SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)


Date Title Type Platform Author
2018-04-19Siemens SIMATIC WinCC OA Operator IOS AppOtherSiemensAlexander Bolshev of IOActive and Ivan Yushkevich of Embedi reported this vulnerability to Siemens
2018-04-17Rockwell Automation Stratix and ArmorStratix SwitchesOtherRockwell AutomationRockwell Automation reported these vulnerabilities to NCCIC from the semi-annual Cisco IOS and IOS XE Software Security Advisory
2018-04-17Schneider Electric InduSoft Web Studio and InTouch Machine EditionOtherSchneider ElectricTenable Research reported this vulnerability to Schneider Electric Software, LLC and Schneider Electric Software, LLC coordinate
2018-04-17Rockwell Automation Stratix Services RouterOtherRockwell AutomationRockwell Automation reported these vulnerabilities to NCCIC from the semi-annual Cisco IOS and IOS XE Software Security Advisory
2018-04-17Rockwell Automation Stratix Industrial Managed Ethernet SwitchOtherRockwell AutomationRockwell Automation reported these vulnerabilities to NCCIC from the semi-annual Cisco IOS and IOS XE Software Security Advisory
2018-04-17Schneider Electric Triconex TriconOtherSchneider ElectricThis vulnerability was discovered by NCCIC and Schneider Electric during the investigation of the HatMan malware.
2018-04-12Yokogawa CENTUM and ExaopcOtherYokogawaYokogawa, working with JPCERT, reported this vulnerability to NCCIC.
2018-04-10ATI Systems Emergency Mass Notification SystemsOtherAcoustic Technology, Inc. (ATI Systems)Balint Seeber of Bastille reported these vulnerabilities to NCCIC.
2018-04-10Omron CX-OneOtherOmronRgod, working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to NCCIC.
2018-04-05Rockwell Automation MicroLogixOtherRockwell AutomationJared Rittle and Patrick DeSantis of Cisco reported these vulnerabilities to Rockwell, and Rockwell reported the vulnerabilities
2018-04-05LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADAOtherLCDSKarn Ganeshen reported the vulnerability to NCCIC.
2018-04-05Moxa MXviewOtherMoxa Michael DePlante of Leahy Center for Digital Investigation at Champlain College reported this vulnerability to NCCIC.
2018-04-03Siemens Building Technologies Products (Update A)OtherSiemensSergey Temnikov and Vladimir Dashchenko from Kaspersky Labs reported these vulnerabilities to Siemens.
2018-03-29Siemens TIM 1531 IRCOtherSiemensSiemens reported this vulnerability to NCCIC.
2018-03-29Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC SoftwareOtherSiemensVladimir Dashchenko from Kaspersky Lab and independent researcher cdev1 reported this vulnerability to Siemens.
2018-03-29WAGO 750 SeriesOtherWAGOYounes Dragoni of Nozomi Networks reported the vulnerability to NCCIC.
2018-03-27Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200PLCSchneider ElectricNikita Maximov, Alexey Stennikov, and Kirill Chernyshov of Positive Technologies reported the vulnerabilities to Schneider Elect
2018-03-22Siemens SIMATIC WinCC OA UI Mobile AppOtherSiemensAlexander Bolshev from IOActive, and Ivan Yushkevich from Embedi reported this vulnerability to Siemens.
2018-03-22Beckhoff TwinCATOtherBeckhoff Automation GmbHSteven Seeley of Source Incite reported this vulnerability to NCCIC.
2018-03-20Siemens SIMATIC, SINUMERIK, and PROFINET IOOtherSiemensSiemens ProductCERT reported this vulnerability to NCCIC.
2018-03-20Geutebruck IP CamerasOtherGeutebrückDavy Douhine of RandoriSec and Nicolas Mattiocco of Greenlock reported these vulnerabilities to NCCIC.
2018-03-13OSIsoft PI VisionOtherOSIsoftOSIsoft self-reported the vulnerabilities to NCCIC.
2018-03-13Omron CX-SupervisorOtherOmronrgod working with Trend Micro’s Zero Day Initiative reported these vulnerabilities to NCCIC.
2018-03-13OSIsoft PI Web APIOtherOSIsoftOSIsoft self-reported the vulnerabilities to NCCIC.
2018-03-13OSIsoft PI Data ArchiveOtherOSIsoftOSIsoft self reported these vulnerabilities to NCCIC.
2018-03-08Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle Devices using the EN100 Ethernet Communication Module ExtensionOtherSiemensIlya Karpov and Alexey Stennikov from Positive Technologies reported this vulnerability to Siemens.
2018-03-08Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet ModuleOtherSiemensIlya Karpov and Dmitry Sklyarov from Positive Technologies reported these vulnerabilities to Siemens.
2018-03-06Schneider Electric SoMove Software and DTM Software ComponentsOtherSchneider ElectricADLab of Venustech reported this vulnerability to NCCIC.
2018-03-06Eaton ELCSoftOtherEatonAriele Caltabiano (kimiya) and axt working with Trend Micro's Zero Day Initiative reported the vulnerability to NCCIC.
2018-03-06Hirschmann Automation and Control GmbH Classic Platform SwitchesOtherBeldenIlya Karpov, Evgeniy Druzhinin, Mikhail Tsvetkov, and Damir Zainullin of Positive Technologies reported these vulnerabilities to
2018-03-01Moxa OnCell G3100-HSPA SeriesOtherMoxa Kirill Nesterov, Eugenie Potseluevskaya, and Radu Motspan of Kaspersky Labs reported the vulnerabilities to NCCIC.
2018-03-01Delta Electronics Delta Industrial Automation DOPSoftOtherDelta ElectronicsGhirmay Desta working with Trend Micro’s Zero Day Initiative (ZDI) reported this vulnerability to NCCIC.
2018-03-01Siemens SIMATIC, SIMOTION, and SINUMERIKOtherSiemensSiemens ProductCERT reported the vulnerabilities to NCCIC.
2018-02-27Emerson ControlWave Micro Process Automation ControllerOtherEmersonYounes Dragoni of Nozomi Networks reported this vulnerability to NCCIC.
2018-02-27Delta Electronics WPLSoftOtherDelta ElectronicsAxt working with Trend Micro's Zero Day Initiative reported these vulnerabilities to NCCIC.
2018-02-20ABB netCADOPS Web ApplicationOtherABBİsmail Erkek of Barikat Internet Security reported this vulnerability to NCCIC.
2018-02-15Nortek Linear eMerge E3 SeriesOtherNortekEvgeny Ermakov and Sergey Gordeychik reported the vulnerability to NCCIC.
2018-02-15Schneider Electric IGSS MobileOtherSchneider ElectricAlexander Bolshev (IOActive) and Ivan Yushkevich (Embedi) reported these vulnerabilities to Schneider Electric.
2018-02-15GE D60 Line Distance RelayOtherGEKirill Nesterov of Kaspersky Labs discovered these vulnerabilities, and GE and Kasperksy Labs reported and coordinated the vulne
2018-02-15Schneider Electric StruxureOn GatewayOtherSchneider ElectricSchneider Electric reported this vulnerability to NCCIC.
2018-02-13Schneider Electric IGSS SCADA SoftwareOtherSchneider ElectricIvan Sanchez of Nullcode reported this vulnerability to NCCIC.
2018-02-13WAGO PFC200 SeriesOtherWAGOReid Wightman of Dragos discovered the vulnerability in the CoDeSys Runtime application. T. Weber of SEC Consult reported this v
2018-02-01Fuji Electric V-Server VPROtherFuji ElectricAriele Caltabiano (kimiya) working with Trend Micro’s Zero Day Initiative reported the vulnerability to NCCIC.
2018-02-01Gemalto Sentinel License ManagerOtherGemaltoKaspersky Labs ICS-CERT reported these vulnerabilities to Gemalto CERT and NCCIC.
2018-02-013S-Smart Software Solutions GmbH CODESYS Web ServerOther3S-Smart Software Solutions GmbHZhu WenZhe of Istury IOT security lab reported this vulnerability to NCCIC.
2018-01-30Siemens TeleControl Server BasicOtherSiemensSiemens ProductCERT reported the vulnerabilities to NCCIC.
2018-01-25Nari PCS-9611OtherNariKirill Nesterov and Alexey Osipov from Kaspersky Labs reported the vulnerability to NCCIC.
2018-01-23Advantech WebAccess/SCADAOtherAdvantech rgod working with Trend Micro’s Zero Day Initiative reported these vulnerabilities to ICS-CERT.
2018-01-23Siemens Industrial ProductsOtherSiemensSiemens reported this vulnerability to ICS-CERT.
2018-01-11Moxa MXviewOtherMoxa Karn Ganeshen reported the vulnerability to ICS-CERT.
2018-01-11WECON Technology Co., Ltd. LeviStudio HMI EditorOtherWECON Technology Co., Ltd. (WECON)Sergey Zelenyuk of RVRT, HanM0u of CloverSec Labs working with Trend Micro's Zero Day Initiative, and Brian Gorenc of Trend Micr
2018-01-11PHOENIX CONTACT FL SWITCHOtherPHOENIX CONTACTIlya Karpov and Evgeniy Druzhinin of Positive Technologies discovered these vulnerabilities. PHOENIX CONTACT reported to CERT@VD
2018-01-09Rockwell Automation Allen-Bradley MicroLogix 1400 ControllersOtherRockwell AutomationThiago Alves of the University of Alabama reported the vulnerability to Rockwell Automation and ICS-CERT.
2018-01-09General Motors and Shanghai OnStar (SOS) iOS ClientOtherGeneral Motors (GM), Shanghai OnStar (SOS)ADLab of Venustech reported these vulnerabilities to ICS-CERT.
2018-01-04Delta Electronics Delta Industrial Automation Screen EditorOtherDelta ElectronicsSteven Seeley of Source Incite reported these vulnerabilities to ICS-CERT.
2017-12-21Schneider Electric Pelco VideoXpert EnterpriseOtherSchneider ElectricGjoko Krstic reported these vulnerabilities to Schneider Electric.
2017-12-21Moxa NPort W2150A and W2250AOtherMoxa Federico Maggi reported the vulnerability to ICS-CERT.
2017-12-19PEPPERL FUCHS/ecom instruments WLAN Capable Devices using the WPA2 ProtocolOtherPEPPERL FUCHS/ecom instrumentsMathy Vanhoef of imec-DistriNet, KU Leuven discovered these vulnerabilities. PEPPERL FUCHS reported to CERT@VDE that their produ
2017-12-19Ecava IntegraXorOtherEcavaSteven Seeley of Source Incite, and Michael DePlante and Brad Taylor working with Zero Day Initiative, reported the vulnerabilit
2017-12-19ABB EllipseOtherABBABB self-reported the vulnerability to ICS-CERT.
2017-12-19Siemens LOGO! Soft ComfortOtherSiemensTobias Gebhardt reported this vulnerability to Siemens.
2017-12-19WECON Technology Co., Ltd. LeviStudio HMI EditorOtherWECON Technology Co., Ltd. (WECON)Michael DePlante, working with Trend Micro’s Zero Day Initiative, reported the vulnerability to ICS-CERT.
2017-12-07Xiongmai Technology IP Cameras and DVRsOtherXiongmai TechnologyIndependent researcher Clinton Mielke reported this vulnerability to ICS-CERT.
2017-12-07PHOENIX CONTACT FL COMSERVER, FL COM SERVER, and PSI-MODEM/ETHOtherPHOENIX CONTACTMaxim Rupp reported the vulnerability to ICS-CERT. CERT@VDE
2017-12-07Rockwell Automation FactoryTalk Alarms and EventsOtherRockwell AutomationA major Oil and Gas company reported this vulnerability to ICS-CERT.
2017-11-30Geovap Reliance SCADAOtherGeovapCan Demirel of Biznet Bilisim reported the vulnerability to ICS-CERT.
2017-11-30Siemens SWT3000OtherSiemensSiemens reported these vulnerabilities to ICS-CERT.
2017-11-28Siemens SCALANCE W1750D, M800, and S615 (Update A)OtherSiemensSiemens Product CERT reported the vulnerabilities to NCCIC.
2017-11-21PHOENIX CONTACT WLAN Capable Devices using the WPA2 ProtocolOtherPHOENIX CONTACTMathy Vanhoef of imec-DistriNet, KU Leuven discovered these vulnerabilities. PHOENIX CONTACT reported these vulnerabilities to C
2017-11-16Moxa NPort 5110, 5130, and 5150OtherMoxa Florian Adamsky reported the vulnerabilities to ICS-CERT and tested the new firmware.
2017-11-16Siemens SICAMOtherSiemensSEC Consult Vulnerability Lab reported these vulnerabilities directly to Siemens.
2017-11-16Siemens SICAMOtherSiemensSEC Consult Vulnerability Lab reported these vulnerabilities directly to Siemens.
2017-11-09AutomationDirect CLICK, C-More, C-More Micro, GS Drives, and SL-Soft SOLOOtherAutomationDirectMark Cross of RIoT Solutions reported the vulnerability to ICS-CERT.
2017-11-09Schneider Electric InduSoft Web Studio and InTouch Machine EditionOtherSchneider ElectricAaron Portnoy, formerly of Exodus Intelligence, reported the vulnerability to Schneider Electric.
2017-11-02Advantech WebAccessOtherAdvantechSteven Seeley, working with Zero Day Initiative, reported the vulnerabilities to ICS-CERT.
2017-11-02Siemens SIMATIC PCS 7OtherSiemensSergey Temnikov and Vladimir Dashchenko of Kaspersky Labs reported the vulnerability to Siemens.
2017-10-31ABB FOX515TOtherABBKetan Bali reported the vulnerability to ABB.
2017-10-31Trihedral Engineering Limited VTScadaOtherTrihedralKarn Ganeshen and Mark Cross independently discovered these vulnerabilities and reported them to ICS-CERT.
2017-10-26Korenix JetNetOtherKorenixMandar Jadhav of the Qualys Vulnerability Signature/Research Team reported these vulnerabilities to ICS-CERT.
2017-10-26Rockwell Automation Stratix 5100OtherRockwell AutomationMathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium discovered this vulnerability.
2017-10-19SpiderControl MicroBrowserOtherSpiderControlKarn Ganeshen reported this vulnerability to ICS-CERT.
2017-10-17Progea Movicon SCADA/HMIOtherProgeaKarn Ganeshen reported these vulnerabilities to ICS-CERT.
2017-10-12Envitech Ltd. EnviDAS UltimateOtherEnvitech Ltd.Can Demirel and Deniz Cevik of Biznet Bilisim discovered the vulnerability and tested the patch.
2017-10-12NXP Semiconductors MQX RTOSOtherNXP SemiconductorsScott Gayou identified and coordinated these vulnerabilities with NXP, CERT/CC, and ICS-CERT.
2017-10-12ProMinent MultiFLEX M10a ControllerOtherProMinentMaxim Rupp disclosed this vulnerability to ICS-CERT.
2017-10-12Siemens BACnet Field PanelsOtherSiemensSiemens reported these vulnerabilities to ICS-CERT.
2017-10-12WECON Technology Co., Ltd. LeviStudio HMI EditorOtherWECON Technology Co., Ltd. (WECON)Andrea (rgod) Micalizzi, working with iDefense Labs, reported these vulnerabilities to ICS-CERT.
2017-10-10JanTek JTC-200OtherJanTekKarn Ganeshan reported the vulnerabilities to ICS-CERT.
2017-10-10LAVA Computer MFG Inc. Ether-Serial LinkOtherLAVA Computer MFG Inc.Maxim Rupp reported this vulnerability to ICS-CERT.
2017-10-05GE CIMPLICITY (Update A)OtherGEDavid Atch of CyberX reported the vulnerability to ICS-CERT.
2017-09-28Siemens Ruggedcom ROS, SCALANCEOtherSiemensSiemens reported this vulnerability to ICS-CERT.
2017-09-21Ctek, Inc. SkyRouterOtherCtek, Inc.Maxim Rupp reported the vulnerability to ICS-CERT.
2017-09-21iniNet Solutions GmbH SCADA WebserverPLCiniNet Solutions GmbHMatthias Niedermaier and Florian Fischer, both of Augsburg University of Applied Sciences, reported this vulnerability.
2017-09-21Schneider Electric InduSoft Web Studio, InTouch Machine EditionOtherSchneider ElectricAaron Portnoy, formerly of Exodus Intelligence, discovered and reported this vulnerability to ICS-CERT.
2017-09-21Digium Asterisk GUIOtherDigiumDavy Douhine of RandoriSec reported the vulnerability to ICS-CERT.
2017-09-21Saia Burgess Controls PCD ControllersOtherSaia Burgess ControlsDavide Fauri of Eindhoven University of Technology discovered and reported this vulnerability to ICS-CERT.
2017-09-19PHOENIX CONTACT mGuard Device ManagerOtherPHOENIX CONTACTPHOENIX CONTACT reported these vulnerabilities to CERT@VDE. CERT@VDE coordinated these vulnerabilities with ICS-CERT.
2017-09-14LOYTEC LVIS-3MEOtherLOYTECDavy Douhine of RandoriSec reported the vulnerabilities to ICS-CERT.
2017-09-12mySCADA myPROOthermySCADAKarn Ganeshen reported this vulnerability to ICS-CERT.
2017-09-07PHOENIX CONTACT, Innominate Security Technologies mGuard FirmwareOtherPHOENIX CONTACTPHOENIX CONTACT has reported this vulnerability via CERT@VDE to ICS-CERT.
2017-09-07SpiderControl SCADA Web ServerOtherSpiderControlKarn Ganeshen reported this vulnerability to ICS-CERT.
2017-08-31Siemens LOGO!OtherSiemensMaxim Rupp discovered one of these two vulnerabilities.
2017-08-31OPW Fuel Management Systems SiteSentinel Integra and SiteSentinel iSiteOtherOPW Fuel Management SystemsSemen Rozhkov of Kaspersky Lab discovered these vulnerabilities. OPW hired a third party testing firm to validate that the firmw
2017-08-31Siemens industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundationOPCSiemensSergey Temnikov of Kaspersky Lab reported this vulnerability to Siemens.
2017-08-31Siemens 7KM PAC Switched EthernetOtherSiemensSiemens reported this vulnerability and released an advisory with firmware update information.
2017-08-31Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VUOtherAutomated Logic Corporation (ALC)Evgeny Ermakov from Kaspersky Lab has identified the vulnerability.
2017-08-29AzeoTech DAQFactoryOtherAzeoTechKarn Ganeshen reported these vulnerabilities to ICS-CERT.
2017-08-29Advantech WebAccessOtherAdvantech
2017-08-24Rockwell Automation Allen-Bradley Stratix and ArmorStratixOtherRockwell AutomationCisco discovered these vulnerabilities during internal testing. Rockwell Automation reported these vulnerabilities to ICS-CERT.
2017-08-24Westermo MRD-305-DIN, MRD-315, MRD-355, and MRD-455OtherWestermoMandar Jadhav from Qualys Security has identified the vulnerabilities.
2017-08-22SpiderControl SCADA MicroBrowserOtherSpiderControlKarn Ganeshen, working with Trend Micro?s Zero Day Initiative (ZDI), discovered this vulnerability.
2017-08-22Automated Logic Corporation WebCTRL, i-VU, SiteScanOtherAutomated Logic Corporation (ALC)Gjoko Krstic from Zero Science Lab identified the vulnerabilities.
2017-07-06Schneider Electric Wonderware ArchestrA LoggerOtherSchneider ElectricAndrey Zhukov of USSC discovered this vulnerability and reported it to Schneider Electric. Schneider Electric then self-reported
2017-07-06Siemens OZW672 and OZW772OtherSiemensStefan Viehb?ck from SEC Consult reported these vulnerabilities to Siemens.
2017-07-06Siemens SIPROTEC 4 and SIPROTEC CompactOtherSiemensSiemens reported these vulnerabilities to ICS-CERT when they made firmware available to fix them.
2017-07-06Schneider Electric Ampla MESOtherSchneider ElectricIlya Karpov from Positive Technologies reported these vulnerabilities to Schneider Electric.
2017-07-06Siemens ReyrolleOtherSiemensSiemens reported these vulnerabilities to ICS-CERT when they made firmware available to fix them.
2017-06-29Siemens Viewport for Web Office PortalOtherSiemensHannes Trunde from Kapsch BusinessCom AG reported this vulnerability to Siemens.
2017-06-29Siemens SIMATIC Industrial PCs, SINUMERIK Panel Control Unit, and SIMOTION P320OtherSiemensMaksim Malyutin from Embedi reported this issue to Intel.
2017-06-29Schneider Electric U.motion BuilderOtherSchneider Electricrgod working with Trend Micro's Zero Day Initiative identified these vulnerabilities.
2017-06-27Newport XPS-Cx, XPS-QxOtherNewportMaxim Rupp identified the vulnerability.
2017-06-22Siemens SIMATIC CP 44x-1 Redundant Network Access ModulesOtherSiemensSiemens reported this vulnerability.
2017-06-22Siemens XHQOtherSiemensSiemens self-reported this vulnerability.
2017-06-20Ecava IntegraXorOtherEcavaTenable Network Security reported the vulnerability and tested the patch.
2017-06-14Cambium Networks ePMPOtherCambium NetworksKarn Ganeshen identified these vulnerabilities.
2017-06-13OSIsoft PI Server 2017OtherOSIsoftOSIsoft self-disclosed these vulnerabilities.
2017-06-13OSIsoft PI Web API 2017OtherOSIsoftThese issues were found by OSIsoft and reported once they had prepared an upgrade to fix them.
2017-06-13Trihedral VTScadaOtherTrihedralKarn Ganeshen discovered the vulnerabilities and has tested the patch.
2017-06-06Rockwell Automation PanelView Plus 6 700-1500OtherRockwell AutomationRockwell Automation self-reported this vulnerability.
2017-06-06Digital Canal Structural Wind AnalysisOtherDigital Canal StructuralKarn Ganeshen has identified the vulnerability.
2017-06-01Phoenix Broadband Technologies LLC PowerAgent SC3 Site ControllerOtherPhoenix Broadband Technologies LLCInaki Rodriguez discovered this vulnerability and tested the patch.
2017-05-23Moxa OnCellOtherMoxaIndependent researcher Maxim Rupp identified the vulnerabilities.
2017-05-23Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400OtherRockwell AutomationThese vulnerabilities were reported to ICS-CERT by Rockwell Automation, David Formby and Raheem Beyah of Georgia Tech and Fortip
2017-05-18Schneider Electric Wonderware InduSoft Web StudioOtherSchneider ElectricKarn Ganeshen identified this vulnerability.
2017-05-18Miele Professional PG 85 SeriesOtherMiele ProfessionalJens Regel of Schneider & Wulf publicly disclosed this vulnerability without ICS-CERT coordination.
2017-05-16Schneider Electric SoMachine HVACOtherSchneider ElectricIndependent researcher Zhou YU reported the buffer overflow vulnerability to ICS-CERT. Schneider Electric reported to ICS-CERT t
2017-05-16Detcon SiteWatch GatewayOtherDetconIndependent researcher Maxim Rupp reported the vulnerabilities.
2017-05-16Schneider Electric VAMPSETOtherSchneider ElectricKushal Arvind Shah from Fortinets Fortiguard Labs reported this vulnerability directly to Schneider Electric.
2017-05-16Hanwha Techwin SRN-4000OtherHanwha TechwinCan Demirel and Faruk Unal of Biznet Bilisim discovered the vulnerability and have tested the patch.
2017-05-11Phoenix Contact GmbH mGuardOtherPhoenix ContactPhoenix Contact GmbH self-reported these vulnerabilities.
2017-05-11Satel Iberia SenNet Data Logger and Electricity MetersOtherSatel IberiaKarn Ganeshan discovered this vulnerability.
2017-05-09Siemens SIMATIC WinCC and SIMATIC WinCC Runtime ProfessionalOtherSiemensSergey Temnikov and Vladimir Dashchenko of the Kaspersky Lab Critical Infrastructure Defense Team reported this vulnerability di
2017-05-09Siemens devices using the PROFINET Discovery and Configuration ProtocolOtherSiemensDuan JinTong, Ma ShaoShuai, and Cheng Lei from NSFOCUS Security Team reported this vulnerability directly to Siemens.
2017-05-09Siemens devices using the PROFINET Discovery and Configuration ProtocolOtherSiemensDuan JinTong, Ma ShaoShuai, and Cheng Lei from NSFOCUS Security Team reported these vulnerabilities directly to Siemens.
2017-05-09Rockwell Automation Stratix 5900OtherRockwell AutomationCisco Systems, Inc. reported these vulnerabilities to Rockwell Automation.
2017-05-04Advantech WebAccessOtherAdvantechZhou Yu working with Trend Micro?s Zero Day Initiative discovered the vulnerability. Zhou Yu has tested the new software and val
2017-05-04Dahua Technology Co., Ltd Digital Video Recorders and IP CamerasOtherDahua TechnologyResearcher Bashis disclosed these vulnerabilities without coordination with ICS-CERT.
2017-05-04Hikvision CamerasOtherHikvisionIPcamtalk user ?Montecrypto? identified these vulnerabilities.
2017-05-04Rockwell Automation ControlLogix 5580 and CompactLogix 5380OtherRockwell AutomationN/A
2017-05-02CyberVision Kaa IoT PlatformOtherCyberVisionJacob Baines from Tenable Network Security is credited with the discovery of this vulnerability.
2017-05-02Advantech B+B SmartWorx MESR901OtherAdvantechMaxim Rupp has identified the vulnerability.
2017-05-02Schneider Electric Wonderware Historian ClientOtherSchneider ElectricAndrey Zhukov from USSC reported this vulnerability and has tested the patch.
2017-04-27GE Multilin SR Protective RelaysOtherGEGE reported the vulnerability to ICS-CERT. It was initially identified by New York University security researchers Anastasis Kel
2017-04-25BLF-Tech LLC VisualView HMIHMIBLF-Tech LLCKarn Ganeshen discovered this vulnerability.
2017-04-25Hyundai Motor America Blue LinkOtherHyundai Motor AmericaThese vulnerabilities were discovered by Will Hatzer and Arjun Kumar working with Rapid7.
2017-04-25Sierra Wireless AirLink Raven XE and XTOtherSierra WirelessIndependent researcher Karn Ganeshen identified and publicly released vulnerabilities in the Sierra Wireless AirLink Raven XE an
2017-04-13Schneider Electric Modicon M221 PLCs and SoMachine BasicOtherSchneider ElectricSimon Heming, Maik Bruggemann, Hendrik Schwartke, and Ralf Spenneberg of Open Source Security discovered these vulnerabilities.
2017-04-13Wecon Technologies LEVI Studio HMI EditorOtherWecon TechnologiesAndrea (rgod) Micalizzi, working with iDefense Labs, reported these vulnerabilities.
2017-04-11Schneider Electric Modicon Modbus ProtocolPLCSchneider ElectricEran Goldstein of CRITIFENCE reported the identified vulnerabilities.
2017-04-06Certec EDV GmbH atvise scadaOtherCertec EDV GmbHSebastian Neef of Internetwache.org discovered the vulnerabilities.
2017-04-04MODBUS UMAS AUTHENTICATION BYPASSPLCSchneider Electric UnityEran Goldstein of CRITIFENCE reported the identified vulnerabilities.
2017-04-04MODBUS UMAS VIOLATION OF SECURE DESIGN PRINCIPLESPLCSchneider Electric UnityEran Goldstein of CRITIFENCE reported the identified vulnerabilities.
2017-04-04Marel Food Processing SystemsOtherMarelDaniel Lance reported these vulnerabilities to ICS-CERT.
2017-04-04Rockwell Automation Allen-Bradley Stratix and Allen-Bradley ArmorStratixOtherRockwell AutomationRockwell Automation has reported this vulnerability.
2017-04-04Schneider Electric Interactive Graphical SCADA System SoftwareOtherSchneider ElectricKarn Ganeshen reported this vulnerability.
2017-03-30Schneider Electric Modicon PLCsPLCSchneider ElectricDavid Formby and Raheem Beyah of Georgia Tech and Fortiphyd Logic, Inc. reported the identified vulnerabilities.
2017-03-30Schneider Electric Wonderware InTouch Access AnywhereOtherSchneider ElectricRuslan Habalov and Jan Bee of the Google ISA Assessments Team identified these vulnerabilities.
2017-03-283S-Smart Software Solutions GmbH CODESYS Web ServerOther3S-Smart Software Solutions GmbHDavid Atch of CyberX discovered the vulnerabilities and has tested the patch.
2017-03-28Siemens RUGGEDCOM ROX IOtherSiemensMaxim Rupp reported these vulnerabilities directly to Siemens.
2017-03-23LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADAOtherLCDSKarn Ganeshen, working with Trend Micros Zero Day Initiative (ZDI), discovered this vulnerability.
2017-03-21Rockwell Automation Connected Components WorkbenchOtherRockwell AutomationIvan Sanchez reported this vulnerability.
2017-03-16LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADAOtherLCDSKarn Ganeshen identified and reported the vulnerability to ICS-CERT and tested the update.
2017-03-14Fatek Automation PLC Ethernet ModuleOtherFatekAn anonymous researcher working with Trend Micros Zero Day Initiative identified this vulnerability.
2017-03-09Schneider Electric ClearSCADAOtherSchneider ElectricSergey Temnikov and Vladimir Dashchenko of Kapersky Labs Critical Infrastructure Defense Team identified and reported the vulne
2017-03-07Schneider Electric Wonderware IntelligenceOtherSchneider ElectricSchneider Electric self-reported this vulnerability.
2017-03-02Schneider Electric Conext ComBoxOtherSchneider ElectricArik Kublanov and Mark Liapustin of Nation-E Ltd reported this vulnerability.
2017-03-02Eaton xComfort Ethernet Communication InterfaceOtherEatonMaxim Rupp identified the vulnerability.
2017-03-02Siemens SINUMERIK Integrate and SINUMERIK OperateOtherSiemensSiemens
2017-02-28Siemens RUGGEDCOM NMSOtherSiemensSiemens
2017-02-23Schneider Electric Modicon M340 PLCOtherSchneider ElectricLuis Francisco Martin Liras reported the issue to Schneider Electric.
2017-02-23VIPA Controls WinPLC7OtherVIPA ControlsAriele Caltabiano (kimiya) working with Trend Micros Zero Day Initiative reported this vulnerability.
2017-02-23Red Lion Controls Sixnet-Managed Industrial Switches, AutomationDirect STRIDE-Managed Ethernet Switches VulnerabilityOtherRed Lion ControlsMark Cross of RIoT Solutions identified these vulnerabilities.
2017-02-14Geutebruck IP CamerasOtherGeutebruckFlorent Montel and Frederic Cikala discovered the authentication bypass vulnerability, and Davy Douhine of RandoriSec discovered
2017-02-14Siemens SIMATIC Authentication BypassOtherSiemensSiemens
2017-02-14Advantech WebAccessOtherAdvantechLi MingZheng Kuangn identified the vulnerability and tested the patch.
2017-02-09Hanwha Techwin Smart Security ManagerOtherHanwha TechwinSteven Seeley of Source Incite discovered these vulnerabilities.
2017-02-07Sielco Sistemi Winlog SCADA SoftwareOtherSielco SistemiResearcher Karn Ganeshen identified this vulnerability.
2017-01-31Ecava IntegraXorOtherEcavaIndependent researchers Brian Gorenc and Juan Pablo Lopez working with Trend Micros Zero Day Initiative have identified the SQL
2017-01-31BINOM3 Electric Power Quality Meter (Update A)OtherBINOM3Karn Ganeshen reported these vulnerabilities.
2017-01-26Belden Hirschmann GECKOOtherBeldenDavy Douhine of RandoriSec identified this vulnerability.
2017-01-26Belden Hirschmann GECKOOtherBeldenDavy Douhine
2017-01-24Schneider Electric Wonderware HistorianOtherSchneider ElectricRuslan Habalov and Jan Bee
2017-01-24Schneider Electric Wonderware HistorianOtherSchneider ElectricRuslan Habalov and Jan Bee of the Google ISA Assessments Team discovered this vulnerability.
2017-01-19Schneider Electric homeLYnk ControllerOtherSchneider ElectricMohammed Shameem
2017-01-17Phoenix Contact mGuardOtherPhoenix ContactThis vulnerability was discovered by Phoenix Contact.
2017-01-17GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian VulnerabilityHMIGEIlya Karpov
2017-01-12VideoInsight Web ClientOtherVideoInsightJuan Pablo Lopez Yacubian reported this vulnerability and has tested the patch.
2017-01-12Carlo Gavazzi VMU-C EM and VMU-C PVOtherCarlo GavazziKarn Ganeshen has reported these vulnerabilities.
2017-01-12Advantech WebAccessOtherAdvantechTenable Network Security working with Trend Micros Zero Day Initiative
2017-01-10OSIsoft PI Coresight and PI Web APIOtherOSIsoftVint Maggs from Savannah River Nuclear Solutions reported this issue to OSIsoft.
2017-01-09St. Jude Merlin@home Transmitter VulnerabilityOtherSt. Jude MedicalMedSec Holdings
2017-01-05Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow VulnerabilityPLCRockwell AutomationRockwell Automation
2017-01-05Rockwell Automation MicroLogix 1100 and 1400 VulnerabilitiesPLCRockwell AutomationAlexey Osipov and Ilya Karpov
2016-12-22Fidelix FX-20 Series Controllers Path Traversal VulnerabilityOtherFidelixSemen Rozhkov
2016-12-22WAGO Ethernet Web-based Management Authentication Bypass VulnerabilityOtherWAGOMaxim Rupp
2016-12-20Siemens Desigo PX Web Module Insufficient Entropy VulnerabilityOtherSiemensMarcella Hastings, Joshua Fried, and Nadia Heninger
2016-12-15Fatek Automation PLC WinProladder Stack-Based Buffer Overflow VulnerabilityPLCFatekTrend Micro Zero Day Initiative (ZDI)
2016-12-15OmniMetrix OmniView VulnerabilitiesOtherOmniMetrixBill Voltmer
2016-12-13Visonic PowerLink2 VulnerabilitiesOtherVisonicAditya K. Sood
2016-12-13Delta Electronics WPLSoft, ISPSoft, and PMSoft VulnerabilitiesPLCDelta Electronicsaxt, Ariele Caltabiano
2016-12-13Siemens SIMATIC WinCC and SIMATIC PCS 7 ActiveX VulnerabilityOtherSiemensMingzheng Li
2016-12-13Moxa DACenter VulnerabilitiesOPCMoxaZhou Yu
2016-12-13Siemens S7-300/400 PLC VulnerabilitiesPLCSiemensZhu WenZhe
2016-12-08Sauter NovaWeb Web HMI Authentication Bypass VulnerabilityHMISauterMaxim Rupp
2016-12-08INTERSCHALT VDR G4e Path Traversal VulnerabilityOtherINTERSCHALTMaxim Rupp
2016-12-08Moxa MiiNePort Session Hijack VulnerabilitiesOtherMoxaAditya Sood
2016-12-06Tesla Gateway ECU VulnerabilityOtherTeslaTencents Keen Security Lab
2016-12-01Advantech SUSIAccess Server VulnerabilitiesOtherAdvantechrgod
2016-12-01Siemens SICAM PAS VulnerabilitiesOtherSiemensIlya Karpov and Dmitry Sklyarov
2016-12-01Smiths-Medical CADD-Solis Medication Safety Software VulnerabilitiesOtherSmiths-MedicalSmiths-Medical
2016-12-01Moxa NPort Device VulnerabilitiesOtherMoxaReid Wightman, Mikael Vingaard, Maxim Rupp
2016-12-01Mitsubishi Electric MELSEC-Q Series Ethernet Interface Module VulnerabilitiesOtherMitsubishiVladimir Dashchenko
2016-11-29Emerson DeltaV Easy Security Management Application VulnerabilityOtherEmersonEmerson
2016-11-29Emerson DeltaV Wireless I/O Card Open SSH Port VulnerabilityOtherEmersonEmerson
2016-11-29Emerson Liebert SiteScan XML External Entity VulnerabilityOtherEmersonEvgeny Ermakov
2016-11-22Siemens SIMATIC CP 1543-1 VulnerabilitiesOtherSiemensSOGETI and ANSSI
2016-11-22Siemens SIMATIC CP 343-1/CP 443-1 Modules and SIMATIC S7-300/S7-400 CPUs VulnerabilitiesOtherSiemensSiemens
2016-11-17Vanderbilt Industries Siemens IP CCTV Cameras VulnerabilityOtherVanderbilt IndustriesSiemens
2016-11-17Moxa SoftCMS VulnerabilitiesOtherMoxaICS-CERT
2016-11-15Lynxspring JENEsys BAS Bridge VulnerabilitiesOtherLynxspringICS-CERT
2016-11-10CA Unified Infrastructure Management Directory Traversal VulnerabilityHMI SoftwarCA Technologies Unified Infrastructure ManagementAndrea Micalizzi
2016-11-08Phoenix Contact ILC PLC Authentication VulnerabilitiesPLCPhoenix Contact ILC 1xxMatthias Niedermaier and Michael Kapfer
2016-11-08OSIsoft PI System Incomplete Model of Endpoint Features VulnerabilitySOFTWAREOSIsoft PI SystemOSIsoft
2016-11-08Siemens Industrial Products Local Privilege Escalation VulnerabilitySOFTWARESiemens SIMATIC (Multiple)WATERSURE and KIANDRA IT
2016-11-03Moxa OnCell Security VulnerabilitiesNETWORKMoxa OnCellMaxim Rupp
2016-11-03Schneider Electric Magelis HMI Resource Consumption VulnerabilitiesHMISchneider Electric Magelis Advanced HMI Panel (PanelShock)Eran Goldstein
2016-11-03Schneider Electric IONXXXX Series Power Meter VulnerabilitiesOTHERSchneider Electric IONXXXX Karn Ganeshen
2016-11-01IBHsoftec S7-SoftPLC CPX43 Heap-based Buffer Overflow VulnerabilitySOFTWAREIBHsoftec S7-SoftPLCAriele Caltabiano (kimiya)
2016-11-01Schneider Electric ConneXium Buffer Overflow VulnerabilityNETWORKConneXium firewallNir Giller
2016-11-01Schneider Electric Unity PRO Control Flow Management VulnerabilitySOFTWARESchneider Electric Unity PROAvihay Kain and Mille Gandelsman
2016-10-27Honeywell Experion PKS Improper Input Validation VulnerabilitySOFTWAREHoneywell Experion PKSHoneywell
2016-10-25Siemens SICAM RTU Devices Denial-of-Service VulnerabilityNETWORKSiemens SICAMAdam Crain
2016-10-20Moxa EDR-810 Industrial Secure Router Privilege Escalation VulnerabilityNETWORKMoxa EDR-810Maxim Rupp
2016-10-18Schneider Electric PowerLogic PM8ECC Hard-coded Password VulnerabilitySOFTWAREPowerLogic PM8ECC He Congwen
2016-10-13Siemens Automation License Manager VulnerabilitiesSOFTWARESiemens ALMSergey Temnikov and Vladimir Dashchenko
2016-10-13Kabona AB WDC VulnerabilitiesHMIKabona AB WebDatorCentral WDCMartin Jartelius, John Stock
2016-10-13Fatek Automation Designer Memory Corruption VulnerabilitiesHMI SoftwarFatek Automation PM Designer, Automation FV DesignerAriele Caltabiano (kimiya)
2016-10-13OSIsoft PI Web API 2015 R2 Service Account Permissions VulnerabilitySOFTWAREOSIsoft PI Web API 2015 R2 (Version 1.5.1)OSIsoft
2016-10-13Siemens SIMATIC STEP 7 (TIA Portal) Information Disclosure VulnerabilitiesSOFTWARESiemens SIMATIC STEP 7 (TIA Portal)Dmitry Sklyarov and Gleb Gritsai
2016-10-13Rockwell Automation Stratix Denial-of-Service and Memory Leak VulnerabilitiesOTHERAllen-Bradley Stratix , Allen-Bradley ArmorStratixRockwell Automation
2016-10-13Moxa ioLogik E1200 Series VulnerabilitiesOTHERMoxa ioLogik ioLogikAlexandru Ariciu
2016-10-06GE Bently Nevada 3500/22M Improper Authorization VulnerabilityOTHERGE Bently Nevada 3500/22MGE
2016-10-05Animas OneTouch Ping Insulin Pump VulnerabilitiesOTHERJohnson & Johnson - Animas OneTouch Ping insulin pump systemRapid7
2016-10-04Beckhoff Embedded PC Images and TwinCAT Components VulnerabilitiesPLCBeckhoff Embedded PC, TwinCATMarko Schuba
2016-10-04INDAS Web SCADA Path Traversal VulnerabilityHMIINDAS Web SCADAEhab Hussein
2016-09-29American Auto-Matrix Front-End Solutions VulnerabilitiesOTHERAmerican Auto-Matrix Building Automation Front-End Solutions appMaxim Rupp
2016-09-27Siemens SCALANCE M-800/S615 Web VulnerabilityOTHERSiemens SCALANCE M-800/S615Alexander Van Maele and Tijl Deneut
2016-09-20Moxa Active OPC Server Unquoted Service Path Escalation VulnerabilityOPCMoxa Active OPC Server Zhou Yu
2016-09-15ABB DataManagerPro Credential Management VulnerabilitySOFTWAREABB DataManagerProAndrea Micalizzi
2016-09-15Trane Tracer SC Sensitive Information Exposure VulnerabilityHMITrane Tracer SCMaxim Rupp
2016-09-15Rockwell Automation RSLogix 500 AND RSLogix Micro File Parser Buffer Overflow VulnerabilitySOFTWARERockwell Automation RSLogix Ariele Caltabiano (kimiya)
2016-09-15Yokogawa STARDOM Authentication Bypass VulnerabilityPLCYokogawa STARDOM FCN/FCJ Yokogawa and JPCERT/CC
2016-09-06Siemens SIPROTEC 4 and SIPROTEC Compact VulnerabilitiesOTHERSiemens SIPROTEC EN100Kirill Nesterov and Anatoly Katushin
2016-08-23Moxa OnCell VulnerabilitiesOTHERMoxa OnCellMaxim Rupp
2016-08-22Navis WebAccess SQL Injection VulnerabilityCMSNavis WebAccessNCCIC/ICS-CERT
2016-08-18Navis WebAccess SQL Injection VulnerabilityOtherNavis?bRpsd
2016-08-11Rockwell Automation MicroLogix 1400 SNMP Credentials VulnerabilityPLCRockwell (Allen-Bradley) MicroLogix 1400Cisco Talos
2016-08-02Siemens SINEMA Server Privilege Escalation VulnerabilityOTHERSiemens SINEMArgod
2016-08-02Moxa SoftCMS SQL Injection VulnerabilityCMSMoxa SoftCMSZhou Yu
2016-07-26Siemens SINEMA Remote Connect Server Cross-site Scripting VulnerabilityOTHERSiemens SINEMA Remote Connect ServerAntonio Morales Maldonado, Alexander Van Maele and Tijl Deneut
2016-07-26Siemens SIMATIC NET PC-Software Denial-of-Service VulnerabilitySOFTWARESiemens SIMATIC NET PC-SoftwareVladimir Dashchenko and Sergey Temnikov
2016-07-26Rockwell Automation FactoryTalk EnergyMetrix VulnerabilitiesOPCRockwell (Allen-Bradley) FactoryTalk EnergyMetrixUS-CERT
2016-07-26Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional VulnerabilitiesHMI, OPCSiemens SIMATICSergey Temnikov, Vladimir Dashchenko
2016-07-14Schneider Electric SoMachine HVAC Unsafe ActiveX Control VulnerabilitySOFTWARESchneider Electric SoMachineAndrea Micalizzi
2016-07-14Moxa MGate Authentication Bypass VulnerabilityOTHERMoxa MGateMaxim Rupp
2016-07-14Schneider Electric Pelco Digital Sentry Video Management System VulnerabilityOTHERSchneider Electric Pelco Digital Sentry Video Management SystemSchneider Electric
2016-07-14Philips Xper-IM Connect VulnerabilitiesOTHERPhilips Xper-IM ConnectMike Ahmadi, Billy Rios
2016-07-12Tollgrade Smart Grid EMS LightHouse VulnerabilitiesOTHERLightHouseAshish Kamble
2016-07-12GE Proficy HMI SCADA CIMPLICITY Privilege Management VulnerabilityHMIGeneral Electric CIMPLICITYZhou Yu
2016-07-07WECON LeviStudio Buffer Overflow VulnerabilitiesHMILeviStudioRocco Calvi, Brian Gorenc
2016-07-07Moxa Device Server Web Console Authorization Bypass VulnerabilityOTHERMoxa Device Server Web Console 5232-NMaxim Rupp
2016-07-07GE Proficy HMI/SCADA CIMPLICITY 8.2 - Local Privilege EscalationHMIGeneral ElectricZhou Yu
2016-07-06Rexroth Bosch BLADEcontrol-WebVIS VulnerabilitiesHMIBosch Rexroth BLADEcontrol-WebVISMaxim Rupp
2016-06-30Siemens SICAM PAS VulnerabilitiesOTHERSiemens SICAM PASIlya Karpov, Dmitry Sklyarov
2016-06-30Eaton ELCSoft Programming Software Memory VulnerabilitiesSOFTWAREELCSoft Ariele Calgaviano
2016-06-23Meinberg NTP Time Server VulnerabilitiesOTHERMultipleRyan Wincey
2016-06-23Rockwell Automation Allen-Bradley Stratix 5400 and 5410 Packet Corruption VulnerabilityOTHERRockwell (Allen-Bradley) Stratix 54xxRockwell Automation
2016-06-23Unitronics VisiLogic OPLC IDE vlp File Parsing Stack Buffer Overflow VulnerabilityHMI, PLCUnitronics VisilogicSteven Seeley
2016-06-21Schneider Electric PowerLogic PM8ECC Cross-site Scripting VulnerabilityOTHERSchneider Electric PowerLogic PM8ECCSchneider Electric
2016-06-21Advantech WebAccess ActiveX VulnerabilitiesHMIAdvantech WebAccessZhou Yu
2016-06-16Moxa PT-7728 Series Switch Improper Authorization VulnerabilityOTHERMoxa PT-7728 SeriesCan Demirel
2016-06-09Siemens SIMATIC S7-300 Denial of-Service VulnerabilityPLCSiemens SIMANTIC S7-300Mate J. Csorba
2016-06-09Siemens SIMATIC WinCC Flexible Weakly Protected Credentials VulnerabilityHMISiemens SIMATIC WinCC flexibleGleb Gritsai, Roman Ilin
2016-06-07Trihedral VTScada VulnerabilitiesHMIVTScadaUNDISCLOSED
2016-06-07KMC Controls Conquest BACnet Router VulnerabilitiesOTHERBAC-5051EMaxim Rupp
2016-06-02GE MultiLink Series Hard-coded Credential VulnerabilityOTHERGeneral Electric MultilinkGE
2016-05-31Moxa UC 7408-LX-Plus Firmware Overwrite VulnerabilityOTHERMoxa UC-7408 LX-PlusUNDISCLOSED
2016-05-31ABB PCM600 VulnerabilitiesOPCABB PCM600Ilya Karpov
2016-05-26Sixnet BT Series Hard-coded Credentials VulnerabilityOTHERSixnet BTNeil Smith
2016-05-26Environmental Systems Corporation Data Controllers VulnerabilitiesOTHERESC 8832Maxim Rupp
2016-05-26Black Box AlertWerks ServSensor Credential Management VulnerabilityOTHERAlertWerks ServSensorLee Ryman
2016-05-24Moxa MiiNePort VulnerabilitiesOTHERMoxa MiiNePortKarn Ganeshen
2016-05-19Resource Data Management Intuitive 650 TDB Controller VulnerabilitiesOTHERIntuitive 650 TDB ControllerMaxim Rupp
2016-05-19Siemens SIPROTEC Information Disclosure VulnerabilitiesOTHERSiemens SIPROTECAleksandr Bersenev, Pavel Toporkov
2016-05-17Moxa EDR-G903 Secure Router VulnerabilitiesOTHERMoxa EDR-G903Maxim Rupp
2016-05-17IRZ RUH2 3G Firmware Overwrite VulnerabilityOTHERRUH2NCCIC/ICS-CERT
2016-05-12Meteocontrol WEBlog VulnerabilitiesOTHERWEBlogKarn Ganeshen
2016-05-10Panasonic FPWIN Pro VulnerabilitiesOTHERwindowsTrend Micro Zero Day Initiative (ZDI)
2016-04-14Siemens Industrial Products glibc Library VulnerabilityOTHERSiemensFermin J. Serna, Gynvael Coldwind, Thomas Garnier
2016-04-13Schneider Electric Magelis Advanced HMI Panel - Uncontrolled Resource Consumption vulnerabilityHMISchneider Electric Magelis Advanced HMI PanelEran Goldstein
2016-04-13Schneider Electric Magelis Advanced HMI Panel - PanelShock vulnerabilityHMISchneider Electric Magelis Advanced HMI PanelEran Goldstein
2016-04-12Siemens SCALANCE S613 Denial-of-Service VulnerabilityOTHERSiemens SCALANCE firewallSiemens
2016-04-12Honeywell Uniformance PHD Denial Of ServiceOTHERHoneywell Uniformance PHDHoneywell
2016-04-12Siemens Industrial Products DROWN VulnerabilityOTHERSiemens SCALANCE , ROXSiemens
2016-04-05Eaton Lighting Systems EG2 Web Control Authentication Bypass VulnerabilitiesHMIwindowsMaxim Rupp
2016-04-05Rockwell Automation Integrated Architecture Builder Access Violation Memory Error HMIRockwell (Allen-Bradley)Ivan Sanchez - Nullcode Team
2016-03-31ICONICS WebHMI Directory Traversal VulnerabilityHMIwindowsMaxim Rupp
2016-03-24Cogent DataHub Elevation of Privilege VulnerabilityOTHERwindowsSteven Seeley
2016-03-22Siemens APOGEE Insight Incorrect File Permissions VulnerabilityOTHERSiemens APOGEE Insight (All versions)HuNan Quality Inspection Institute
2016-03-17ABB Panel Builder 800 DLL Hijacking Vulnerability (Update A)HMIABB Panel Builder 800 version 5.1 and earlierIvan Sanchez - Nullcode Team
2016-03-15Siemens SIMATIC S7-1200 CPU Protection Mechanism FailurePLCSiemens SIMATIC S7-1200 CPU family: All versions < V4.0Maik Bruggemann and Ralf Spenneberg
2016-03-12Schneider Electric Telvent RTU Improper Ethernet Frame Padding Vulnerability RTUSchneider Electric Telvent SAGE RTUDavid Formby, Raheem Beyah
2016-03-05WAGO IO PLC 758-870 / 750-849 Credential Management / Privilege Separation VulnerabilityPLCSchneider Electric WAGO IO PLC 758-870, 750-849, 750-849Karn Ganeshen
2016-03-03Moxa ioLogik E2200 Series Weak Authentication PracticesRTUMoxa ioLogik E2200 series, ioAdmin Configuration UtilityAditya Sood
2016-03-03Schneider Electric SBO / AS - Multiple VulnerabilitiesPLCSchneider Electric SBOKarn Ganeshen
2016-03-01Rockwell Automation Allen-Bradley CompactLogix Reflective Cross-Site Scripting VulnerabilityPLCRockwell (Allen-Bradley) CompactLogixAditya Sood
2016-02-15Delta Industrial Automation DCISoft 1.12.09 - Stack Buffer Overflow ExploitHMIwindowsLiquidWorm
2016-02-04GE Industrial Solutions UPS SNMP Adapter < 4.8 - Multiple VulnerabilitiesOTHERGeneral Electric webKarn Ganeshen
2015-12-08iniNet SpiderControl SCADA Web Server Service 2.02 - Insecure File PermissionsHMIwindowsLiquidWorm
2015-01-28ClearSCADA - Remote Authentication Bypass ExploitHMIwindowsJeremy Brown
2014-12-15Soitec SmartEnergy 1.4 - SCADA Login SQL Injection Authentication Bypass ExploitHMIwindowsLiquidWorm
2014-09-24WS10 Data Server - SCADA Exploit Overflow PoCOPCwindowsPedro Sanchez
2014-02-11KingScada - kxClientDownload.ocx ActiveX Remote Code ExecutionHMIwindowsmetasploit
2013-12-03ABB MicroSCADA wserver.exe - Remote Code Execution PLCwindowsmetasploit
2013-10-22Interactive Graphical SCADA System Remote Command Injection HMIwindowsmetasploit
2013-01-08Advantech WebAccess HMI/SCADA Software Persistence XSS VulnerabilityPLCAdvantech aspSecPod Research
2012-12-04Advantech Studio 7.0 - SCADA/HMI Directory Traversal (0day)HMIwindowsNin3
2012-08-29Winlog Lite SCADA HMI system SEH 0verwrite VulnerabilityHMIwindowsCiph3r
2011-12-13CoDeSys SCADA 2.3 - Webserver Stack Buffer OverflowHMIwindowsmetasploit
2011-12-01CoDeSys SCADA 2.3 - Remote ExploitHMIwindowsCelil Unuver
2011-09-16Measuresoft ScadaPro <= 4.0.0 - Remote Command ExecutionHMIwindowsmetasploit
2011-09-14Measuresoft ScadaPro <= 4.0.0 - Multiple Vulnerabilities HMIwindowsLuigi Auriemma
2011-09-13ScadaTEC ScadaPhone <= 5.3.11.1230 - Stack Buffer Overflow HMIwindowsmetasploit
2011-09-12ScadaTEC ModbusTagServer & ScadaPhone (.zip) Buffer Overflow Exploit (0day)OPCwindowsmr_me
2011-08-26Sunway Force Control SCADA 6.1 SP3 httpsrv.exe ExploitHMIwindowsCanberk BOLAT
2011-06-22RealWin SCADA Server DATAC Login Buffer OverflowOPCwindowsmetasploit
2011-06-20DATAC RealWin SCADA Server 2 On_FC_CONNECT_FCS_a_FILE Buffer OverflowOPCwindowsmetasploit
2011-03-23Advantech/BroadWin SCADA WebAccess 7.0 - Multiple Remote Security VulnerabilitiesPLCmultipleRuben Santamarta
2011-03-07KingView 6.5.3 SCADA ActiveX ExploitHMIwindowsCarlos Mario Penagos Hollmann
2011-01-09KingView 6.5.3 SCADA HMI Heap Overflow PoCHMIwindowsDillon Beresford
2010-11-30DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) - SCPC_INITIALIZE Buffer OverflowOPCwindowsmetasploit
2010-11-30DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) - SCPC_INITIALIZE_RF Buffer OverflowOPCwindowsmetasploit
2010-11-24DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) - SCPC_TXTEVENT Buffer OverflowOPCwindowsmetasploit
2010-11-14CitectSCADA/CitectFacilities ODBC Buffer OverflowOPCwindowsmetasploit
2010-10-27DATAC RealWin SCADA 1.06 - Buffer Overflow ExploitOPCwindowsblake
2010-10-04ITS SCADA Username - SQL Injection VulnerabilityHMIphpEugene Salov
2010-10-01Intellicom Netbiter webSCADA Products 'read.cgi' Multiple Remote Security VulnerabilitiesHMIcgiEugene Salov
2010-05-09DATAC RealWin SCADA Server Buffer OverflowOPCwindowsmetasploit
2008-09-26DATAC RealWin SCADA Server 2.0 - Remote Stack Buffer Overflow VulnerabilityOPCwindowsRuben Santamarta
2008-09-05CitectSCADA ODBC Server Remote Stack Buffer Overflow Exploit (meta)OPCwindowsKevin Finisterre