CVEs

Here is a list of all the vulnerabilities I found over the years.

Year CVE Vendor Product Vulnerability Type
2019 CVE-2019-13554 GE Mark VIe Controller IMPROPER AUTHORIZATION (CWE-285)
2019 CVE-2019-13559 GE Mark VIe Controller USE OF HARD-CODED CREDENTIALS (CWE-798)
2019 CVE-2019-18243 GE HMI/SCADA iFIX INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE (CWE-732)
2019 CVE-2019-18255 GE HMI/SCADA iFIX INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE (CWE-732)
2020 CVE-2020-10939 Phoenix Contact PC WORX SRT IMPROPER PRIVILEGE MANAGEMENT (CWE-269)
2020 CVE-2020-6992 GE CIMPLICITY IMPROPER PRIVILEGE MANAGEMENT (CWE-269)
2020 CVE-2020-10641 Inductive Automation Ignition IMPROPER ACCESS CONTROLS (CWE-284)
2020 CVE-2020-7494 Schneider Electric EcoStruxure Operator Terminal Expert PATH TRAVERSAL (CWE-22)
2020 CVE-2020-7495 Schneider Electric EcoStruxure Operator Terminal Expert PATH TRAVERSAL (CWE-22)
2020 CVE-2020-7496 Schneider Electric EcoStruxure Operator Terminal Expert ARGUMENT INJECTION (CWE-88)
2020 CVE-2020-12038 Rockwell Automation EDS Subsystem IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER (CWE-119)
2020 CVE-2020-12034 Rockwell Automation EDS Subsystem IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (‘SQL INJECTION’) (CWE-89)
2020 CVE-2020-11999 Rockwell Automation FactoryTalk Linx IMPROPER INPUT VALIDATION (CWE-20)
2020 CVE-2020-12001 Rockwell Automation FactoryTalk Linx IMPROPER INPUT VALIDATION (CWE-20)
2020 CVE-2020-12003 Rockwell Automation FactoryTalk Linx IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (‘PATH TRAVERSAL’) (CWE-22)
2020 CVE-2020-12005 Rockwell Automation FactoryTalk Linx UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE (CWE-434)
2020 CVE-2020-12033 Rockwell Automation FactoryTalk Services Platform IMPROPER INPUT VALIDATION (CWE-20)
2020 CVE-2020-12025 Rockwell Automation Logix Designer Studio 5000 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE (CWE-611)
2020 CVE-2020-14498 HMS Industrial Networks eCatcher STACK-BASED BUFFER OVERFLOW (CWE-121)
2020 CVE-2020-14500 Secomea GateManager IMPROPER NEUTRALIZATION OF NULL BYTE OR NUL CHARACTER (CWE-158)
2020 CVE-2020-14508 Secomea GateManager OFF-BY-ONE ERROR (CWE-193)
2020 CVE-2020-14510 Secomea GateManager USE OF HARD-CODED CREDENTIALS (CWE-798)
2020 CVE-2020-14512 Secomea GateManager USE OF PASSWORD HASH WITH INSUFFICIENT COMPUTATIONAL EFFORT (CWE-916)
2020 CVE-2020-14509 WIBU-SYSTEMS CodeMeter BUFFER ACCESS WITH INCORRECT LENGTH VALUE (CWE-805)
2020 CVE-2020-14517 WIBU-SYSTEMS CodeMeter INADEQUATE ENCRYPTION STRENGTH (CWE-326)
2020 CVE-2020-14519 WIBU-SYSTEMS CodeMeter ORIGIN VALIDATION ERROR (CWE-346)
2020 CVE-2020-14513 WIBU-SYSTEMS CodeMeter IMPROPER INPUT VALIDATION (CWE-20)
2020 CVE-2020-14515 WIBU-SYSTEMS CodeMeter IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE (CWE-347)
2020 CVE-2020-16233 WIBU-SYSTEMS CodeMeter IMPROPER RESOURCE SHUTDOWN OR RELEASE (CWE-404)
2020 CVE-2020-25159 Real Time Automation EtherNet/IP Protocol Stack STACK-BASED BUFFER OVERFLOW (CWE-121)
2020 CVE-2020-27253 Rockwell Automation FactoryTalk Linx IMPROPER INPUT VALIDATION (CWE-20)
2020 CVE-2020-27251 Rockwell Automation FactoryTalk Linx HEAP-BASED BUFFER OVERFLOW (CWE-122)
2020 CVE-2020-27255 Rockwell Automation FactoryTalk Linx HEAP-BASED BUFFER OVERFLOW (CWE-122)
2020 CVE-2020-10291 KUKA Visual Components Network License Server EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR (CWE-200)
2020 CVE-2020-10292 KUKA FactoryTalkVisual Components Network License Server UNCAUGHT EXCEPTION (CWE-248)
2021 CVE-2021-22665 Rockwell Automation DriveTools SP, Drives AOP UNCONTROLLED SEARCH PATH ELEMENT (CWE-427)
2021 CVE-2021-22681 Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers INSUFFICIENTLY PROTECTED CREDENTIALS (CWE-522)
2021 CVE-2021-27406 PerFact OpenVPN-Client EXTERNAL CONTROL OF SYSTEM OR CONFIGURATION SETTING (CWE-15)

Sharon Brizinov