary code execution and signature bypass
Unauthenticated user may retrieve WirelessHART Network ID and Join Key
1420 gateway: firmware v4.6.59 , 1410 gateway: firmware v4.5.27, Likely other 1410, 1420, and 1552WU firmware versions are also affected
Possible Threat
RemotePC Vulnerabilities
CVE-2021-34687
CVE-2021-34688
CVE-2021-34689
CVE-2021-34690
CVE-2021-34691
CVE-2021-34692
Personal Key sent over the network in a recoverable form
Personal Key stored encrypted with static key
Plaintext Personal Key in log files
Cloud authentication bypass
Remote denial of service
Privilege escalation to SYSTEM
RemotePC for Windows before 7.6.48, RemotePC for Linux before 4.0.1
Limited Threat
Schneider Electric PowerLogic Products
CVE-2021-22763
CVE-2021-22764
CVE-2021-22765
CVE-2021-22766
CVE-2021-22767
CVE-2021-22768
Backdoor Web Server Administrator Account
Hidden Functionality
Stack-based Buffer Overflow
Memory Corruption Denial of Service
Stack-based Buffer Overflow
Stack-based Buffer Overflow
PowerLogic EGX100: All versions, PowerLogic EGX300: All versions, PowerLogic PM5560: prior to v2.8.3, PowerLogic PM5561: prior to 10.7.3, PowerLogic PM5562: All versions, PowerLogic PM5563: prior to v2.8.3, PowerLogic PM8ECC: All versions
Possible Threat
VIPA WinPLC7
CVE-2021-31218
CVE-2021-31219
Stack-based Buffer Overflow
DLL Hijacking
WinPLC7 v6 and prior.
Limited Threat
Tofino Xenon Security Appliance
CVE-2021-30061
CVE-2021-30062
CVE-2021-30063
CVE-2021-30064
CVE-2021-30065
CVE-2021-30066
Code execution via USB
OPC Classic DPI bypass
OPC Classic System Memory Exhaustion
Use of Default Credentials
Modbus DPI bypass
Firmware signature verification bypass via USB
Tofino Xenon 3.2 and below, Eaton Tofino 2.2.01 and below, Eagle20 Tofino 2.2.01 and below, Exxon Tofino 2.2.00 and below
Limited Threat
Yokogawa Centum VP DCS HIS
N/A
Hard-coded Windows Credentials
Hard-coded HTTP Credentials
Named Pipe Command Injection
HTTP Arbitrary File Read/Write
CAMS Log Server DoS
CAMS Log Server Directory Traversal
CAMS Arbitrary Log Entries and Log Overwriting
Named Pipe Arbitrary File Deletion
Scheduler Privilege Escalation
Dynamic-Link Library (DLL) Planting Privilege Escalation
Yokogawa Centum VP R6.07.
Limited Threat
Ovarro / CSE Semaphore TBox and TwinSoft
CVE-2020-28988
CVE-2020-28989
CVE-2020-28990
CVE-2020-28987
Project File May Be Overwritten Without Authentication
HTTP Server Buffer Overflow
Project File May Be Overwritten Without Authentication
Project File Contains Reversible Passcode
TBox Lite: all versions, TwinSoft: all versions, TBox LT2, MS, Nano, TG2, and RM2 are vulnerable to CVE-2020-28987, CVE-2020-28988: all versions
Limited Threat
Fieldcomm Group HART-IP and hipserver
CVE-2020-16209
Stack-based Buffer Overflow
HART-IP Developer kit: Release 1.0.0.0, hipserver: Release 3.6.1
Limited Threat
Digi Serial Converters and Utility Software
CVE-2020-24357
CVE-2020-24358
CVE-2020-24694
CVE-2020-24695
Cross-site Scripting
Denial of Service
Undesired Modification of Device Settings
Malicious Insertion
Digi One SP devices: firmware v82000774_Y 08/26/2019 and prior, Digi Device Discover: v1.6.19.0. and prior
Possible Threat
PACTware Software
CVE-2020-9403
CVE-2020-9404
Storing Passwords in a Recoverable Format
Incorrect Permission Assignment for Critical Resource
PACTware: v4.1SP4 (4.1.0.50) and v5.0 (5.0.4.20)
Limited Threat
Siemens TIA Portal V15
CVE-2019-13928
Memory Corruption
TIA Portal: prior to v1.0 SP1 Upd1.
Immediate Action
Schneider Electric SoMachine Basic software, M221, M241, AND M2** PLCS
CVE-2018-7821
CVE-2018-7822
CVE-2018-7823
Incorrect Default Permissions
Missing Authentication for Critical Function
Unauthenticated Configuration
SoMachine Basic: v1.6SP2, Modicon M221: v1.5.0.0, Modicon M241: v4.0.6.38
Limited Threat
Panduit IntraVUE
CVE-2019-0199
CVE-2019-13039
CVE-2019-13043
CVE-2019-13042
CVE-2019-13040
Cross-Site Request Forgery (CSRF)
Use of Hard-coded Credentials
Information Disclosure
Loss of View
Loss of Control
IntraVUE: v3.1.2
Limited Threat
General Electric Communicator
CVE-2019-6564
CVE-2019-6546
CVE-2019-6548
CVE-2019-6544
CVE-2019-6566
Uncontrolled Search Path Element
Uncontrolled Search Path Element
Use of Hard-coded Credentials
Improper Access Control
Improper Access Control
GE Communicator: prior to v4.0.517
Limited Threat
Triconex TCM Module Vulnerabilities
N/A
Hidden Functionality
Triconex TCM4351: v10.4.1 and prior, Triconex TCM4354: v10.4.1 and prior
Limited Threat
GoAhead Web Server
CVE-2011-4273
CVE-2009-5111
CVE-2003-1569
CVE-2003-1568
CVE-2002-2431
CVE-2002-2430
CVE-2002-2429
CVE-2002-2428
CVE-2002-2427
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
Resource Exhaustion
Memory Corruption
Improper Input Validation
Uncaught Exception
Denial of Service CPU Consumption
Denial of Service Daemon Crash
Denial of Service Pointer Dereference and Daemon Crash
Unauthorized Access and Authentication Bypass
GoAhead Web Server: prior to v4.0.1.
Possible Threat
Rockwell Automation Connected Components Workbench / Program Updater / Other Issues
CVE-2017-5176
DLL Hijacking
Connected Components Workbench, v9.01.00 and earlier.
