SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

Date Title Type Platform Author
2017-11-09AutomationDirect CLICK, C-More, C-More Micro, GS Drives, and SL-Soft SOLOOtherAutomationDirectMark Cross of RIoT Solutions reported the vulnerability to ICS-CERT.
2017-11-09Schneider Electric InduSoft Web Studio and InTouch Machine EditionOtherSchneider ElectricAaron Portnoy, formerly of Exodus Intelligence, reported the vulnerability to Schneider Electric.
2017-11-02Advantech WebAccessOtherAdvantechSteven Seeley, working with Zero Day Initiative, reported the vulnerabilities to ICS-CERT.
2017-11-02Siemens SIMATIC PCS 7OtherSiemensSergey Temnikov and Vladimir Dashchenko of Kaspersky Labs reported the vulnerability to Siemens.
2017-10-31ABB FOX515TOtherABBKetan Bali reported the vulnerability to ABB.
2017-10-31Trihedral Engineering Limited VTScadaOtherTrihedralKarn Ganeshen and Mark Cross independently discovered these vulnerabilities and reported them to ICS-CERT.
2017-10-26Korenix JetNetOtherKorenixMandar Jadhav of the Qualys Vulnerability Signature/Research Team reported these vulnerabilities to ICS-CERT.
2017-10-26Rockwell Automation Stratix 5100OtherRockwell AutomationMathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium discovered this vulnerability.
2017-10-19SpiderControl MicroBrowserOtherSpiderControlKarn Ganeshen reported this vulnerability to ICS-CERT.
2017-10-17Progea Movicon SCADA/HMIOtherProgeaKarn Ganeshen reported these vulnerabilities to ICS-CERT.
2017-10-12Envitech Ltd. EnviDAS UltimateOtherEnvitech Ltd.Can Demirel and Deniz Çevik of Biznet Bilisim discovered the vulnerability and tested the patch.
2017-10-12NXP Semiconductors MQX RTOSOtherNXP SemiconductorsScott Gayou identified and coordinated these vulnerabilities with NXP, CERT/CC, and ICS-CERT.
2017-10-12ProMinent MultiFLEX M10a ControllerOtherProMinentMaxim Rupp disclosed this vulnerability to ICS-CERT.
2017-10-12Siemens BACnet Field PanelsOtherSiemensSiemens reported these vulnerabilities to ICS-CERT.
2017-10-12WECON Technology Co., Ltd. LeviStudio HMI EditorOtherWECON Technology Co., Ltd. (WECON)Andrea “rgod” Micalizzi, working with iDefense Labs, reported these vulnerabilities to ICS-CERT.
2017-10-10JanTek JTC-200OtherJanTekKarn Ganeshan reported the vulnerabilities to ICS-CERT.
2017-10-10LAVA Computer MFG Inc. Ether-Serial LinkOtherLAVA Computer MFG Inc.Maxim Rupp reported this vulnerability to ICS-CERT.
2017-10-05GE CIMPLICITY (Update A)OtherGEDavid Atch of CyberX reported the vulnerability to ICS-CERT.
2017-09-28Siemens Ruggedcom ROS, SCALANCEOtherSiemensSiemens reported this vulnerability to ICS-CERT.
2017-09-21Ctek, Inc. SkyRouterOtherCtek, Inc.Maxim Rupp reported the vulnerability to ICS-CERT.
2017-09-21iniNet Solutions GmbH SCADA WebserverPLCiniNet Solutions GmbHMatthias Niedermaier and Florian Fischer, both of Augsburg University of Applied Sciences, reported this vulnerability.
2017-09-21Schneider Electric InduSoft Web Studio, InTouch Machine EditionOtherSchneider ElectricAaron Portnoy, formerly of Exodus Intelligence, discovered and reported this vulnerability to ICS-CERT.
2017-09-21Digium Asterisk GUIOtherDigiumDavy Douhine of RandoriSec reported the vulnerability to ICS-CERT.
2017-09-21Saia Burgess Controls PCD ControllersOtherSaia Burgess ControlsDavide Fauri of Eindhoven University of Technology discovered and reported this vulnerability to ICS-CERT.
2017-09-19PHOENIX CONTACT mGuard Device ManagerOtherPHOENIX CONTACTPHOENIX CONTACT reported these vulnerabilities to CERT@VDE. CERT@VDE coordinated these vulnerabilities with ICS-CERT.
2017-09-14LOYTEC LVIS-3MEOtherLOYTECDavy Douhine of RandoriSec reported the vulnerabilities to ICS-CERT.
2017-09-12mySCADA myPROOthermySCADAKarn Ganeshen reported this vulnerability to ICS-CERT.
2017-09-07PHOENIX CONTACT, Innominate Security Technologies mGuard FirmwareOtherPHOENIX CONTACTPHOENIX CONTACT has reported this vulnerability via CERT@VDE to ICS-CERT.
2017-09-07SpiderControl SCADA Web ServerOtherSpiderControlKarn Ganeshen reported this vulnerability to ICS-CERT.
2017-08-31Siemens LOGO!OtherSiemensMaxim Rupp discovered one of these two vulnerabilities.
2017-08-31OPW Fuel Management Systems SiteSentinel Integra and SiteSentinel iSiteOtherOPW Fuel Management SystemsSemen Rozhkov of Kaspersky Lab discovered these vulnerabilities. OPW hired a third party testing firm to validate that the firmw
2017-08-31Siemens industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundationOPCSiemensSergey Temnikov of Kaspersky Lab reported this vulnerability to Siemens.
2017-08-31Siemens 7KM PAC Switched EthernetOtherSiemensSiemens reported this vulnerability and released an advisory with firmware update information.
2017-08-31Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VUOtherAutomated Logic Corporation (ALC)Evgeny Ermakov from Kaspersky Lab has identified the vulnerability.
2017-08-29AzeoTech DAQFactoryOtherAzeoTechKarn Ganeshen reported these vulnerabilities to ICS-CERT.
2017-08-29Advantech WebAccessOtherAdvantech
2017-08-24Rockwell Automation Allen-Bradley Stratix and ArmorStratixOtherRockwell AutomationCisco discovered these vulnerabilities during internal testing. Rockwell Automation reported these vulnerabilities to ICS-CERT.
2017-08-24Westermo MRD-305-DIN, MRD-315, MRD-355, and MRD-455OtherWestermoMandar Jadhav from Qualys Security has identified the vulnerabilities.
2017-08-22SpiderControl SCADA MicroBrowserOtherSpiderControlKarn Ganeshen, working with Trend Micro’s Zero Day Initiative (ZDI), discovered this vulnerability.
2017-08-22Automated Logic Corporation WebCTRL, i-VU, SiteScanOtherAutomated Logic Corporation (ALC)Gjoko Krstic from Zero Science Lab identified the vulnerabilities.
2017-07-06Schneider Electric Wonderware ArchestrA LoggerOtherSchneider ElectricAndrey Zhukov of USSC discovered this vulnerability and reported it to Schneider Electric. Schneider Electric then self-reported
2017-07-06Siemens OZW672 and OZW772OtherSiemensStefan Viehböck from SEC Consult reported these vulnerabilities to Siemens.
2017-07-06Siemens SIPROTEC 4 and SIPROTEC CompactOtherSiemensSiemens reported these vulnerabilities to ICS-CERT when they made firmware available to fix them.
2017-07-06Schneider Electric Ampla MESOtherSchneider ElectricIlya Karpov from Positive Technologies reported these vulnerabilities to Schneider Electric.
2017-07-06Siemens ReyrolleOtherSiemensSiemens reported these vulnerabilities to ICS-CERT when they made firmware available to fix them.
2017-06-29Siemens Viewport for Web Office PortalOtherSiemensHannes Trunde from Kapsch BusinessCom AG reported this vulnerability to Siemens.
2017-06-29Siemens SIMATIC Industrial PCs, SINUMERIK Panel Control Unit, and SIMOTION P320OtherSiemensMaksim Malyutin from Embedi reported this issue to Intel.
2017-06-29Schneider Electric U.motion BuilderOtherSchneider Electricrgod working with Trend Micro’s Zero Day Initiative identified these vulnerabilities.
2017-06-27Newport XPS-Cx, XPS-QxOtherNewportMaxim Rupp identified the vulnerability.
2017-06-22Siemens SIMATIC CP 44x-1 Redundant Network Access ModulesOtherSiemensSiemens reported this vulnerability.
2017-06-22Siemens XHQOtherSiemensSiemens self-reported this vulnerability.
2017-06-20Ecava IntegraXorOtherEcavaTenable Network Security reported the vulnerability and tested the patch.
2017-06-14Cambium Networks ePMPOtherCambium NetworksKarn Ganeshen identified these vulnerabilities.
2017-06-13OSIsoft PI Server 2017OtherOSIsoftOSIsoft self-disclosed these vulnerabilities.
2017-06-13OSIsoft PI Web API 2017OtherOSIsoftThese issues were found by OSIsoft and reported once they had prepared an upgrade to fix them.
2017-06-13Trihedral VTScadaOtherTrihedralKarn Ganeshen discovered the vulnerabilities and has tested the patch.
2017-06-06Rockwell Automation PanelView Plus 6 700-1500OtherRockwell AutomationRockwell Automation self-reported this vulnerability.
2017-06-06Digital Canal Structural Wind AnalysisOtherDigital Canal StructuralKarn Ganeshen has identified the vulnerability.
2017-06-01Phoenix Broadband Technologies LLC PowerAgent SC3 Site ControllerOtherPhoenix Broadband Technologies LLCIñaki Rodríguez discovered this vulnerability and tested the patch.
2017-05-23Moxa OnCellOtherMoxaIndependent researcher Maxim Rupp identified the vulnerabilities.
2017-05-23Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400OtherRockwell AutomationThese vulnerabilities were reported to ICS-CERT by Rockwell Automation, David Formby and Raheem Beyah of Georgia Tech and Fortip
2017-05-18Schneider Electric Wonderware InduSoft Web StudioOtherSchneider ElectricKarn Ganeshen identified this vulnerability.
2017-05-18Miele Professional PG 85 SeriesOtherMiele ProfessionalJens Regel of Schneider & Wulf publicly disclosed this vulnerability without ICS-CERT coordination.
2017-05-16Schneider Electric SoMachine HVACOtherSchneider ElectricIndependent researcher Zhou YU reported the buffer overflow vulnerability to ICS-CERT. Schneider Electric reported to ICS-CERT t
2017-05-16Detcon SiteWatch GatewayOtherDetconIndependent researcher Maxim Rupp reported the vulnerabilities.
2017-05-16Schneider Electric VAMPSETOtherSchneider ElectricKushal Arvind Shah from Fortinets Fortiguard Labs reported this vulnerability directly to Schneider Electric.
2017-05-16Hanwha Techwin SRN-4000OtherHanwha TechwinCan Demirel and Faruk Unal of Biznet Bilisim discovered the vulnerability and have tested the patch.
2017-05-11Phoenix Contact GmbH mGuardOtherPhoenix ContactPhoenix Contact GmbH self-reported these vulnerabilities.
2017-05-11Satel Iberia SenNet Data Logger and Electricity MetersOtherSatel IberiaKarn Ganeshan discovered this vulnerability.
2017-05-09Siemens SIMATIC WinCC and SIMATIC WinCC Runtime ProfessionalOtherSiemensSergey Temnikov and Vladimir Dashchenko of the Kaspersky Lab Critical Infrastructure Defense Team reported this vulnerability di
2017-05-09Siemens devices using the PROFINET Discovery and Configuration ProtocolOtherSiemensDuan JinTong, Ma ShaoShuai, and Cheng Lei from NSFOCUS Security Team reported this vulnerability directly to Siemens.
2017-05-09Siemens devices using the PROFINET Discovery and Configuration ProtocolOtherSiemensDuan JinTong, Ma ShaoShuai, and Cheng Lei from NSFOCUS Security Team reported these vulnerabilities directly to Siemens.
2017-05-09Rockwell Automation Stratix 5900OtherRockwell AutomationCisco Systems, Inc. reported these vulnerabilities to Rockwell Automation.
2017-05-04Advantech WebAccessOtherAdvantechZhou Yu working with Trend Micro’s Zero Day Initiative discovered the vulnerability. Zhou Yu has tested the new software and val
2017-05-04Dahua Technology Co., Ltd Digital Video Recorders and IP CamerasOtherDahua TechnologyResearcher Bashis disclosed these vulnerabilities without coordination with ICS-CERT.
2017-05-04Hikvision CamerasOtherHikvisionIPcamtalk user “Montecrypto” identified these vulnerabilities.
2017-05-04Rockwell Automation ControlLogix 5580 and CompactLogix 5380OtherRockwell AutomationN/A
2017-05-02CyberVision Kaa IoT PlatformOtherCyberVisionJacob Baines from Tenable Network Security is credited with the discovery of this vulnerability.
2017-05-02Advantech B+B SmartWorx MESR901OtherAdvantechMaxim Rupp has identified the vulnerability.
2017-05-02Schneider Electric Wonderware Historian ClientOtherSchneider ElectricAndrey Zhukov from USSC reported this vulnerability and has tested the patch.
2017-04-27GE Multilin SR Protective RelaysOtherGEGE reported the vulnerability to ICS-CERT. It was initially identified by New York University security researchers Anastasis Kel
2017-04-25BLF-Tech LLC VisualView HMIHMIBLF-Tech LLCKarn Ganeshen discovered this vulnerability.
2017-04-25Hyundai Motor America Blue LinkOtherHyundai Motor AmericaThese vulnerabilities were discovered by Will Hatzer and Arjun Kumar working with Rapid7.
2017-04-25Sierra Wireless AirLink Raven XE and XTOtherSierra WirelessIndependent researcher Karn Ganeshen identified and publicly released vulnerabilities in the Sierra Wireless AirLink Raven XE an
2017-04-13Schneider Electric Modicon M221 PLCs and SoMachine BasicOtherSchneider ElectricSimon Heming, Maik Bruggemann, Hendrik Schwartke, and Ralf Spenneberg of Open Source Security discovered these vulnerabilities.
2017-04-13Wecon Technologies LEVI Studio HMI EditorOtherWecon TechnologiesAndrea (rgod) Micalizzi, working with iDefense Labs, reported these vulnerabilities.
2017-04-11Schneider Electric Modicon Modbus ProtocolPLCSchneider ElectricEran Goldstein of CRITIFENCE reported the identified vulnerabilities.
2017-04-06Certec EDV GmbH atvise scadaOtherCertec EDV GmbHSebastian Neef of discovered the vulnerabilities.
2017-04-04MODBUS UMAS AUTHENTICATION BYPASSPLCSchneider Electric UnityEran Goldstein of CRITIFENCE reported the identified vulnerabilities.
2017-04-04MODBUS UMAS VIOLATION OF SECURE DESIGN PRINCIPLESPLCSchneider Electric UnityEran Goldstein of CRITIFENCE reported the identified vulnerabilities.
2017-04-04Marel Food Processing SystemsOtherMarelDaniel Lance reported these vulnerabilities to ICS-CERT.
2017-04-04Rockwell Automation Allen-Bradley Stratix and Allen-Bradley ArmorStratixOtherRockwell AutomationRockwell Automation has reported this vulnerability.
2017-04-04Schneider Electric Interactive Graphical SCADA System SoftwareOtherSchneider ElectricKarn Ganeshen reported this vulnerability.
2017-03-30Schneider Electric Modicon PLCsPLCSchneider ElectricDavid Formby and Raheem Beyah of Georgia Tech and Fortiphyd Logic, Inc. reported the identified vulnerabilities.
2017-03-30Schneider Electric Wonderware InTouch Access AnywhereOtherSchneider ElectricRuslan Habalov and Jan Bee of the Google ISA Assessments Team identified these vulnerabilities.
2017-03-283S-Smart Software Solutions GmbH CODESYS Web ServerOther3S-Smart Software Solutions GmbHDavid Atch of CyberX discovered the vulnerabilities and has tested the patch.
2017-03-28Siemens RUGGEDCOM ROX IOtherSiemensMaxim Rupp reported these vulnerabilities directly to Siemens.
2017-03-23LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADAOtherLCDSKarn Ganeshen, working with Trend Micros Zero Day Initiative (ZDI), discovered this vulnerability.
2017-03-21Rockwell Automation Connected Components WorkbenchOtherRockwell AutomationIvan Sanchez reported this vulnerability.
2017-03-16LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADAOtherLCDSKarn Ganeshen identified and reported the vulnerability to ICS-CERT and tested the update.
2017-03-14Fatek Automation PLC Ethernet ModuleOtherFatekAn anonymous researcher working with Trend Micros Zero Day Initiative identified this vulnerability.
2017-03-09Schneider Electric ClearSCADAOtherSchneider ElectricSergey Temnikov and Vladimir Dashchenko of Kapersky Labs Critical Infrastructure Defense Team identified and reported the vulne
2017-03-07Schneider Electric Wonderware IntelligenceOtherSchneider ElectricSchneider Electric self-reported this vulnerability.
2017-03-02Schneider Electric Conext ComBoxOtherSchneider ElectricArik Kublanov and Mark Liapustin of Nation-E Ltd reported this vulnerability.
2017-03-02Eaton xComfort Ethernet Communication InterfaceOtherEatonMaxim Rupp identified the vulnerability.
2017-03-02Siemens SINUMERIK Integrate and SINUMERIK OperateOtherSiemensSiemens
2017-02-28Siemens RUGGEDCOM NMSOtherSiemensSiemens
2017-02-23Schneider Electric Modicon M340 PLCOtherSchneider ElectricLuis Francisco Martin Liras reported the issue to Schneider Electric.
2017-02-23VIPA Controls WinPLC7OtherVIPA ControlsAriele Caltabiano (kimiya) working with Trend Micros Zero Day Initiative reported this vulnerability.
2017-02-23Red Lion Controls Sixnet-Managed Industrial Switches, AutomationDirect STRIDE-Managed Ethernet Switches VulnerabilityOtherRed Lion ControlsMark Cross of RIoT Solutions identified these vulnerabilities.
2017-02-14Geutebruck IP CamerasOtherGeutebruckFlorent Montel and Frederic Cikala discovered the authentication bypass vulnerability, and Davy Douhine of RandoriSec discovered
2017-02-14Siemens SIMATIC Authentication BypassOtherSiemensSiemens
2017-02-14Advantech WebAccessOtherAdvantechLi MingZheng Kuangn identified the vulnerability and tested the patch.
2017-02-09Hanwha Techwin Smart Security ManagerOtherHanwha TechwinSteven Seeley of Source Incite discovered these vulnerabilities.
2017-02-07Sielco Sistemi Winlog SCADA SoftwareOtherSielco SistemiResearcher Karn Ganeshen identified this vulnerability.
2017-01-31Ecava IntegraXorOtherEcavaIndependent researchers Brian Gorenc and Juan Pablo Lopez working with Trend Micros Zero Day Initiative have identified the SQL
2017-01-31BINOM3 Electric Power Quality Meter (Update A)OtherBINOM3Karn Ganeshen reported these vulnerabilities.
2017-01-26Belden Hirschmann GECKOOtherBeldenDavy Douhine of RandoriSec identified this vulnerability.
2017-01-26Belden Hirschmann GECKOOtherBeldenDavy Douhine
2017-01-24Schneider Electric Wonderware HistorianOtherSchneider ElectricRuslan Habalov and Jan Bee
2017-01-24Schneider Electric Wonderware HistorianOtherSchneider ElectricRuslan Habalov and Jan Bee of the Google ISA Assessments Team discovered this vulnerability.
2017-01-19Schneider Electric homeLYnk ControllerOtherSchneider ElectricMohammed Shameem
2017-01-17Phoenix Contact mGuardOtherPhoenix ContactThis vulnerability was discovered by Phoenix Contact.
2017-01-17GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian VulnerabilityHMIGEIlya Karpov
2017-01-12VideoInsight Web ClientOtherVideoInsightJuan Pablo Lopez Yacubian reported this vulnerability and has tested the patch.
2017-01-12Carlo Gavazzi VMU-C EM and VMU-C PVOtherCarlo GavazziKarn Ganeshen has reported these vulnerabilities.
2017-01-12Advantech WebAccessOtherAdvantechTenable Network Security working with Trend Micros Zero Day Initiative
2017-01-10OSIsoft PI Coresight and PI Web APIOtherOSIsoftVint Maggs from Savannah River Nuclear Solutions reported this issue to OSIsoft.
2017-01-09St. Jude Merlin@home Transmitter VulnerabilityOtherSt. Jude MedicalMedSec Holdings
2017-01-05Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow VulnerabilityPLCRockwell AutomationRockwell Automation
2017-01-05Rockwell Automation MicroLogix 1100 and 1400 VulnerabilitiesPLCRockwell AutomationAlexey Osipov and Ilya Karpov
2016-12-22Fidelix FX-20 Series Controllers Path Traversal VulnerabilityOtherFidelixSemen Rozhkov
2016-12-22WAGO Ethernet Web-based Management Authentication Bypass VulnerabilityOtherWAGOMaxim Rupp
2016-12-20Siemens Desigo PX Web Module Insufficient Entropy VulnerabilityOtherSiemensMarcella Hastings, Joshua Fried, and Nadia Heninger
2016-12-15Fatek Automation PLC WinProladder Stack-Based Buffer Overflow VulnerabilityPLCFatekTrend Micro Zero Day Initiative (ZDI)
2016-12-15OmniMetrix OmniView VulnerabilitiesOtherOmniMetrixBill Voltmer
2016-12-13Visonic PowerLink2 VulnerabilitiesOtherVisonicAditya K. Sood
2016-12-13Delta Electronics WPLSoft, ISPSoft, and PMSoft VulnerabilitiesPLCDelta Electronicsaxt, Ariele Caltabiano
2016-12-13Siemens SIMATIC WinCC and SIMATIC PCS 7 ActiveX VulnerabilityOtherSiemensMingzheng Li
2016-12-13Moxa DACenter VulnerabilitiesOPCMoxaZhou Yu
2016-12-13Siemens S7-300/400 PLC VulnerabilitiesPLCSiemensZhu WenZhe
2016-12-08Sauter NovaWeb Web HMI Authentication Bypass VulnerabilityHMISauterMaxim Rupp
2016-12-08INTERSCHALT VDR G4e Path Traversal VulnerabilityOtherINTERSCHALTMaxim Rupp
2016-12-08Moxa MiiNePort Session Hijack VulnerabilitiesOtherMoxaAditya Sood
2016-12-06Tesla Gateway ECU VulnerabilityOtherTeslaTencents Keen Security Lab
2016-12-01Advantech SUSIAccess Server VulnerabilitiesOtherAdvantechrgod
2016-12-01Siemens SICAM PAS VulnerabilitiesOtherSiemensIlya Karpov and Dmitry Sklyarov
2016-12-01Smiths-Medical CADD-Solis Medication Safety Software VulnerabilitiesOtherSmiths-MedicalSmiths-Medical
2016-12-01Moxa NPort Device VulnerabilitiesOtherMoxaReid Wightman, Mikael Vingaard, Maxim Rupp
2016-12-01Mitsubishi Electric MELSEC-Q Series Ethernet Interface Module VulnerabilitiesOtherMitsubishiVladimir Dashchenko
2016-11-29Emerson DeltaV Easy Security Management Application VulnerabilityOtherEmersonEmerson
2016-11-29Emerson DeltaV Wireless I/O Card Open SSH Port VulnerabilityOtherEmersonEmerson
2016-11-29Emerson Liebert SiteScan XML External Entity VulnerabilityOtherEmersonEvgeny Ermakov
2016-11-22Siemens SIMATIC CP 1543-1 VulnerabilitiesOtherSiemensSOGETI and ANSSI
2016-11-22Siemens SIMATIC CP 343-1/CP 443-1 Modules and SIMATIC S7-300/S7-400 CPUs VulnerabilitiesOtherSiemensSiemens
2016-11-17Vanderbilt Industries Siemens IP CCTV Cameras VulnerabilityOtherVanderbilt IndustriesSiemens
2016-11-17Moxa SoftCMS VulnerabilitiesOtherMoxaICS-CERT
2016-11-15Lynxspring JENEsys BAS Bridge VulnerabilitiesOtherLynxspringICS-CERT
2016-11-10CA Unified Infrastructure Management Directory Traversal VulnerabilityHMI SoftwarCA Technologies Unified Infrastructure ManagementAndrea Micalizzi
2016-11-08Phoenix Contact ILC PLC Authentication VulnerabilitiesPLCPhoenix Contact ILC 1xxMatthias Niedermaier and Michael Kapfer
2016-11-08OSIsoft PI System Incomplete Model of Endpoint Features VulnerabilitySOFTWAREOSIsoft PI SystemOSIsoft
2016-11-08Siemens Industrial Products Local Privilege Escalation VulnerabilitySOFTWARESiemens SIMATIC (Multiple)WATERSURE and KIANDRA IT
2016-11-03Moxa OnCell Security VulnerabilitiesNETWORKMoxa OnCellMaxim Rupp
2016-11-03Schneider Electric Magelis HMI Resource Consumption VulnerabilitiesHMISchneider Electric Magelis Advanced HMI Panel (PanelShock)Eran Goldstein
2016-11-03Schneider Electric IONXXXX Series Power Meter VulnerabilitiesOTHERSchneider Electric IONXXXX Karn Ganeshen
2016-11-01IBHsoftec S7-SoftPLC CPX43 Heap-based Buffer Overflow VulnerabilitySOFTWAREIBHsoftec S7-SoftPLCAriele Caltabiano (kimiya)
2016-11-01Schneider Electric ConneXium Buffer Overflow VulnerabilityNETWORKConneXium firewallNir Giller
2016-11-01Schneider Electric Unity PRO Control Flow Management VulnerabilitySOFTWARESchneider Electric Unity PROAvihay Kain and Mille Gandelsman
2016-10-27Honeywell Experion PKS Improper Input Validation VulnerabilitySOFTWAREHoneywell Experion PKSHoneywell
2016-10-25Siemens SICAM RTU Devices Denial-of-Service VulnerabilityNETWORKSiemens SICAMAdam Crain
2016-10-20Moxa EDR-810 Industrial Secure Router Privilege Escalation VulnerabilityNETWORKMoxa EDR-810Maxim Rupp
2016-10-18Schneider Electric PowerLogic PM8ECC Hard-coded Password VulnerabilitySOFTWAREPowerLogic PM8ECC He Congwen
2016-10-13Siemens Automation License Manager VulnerabilitiesSOFTWARESiemens ALMSergey Temnikov and Vladimir Dashchenko
2016-10-13Kabona AB WDC VulnerabilitiesHMIKabona AB WebDatorCentral WDCMartin Jartelius, John Stock
2016-10-13Fatek Automation Designer Memory Corruption VulnerabilitiesHMI SoftwarFatek Automation PM Designer, Automation FV DesignerAriele Caltabiano (kimiya)
2016-10-13OSIsoft PI Web API 2015 R2 Service Account Permissions VulnerabilitySOFTWAREOSIsoft PI Web API 2015 R2 (Version 1.5.1)OSIsoft
2016-10-13Siemens SIMATIC STEP 7 (TIA Portal) Information Disclosure VulnerabilitiesSOFTWARESiemens SIMATIC STEP 7 (TIA Portal)Dmitry Sklyarov and Gleb Gritsai
2016-10-13Rockwell Automation Stratix Denial-of-Service and Memory Leak VulnerabilitiesOTHERAllen-Bradley Stratix , Allen-Bradley ArmorStratixRockwell Automation
2016-10-13Moxa ioLogik E1200 Series VulnerabilitiesOTHERMoxa ioLogik ioLogikAlexandru Ariciu
2016-10-06GE Bently Nevada 3500/22M Improper Authorization VulnerabilityOTHERGE Bently Nevada 3500/22MGE
2016-10-05Animas OneTouch Ping Insulin Pump VulnerabilitiesOTHERJohnson & Johnson - Animas OneTouch Ping insulin pump systemRapid7
2016-10-04Beckhoff Embedded PC Images and TwinCAT Components VulnerabilitiesPLCBeckhoff Embedded PC, TwinCATMarko Schuba
2016-10-04INDAS Web SCADA Path Traversal VulnerabilityHMIINDAS Web SCADAEhab Hussein
2016-09-29American Auto-Matrix Front-End Solutions VulnerabilitiesOTHERAmerican Auto-Matrix Building Automation Front-End Solutions appMaxim Rupp
2016-09-27Siemens SCALANCE M-800/S615 Web VulnerabilityOTHERSiemens SCALANCE M-800/S615Alexander Van Maele and Tijl Deneut
2016-09-20Moxa Active OPC Server Unquoted Service Path Escalation VulnerabilityOPCMoxa Active OPC Server Zhou Yu
2016-09-15ABB DataManagerPro Credential Management VulnerabilitySOFTWAREABB DataManagerProAndrea Micalizzi
2016-09-15Trane Tracer SC Sensitive Information Exposure VulnerabilityHMITrane Tracer SCMaxim Rupp
2016-09-15Rockwell Automation RSLogix 500 AND RSLogix Micro File Parser Buffer Overflow VulnerabilitySOFTWARERockwell Automation RSLogix Ariele Caltabiano (kimiya)
2016-09-15Yokogawa STARDOM Authentication Bypass VulnerabilityPLCYokogawa STARDOM FCN/FCJ Yokogawa and JPCERT/CC
2016-09-06Siemens SIPROTEC 4 and SIPROTEC Compact VulnerabilitiesOTHERSiemens SIPROTEC EN100Kirill Nesterov and Anatoly Katushin
2016-08-23Moxa OnCell VulnerabilitiesOTHERMoxa OnCellMaxim Rupp
2016-08-22Navis WebAccess SQL Injection VulnerabilityCMSNavis WebAccessNCCIC/ICS-CERT
2016-08-18Navis WebAccess SQL Injection VulnerabilityOtherNavis?bRpsd
2016-08-11Rockwell Automation MicroLogix 1400 SNMP Credentials VulnerabilityPLCRockwell (Allen-Bradley) MicroLogix 1400Cisco Talos
2016-08-02Siemens SINEMA Server Privilege Escalation VulnerabilityOTHERSiemens SINEMArgod
2016-08-02Moxa SoftCMS SQL Injection VulnerabilityCMSMoxa SoftCMSZhou Yu
2016-07-26Siemens SINEMA Remote Connect Server Cross-site Scripting VulnerabilityOTHERSiemens SINEMA Remote Connect ServerAntonio Morales Maldonado, Alexander Van Maele and Tijl Deneut
2016-07-26Siemens SIMATIC NET PC-Software Denial-of-Service VulnerabilitySOFTWARESiemens SIMATIC NET PC-SoftwareVladimir Dashchenko and Sergey Temnikov
2016-07-26Rockwell Automation FactoryTalk EnergyMetrix VulnerabilitiesOPCRockwell (Allen-Bradley) FactoryTalk EnergyMetrixUS-CERT
2016-07-26Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional VulnerabilitiesHMI, OPCSiemens SIMATICSergey Temnikov, Vladimir Dashchenko
2016-07-14Schneider Electric SoMachine HVAC Unsafe ActiveX Control VulnerabilitySOFTWARESchneider Electric SoMachineAndrea Micalizzi
2016-07-14Moxa MGate Authentication Bypass VulnerabilityOTHERMoxa MGateMaxim Rupp
2016-07-14Schneider Electric Pelco Digital Sentry Video Management System VulnerabilityOTHERSchneider Electric Pelco Digital Sentry Video Management SystemSchneider Electric
2016-07-14Philips Xper-IM Connect VulnerabilitiesOTHERPhilips Xper-IM ConnectMike Ahmadi, Billy Rios
2016-07-12Tollgrade Smart Grid EMS LightHouse VulnerabilitiesOTHERLightHouseAshish Kamble
2016-07-12GE Proficy HMI SCADA CIMPLICITY Privilege Management VulnerabilityHMIGeneral Electric CIMPLICITYZhou Yu
2016-07-07WECON LeviStudio Buffer Overflow VulnerabilitiesHMILeviStudioRocco Calvi, Brian Gorenc
2016-07-07Moxa Device Server Web Console Authorization Bypass VulnerabilityOTHERMoxa Device Server Web Console 5232-NMaxim Rupp
2016-07-07GE Proficy HMI/SCADA CIMPLICITY 8.2 - Local Privilege EscalationHMIGeneral ElectricZhou Yu
2016-07-06Rexroth Bosch BLADEcontrol-WebVIS VulnerabilitiesHMIBosch Rexroth BLADEcontrol-WebVISMaxim Rupp
2016-06-30Siemens SICAM PAS VulnerabilitiesOTHERSiemens SICAM PASIlya Karpov, Dmitry Sklyarov
2016-06-30Eaton ELCSoft Programming Software Memory VulnerabilitiesSOFTWAREELCSoft Ariele Calgaviano
2016-06-23Meinberg NTP Time Server VulnerabilitiesOTHERMultipleRyan Wincey
2016-06-23Rockwell Automation Allen-Bradley Stratix 5400 and 5410 Packet Corruption VulnerabilityOTHERRockwell (Allen-Bradley) Stratix 54xxRockwell Automation
2016-06-23Unitronics VisiLogic OPLC IDE vlp File Parsing Stack Buffer Overflow VulnerabilityHMI, PLCUnitronics VisilogicSteven Seeley
2016-06-21Schneider Electric PowerLogic PM8ECC Cross-site Scripting VulnerabilityOTHERSchneider Electric PowerLogic PM8ECCSchneider Electric
2016-06-21Advantech WebAccess ActiveX VulnerabilitiesHMIAdvantech WebAccessZhou Yu
2016-06-16Moxa PT-7728 Series Switch Improper Authorization VulnerabilityOTHERMoxa PT-7728 SeriesCan Demirel
2016-06-09Siemens SIMATIC S7-300 Denial of-Service VulnerabilityPLCSiemens SIMANTIC S7-300Mate J. Csorba
2016-06-09Siemens SIMATIC WinCC Flexible Weakly Protected Credentials VulnerabilityHMISiemens SIMATIC WinCC flexibleGleb Gritsai, Roman Ilin
2016-06-07Trihedral VTScada VulnerabilitiesHMIVTScadaUNDISCLOSED
2016-06-07KMC Controls Conquest BACnet Router VulnerabilitiesOTHERBAC-5051EMaxim Rupp
2016-06-02GE MultiLink Series Hard-coded Credential VulnerabilityOTHERGeneral Electric MultilinkGE
2016-05-31Moxa UC 7408-LX-Plus Firmware Overwrite VulnerabilityOTHERMoxa UC-7408 LX-PlusUNDISCLOSED
2016-05-31ABB PCM600 VulnerabilitiesOPCABB PCM600Ilya Karpov
2016-05-26Sixnet BT Series Hard-coded Credentials VulnerabilityOTHERSixnet BTNeil Smith
2016-05-26Environmental Systems Corporation Data Controllers VulnerabilitiesOTHERESC 8832Maxim Rupp
2016-05-26Black Box AlertWerks ServSensor Credential Management VulnerabilityOTHERAlertWerks ServSensorLee Ryman
2016-05-24Moxa MiiNePort VulnerabilitiesOTHERMoxa MiiNePortKarn Ganeshen
2016-05-19Resource Data Management Intuitive 650 TDB Controller VulnerabilitiesOTHERIntuitive 650 TDB ControllerMaxim Rupp
2016-05-19Siemens SIPROTEC Information Disclosure VulnerabilitiesOTHERSiemens SIPROTECAleksandr Bersenev, Pavel Toporkov
2016-05-17Moxa EDR-G903 Secure Router VulnerabilitiesOTHERMoxa EDR-G903Maxim Rupp
2016-05-17IRZ RUH2 3G Firmware Overwrite VulnerabilityOTHERRUH2NCCIC/ICS-CERT
2016-05-12Meteocontrol WEBlog VulnerabilitiesOTHERWEBlogKarn Ganeshen
2016-05-10Panasonic FPWIN Pro VulnerabilitiesOTHERwindowsTrend Micro Zero Day Initiative (ZDI)
2016-04-14Siemens Industrial Products glibc Library VulnerabilityOTHERSiemensFermin J. Serna, Gynvael Coldwind, Thomas Garnier
2016-04-13Schneider Electric Magelis Advanced HMI Panel - Uncontrolled Resource Consumption vulnerabilityHMISchneider Electric Magelis Advanced HMI PanelEran Goldstein
2016-04-13Schneider Electric Magelis Advanced HMI Panel - PanelShock vulnerabilityHMISchneider Electric Magelis Advanced HMI PanelEran Goldstein
2016-04-12Siemens SCALANCE S613 Denial-of-Service VulnerabilityOTHERSiemens SCALANCE firewallSiemens
2016-04-12Honeywell Uniformance PHD Denial Of ServiceOTHERHoneywell Uniformance PHDHoneywell
2016-04-12Siemens Industrial Products DROWN VulnerabilityOTHERSiemens SCALANCE , ROXSiemens
2016-04-05Eaton Lighting Systems EG2 Web Control Authentication Bypass VulnerabilitiesHMIwindowsMaxim Rupp
2016-04-05Rockwell Automation Integrated Architecture Builder Access Violation Memory Error HMIRockwell (Allen-Bradley)Ivan Sanchez - Nullcode Team
2016-03-31ICONICS WebHMI Directory Traversal VulnerabilityHMIwindowsMaxim Rupp
2016-03-24Cogent DataHub Elevation of Privilege VulnerabilityOTHERwindowsSteven Seeley
2016-03-22Siemens APOGEE Insight Incorrect File Permissions VulnerabilityOTHERSiemens APOGEE Insight (All versions)HuNan Quality Inspection Institute
2016-03-17ABB Panel Builder 800 DLL Hijacking Vulnerability (Update A)HMIABB Panel Builder 800 version 5.1 and earlierIvan Sanchez - Nullcode Team
2016-03-15Siemens SIMATIC S7-1200 CPU Protection Mechanism FailurePLCSiemens SIMATIC S7-1200 CPU family: All versions < V4.0Maik Bruggemann and Ralf Spenneberg
2016-03-12Schneider Electric Telvent RTU Improper Ethernet Frame Padding Vulnerability RTUSchneider Electric Telvent SAGE RTUDavid Formby, Raheem Beyah
2016-03-05WAGO IO PLC 758-870 / 750-849 Credential Management / Privilege Separation VulnerabilityPLCSchneider Electric WAGO IO PLC 758-870, 750-849, 750-849Karn Ganeshen
2016-03-03Moxa ioLogik E2200 Series Weak Authentication PracticesRTUMoxa ioLogik E2200 series, ioAdmin Configuration UtilityAditya Sood
2016-03-03Schneider Electric SBO / AS - Multiple VulnerabilitiesPLCSchneider Electric SBOKarn Ganeshen
2016-03-01Rockwell Automation Allen-Bradley CompactLogix Reflective Cross-Site Scripting VulnerabilityPLCRockwell (Allen-Bradley) CompactLogixAditya Sood
2016-02-15Delta Industrial Automation DCISoft 1.12.09 - Stack Buffer Overflow ExploitHMIwindowsLiquidWorm
2016-02-04GE Industrial Solutions UPS SNMP Adapter < 4.8 - Multiple VulnerabilitiesOTHERGeneral Electric webKarn Ganeshen
2015-12-08iniNet SpiderControl SCADA Web Server Service 2.02 - Insecure File PermissionsHMIwindowsLiquidWorm
2015-01-28ClearSCADA - Remote Authentication Bypass ExploitHMIwindowsJeremy Brown
2014-12-15Soitec SmartEnergy 1.4 - SCADA Login SQL Injection Authentication Bypass ExploitHMIwindowsLiquidWorm
2014-09-24WS10 Data Server - SCADA Exploit Overflow PoCOPCwindowsPedro Sanchez
2014-02-11KingScada - kxClientDownload.ocx ActiveX Remote Code ExecutionHMIwindowsmetasploit
2013-12-03ABB MicroSCADA wserver.exe - Remote Code Execution PLCwindowsmetasploit
2013-10-22Interactive Graphical SCADA System Remote Command Injection HMIwindowsmetasploit
2013-01-08Advantech WebAccess HMI/SCADA Software Persistence XSS VulnerabilityPLCAdvantech aspSecPod Research
2012-12-04Advantech Studio 7.0 - SCADA/HMI Directory Traversal (0day)HMIwindowsNin3
2012-08-29Winlog Lite SCADA HMI system SEH 0verwrite VulnerabilityHMIwindowsCiph3r
2011-12-13CoDeSys SCADA 2.3 - Webserver Stack Buffer OverflowHMIwindowsmetasploit
2011-12-01CoDeSys SCADA 2.3 - Remote ExploitHMIwindowsCelil Unuver
2011-09-16Measuresoft ScadaPro <= 4.0.0 - Remote Command ExecutionHMIwindowsmetasploit
2011-09-14Measuresoft ScadaPro <= 4.0.0 - Multiple Vulnerabilities HMIwindowsLuigi Auriemma
2011-09-13ScadaTEC ScadaPhone <= - Stack Buffer Overflow HMIwindowsmetasploit
2011-09-12ScadaTEC ModbusTagServer & ScadaPhone (.zip) Buffer Overflow Exploit (0day)OPCwindowsmr_me
2011-08-26Sunway Force Control SCADA 6.1 SP3 httpsrv.exe ExploitHMIwindowsCanberk BOLAT
2011-06-22RealWin SCADA Server DATAC Login Buffer OverflowOPCwindowsmetasploit
2011-06-20DATAC RealWin SCADA Server 2 On_FC_CONNECT_FCS_a_FILE Buffer OverflowOPCwindowsmetasploit
2011-03-23Advantech/BroadWin SCADA WebAccess 7.0 - Multiple Remote Security VulnerabilitiesPLCmultipleRuben Santamarta
2011-03-07KingView 6.5.3 SCADA ActiveX ExploitHMIwindowsCarlos Mario Penagos Hollmann
2011-01-09KingView 6.5.3 SCADA HMI Heap Overflow PoCHMIwindowsDillon Beresford
2010-11-30DATAC RealWin SCADA Server 2.0 (Build - SCPC_INITIALIZE Buffer OverflowOPCwindowsmetasploit
2010-11-30DATAC RealWin SCADA Server 2.0 (Build - SCPC_INITIALIZE_RF Buffer OverflowOPCwindowsmetasploit
2010-11-24DATAC RealWin SCADA Server 2.0 (Build - SCPC_TXTEVENT Buffer OverflowOPCwindowsmetasploit
2010-11-14CitectSCADA/CitectFacilities ODBC Buffer OverflowOPCwindowsmetasploit
2010-10-27DATAC RealWin SCADA 1.06 - Buffer Overflow ExploitOPCwindowsblake
2010-10-04ITS SCADA Username - SQL Injection VulnerabilityHMIphpEugene Salov
2010-10-01Intellicom Netbiter webSCADA Products 'read.cgi' Multiple Remote Security VulnerabilitiesHMIcgiEugene Salov
2010-05-09DATAC RealWin SCADA Server Buffer OverflowOPCwindowsmetasploit
2008-09-26DATAC RealWin SCADA Server 2.0 - Remote Stack Buffer Overflow VulnerabilityOPCwindowsRuben Santamarta
2008-09-05CitectSCADA ODBC Server Remote Stack Buffer Overflow Exploit (meta)OPCwindowsKevin Finisterre