Here is a list of all the vulnerabilities I found over the years.
| Year | CVE | Vendor | Product | Vulnerability Type |
|---|---|---|---|---|
| 2023 | CVE-2022-46141 | Siemens | TIA Portal | CWE-316 |
| 2023 | CVE-2023-41738 | Synology | RT6600ax | CWE-20 |
| 2023 | CVE-2023-41739 | Synology | RT6600ax | CWE-20 |
| 2023 | CVE-2023-41740 | Synology | RT6600ax | CWE-20 |
| 2023 | CVE-2023-41741 | Synology | RT6600ax | CWE-20 |
| 2023 | CVE-2023-39481 | Softing | Secure Integration Server | CWE-367 |
| 2023 | CVE-2023-39480 | Softing | Secure Integration Server | CWE-20 |
| 2023 | CVE-2023-39479 | Softing | Secure Integration Server | CWE-20 |
| 2023 | CVE-2023-39478 | Softing | Secure Integration Server | CWE-668 |
| 2023 | CVE-2023-38125 | Softing | edgeAggregator Client | CWE-942 |
| 2023 | CVE-2023-38126 | Softing | edgeAggregator Client | CWE-22 |
| 2023 | CVE-2023-27335 | Softing | edgeAggregator Client | CWE-79 |
| 2023 | CVE-2023-39477 | Inductive Automation | Ignition | CWE-1325 |
| 2023 | CVE-2023-39461 | Triangle Microworks | SCADA Data Gateway | CWE-117 |
| 2023 | CVE-2023-39460 | Triangle Microworks | SCADA Data Gateway | CWE-22 |
| 2023 | CVE-2023-39462 | Triangle Microworks | SCADA Data Gateway | CWE-434 |
| 2023 | CVE-2023-39457 | Triangle Microworks | SCADA Data Gateway | CWE-287 |
| 2023 | CVE-2023-3825 | PTC Kepware | KEPServerEX | CWE-400 |
| 2023 | CVE-2023-27334 | Softing | OPC UA C++ SDK | CWE-400 |
| 2023 | CVE-2023-29378 | Softing | OPC UA C++ SDK | CWE-23 |
| 2023 | CVE-2023-29377 | Softing | OPC UA C++ SDK | CWE-22 |
| 2023 | CVE-2023-2639 | Rockwell Automation | FactoryTalk Services Platform | CWE-346 |
| 2023 | CVE-2023-2638 | Rockwell Automation | FactoryTalk Services Platform | CWE-287 |
| 2023 | CVE-2023-2637 | Rockwell Automation | FactoryTalk Services Platform | CWE-321 |
| 2023 | CVE-2023-2729 | Synology | Disk Station Manager | CWE-330 |
| 2023 | CVE-2022-36327 | Western Digital | MyCloud PR4100 | CWE-288 |
| 2023 | CVE-2022-29841 | Western Digital | MyCloud PR4100 | CWE-288 |
| 2023 | CVE-2022-36328 | Western Digital | MyCloud PR4100 | CWE-288 |
| 2023 | CVE-2022-36331 | Western Digital | MyCloud PR4100 | CWE-288 |
| 2023 | CVE-2023-33379 | ConnectedIO | ER2000 | CWE-732 |
| 2023 | CVE-2023-33378 | ConnectedIO | ER2000 | CWE-88 |
| 2023 | CVE-2023-33377 | ConnectedIO | ER2000 | CWE-78 |
| 2023 | CVE-2023-33376 | ConnectedIO | ER2000 | CWE-88 |
| 2023 | CVE-2023-33375 | ConnectedIO | ER2000 | CWE-121 |
| 2023 | CVE-2023-33374 | ConnectedIO | ER2000 | CWE-749 |
| 2023 | CVE-2023-33373 | ConnectedIO | ER2000 | CWE-256 |
| 2023 | CVE-2023-33372 | ConnectedIO | ER2000 | CWE-798 |
| 2023 | CVE-2023-32172 | Unified Automation | UaGateway OPC UA Server | CWE-476 |
| 2023 | CVE-2023-32787 | OPC Foundation | OPC UA Legacy Java Stack | UNCONTROLLED RESOURCE CONSUMPTION (CWE-400) |
| 2023 | ZDI-23-660 | Synology | Disk Station Manager | IMPROPER INPUT VALIDATION (CWE-22) |
| 2023 | ZDI-23-659 | Synology | Disk Station Manager | IMPROPER INPUT VALIDATION (CWE-22) |
| 2023 | ZDI-23-658 | Synology | Disk Station Manager | IMPROPER INPUT VALIDATION (CWE-22) |
| 2023 | CVE-2023-27321 | OPC Foundation | OPC UA .NET Stack | IMPROPERLY CONTROLLED SEQUENTIAL MEMORY ALLOCATION (CWE-1325) |
| 2023 | CVE-2023-31048 | OPC Foundation | OPC UA .NET Stack | GENERATION OF ERROR MESSAGE CONTAINING SENSITIVE INFORMATION (CWE-209) |
| 2023 | CVE-2023-27357 | Netgear | Nighthawk RAX30 | IMPROPER INPUT VALIDATION (CWE-22) |
| 2023 | CVE-2023-27367 | Netgear | Nighthawk RAX30 | IMPROPER INPUT VALIDATION (CWE-22) |
| 2023 | CVE-2023-27368 | Netgear | Nighthawk RAX30 | IMPROPER INPUT VALIDATION (CWE-22) |
| 2023 | CVE-2023-27369 | Netgear | Nighthawk RAX30 | IMPROPER INPUT VALIDATION (CWE-22) |
| 2023 | CVE-2023-27370 | Netgear | Nighthawk RAX30 | IMPROPER INPUT VALIDATION (CWE-22) |
| 2023 | CVE-2023-1552 | GE Gas Power | ToolBoxST | DESERIALIZATION OF UNTRUSTED DATA (CWE-502) |
| 2022 | CVE-2022-25888 | OPC UA Rust | OPC UA Rust Implementation | UNCONTROLLED RESOURCE CONSUMPTION (CWE-400) |
| 2022 | CVE-2022-25903 | OPC UA Rust | OPC UA Rust Implementation | UNCONTROLLED RESOURCE CONSUMPTION (CWE-400) |
| 2022 | CVE-2022-24381 | ASNeG OpcUaStack | ASNeG OPC UA C/C++ Implementation | UNCONTROLLED RESOURCE CONSUMPTION (CWE-400) |
| 2022 | CVE-2022-25302 | ASNeG OpcUaStack | ASNeG OPC UA C/C++ Implementation | UNCONTROLLED RESOURCE CONSUMPTION (CWE-400) |
| 2022 | CVE-2022-25304 | opcua-asyncio | opcua-asyncio OPC UA Python Implementation | UNCONTROLLED RESOURCE CONSUMPTION (CWE-400) |
| 2022 | CVE-2022-25761 | open62541 | open62541 OPC UA C/C++ Implementation | UNCONTROLLED RESOURCE CONSUMPTION (CWE-400) |
| 2022 | CVE-2022-24375 | node-opcua | node-opcua OPC UA NodeJS Implementation | UNCONTROLLED RESOURCE CONSUMPTION (CWE-400) |
| 2022 | CVE-2022-25231 | node-opcua | node-opcua OPC UA NodeJS Implementation | UNCONTROLLED RESOURCE CONSUMPTION (CWE-400) |
| 2022 | CVE-2022-21208 | node-opcua | node-opcua OPC UA NodeJS Implementation | UNCONTROLLED RESOURCE CONSUMPTION (CWE-400) |
| 2022 | CVE-2022-25897 | Eclipse | Milo OPC UA Java Implementation | UNCONTROLLED RESOURCE CONSUMPTION (CWE-400) |
| 2022 | CVE-2022-24298 | FreeOpcUa | Open Source C++ OPC-UA Server and Client Library | UNCONTROLLED RESOURCE CONSUMPTION (CWE-400) |
| 2022 | CVE-2022-2848 | PTC Kepware | KEPServerEX | HEAP-BASED BUFFER OVERFLOW (CWE-122) |
| 2022 | CVE-2022-2825 | PTC Kepware | KEPServerEX | STACK-BASED BUFFER OVERFLOW (CWE-121) |
| 2022 | CVE-2022-1748 | Softing | OPC UA C++ SDK, Secure Integration Server, edgeConnector and edgeAggregator | NULL POINTER DEREFERENCE (CWE-476) |
| 2022 | CVE-2022-2788 | Emerson | Proficy Machine Edition | PATH TRAVERSAL: ..\FILENAME (CWE-29) |
| 2022 | CVE-2022-2789 | Emerson | Proficy Machine Edition | INSUFFICIENT VERIFICATION OF DATA AUTHENTICITY (CWE-345) |
| 2022 | CVE-2022-2790 | Emerson | Proficy Machine Edition | IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE (CWE-347) |
| 2022 | CVE-2022-2791 | Emerson | Proficy Machine Edition | UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS FILE TYPE (CWE-434) |
| 2022 | CVE-2022-2792 | Emerson | Proficy Machine Edition | IMPROPER ACCESS CONTROL (CWE-284) |
| 2022 | CVE-2022-2793 | Emerson | Proficy Machine Edition | MISSING SUPPORT FOR INTEGRITY CHECK (CWE-353) |
| 2022 | CVE-2022-29864 | OPC Foundation | OPC UA .NET Stack | UNCONTROLLED RESOURCE CONSUMPTION (CWE-400) |
| 2022 | CVE-2022-30551 | OPC Foundation | OPC UA Legacy Java Stack | UNCONTROLLED RESOURCE CONSUMPTION (CWE-400) |
| 2022 | CVE-2021-43933 | FANUC Robotics | ROBOGUIDE | UNCONTROLLED RESOURCE CONSUMPTION (CWE-400) |
| 2022 | CVE-2021-43990 | FANUC Robotics | ROBOGUIDE | IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE (CWE-611) |
| 2022 | CVE-2021-43988 | FANUC Robotics | ROBOGUIDE | IMPROPER PATH TRAVERSAL CWE 22 |
| 2022 | CVE-2021-43986 | FANUC Robotics | ROBOGUIDE | IMPROPER ACCESS CONTROL CWE-284 |
| 2022 | CVE-2021-38483 | FANUC Robotics | ROBOGUIDE | INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE (CWE-732) |
| 2022 | CVE-2022-1161 | Rockwell Automation | Logix Controllers (PLCs) | INCLUSION OF FUNCTIONALITY FROM UNTRUSTED CONTROL SPHERE (CWE-829) |
| 2022 | CVE-2022-1159 | Rockwell Automation | Automation Studio 5000 | IMPROPER CONTROL OF GENERATION OF CODE (CWE-94) |
| 2022 | CVE-2021-3422 | Splunk | Splunk Enterprise | IMPROPER INPUT VALIDATION (CWE-20) |
| 2022 | CVE-2021-4190 | Wireshark | Wireshark | IMPROPER INPUT VALIDATION (CWE-20) |
| 2022 | CVE-2022-0586 | Wireshark | Wireshark | IMPROPER INPUT VALIDATION (CWE-20) |
| 2022 | CVE-2022-0585 | Wireshark | Wireshark | IMPROPER INPUT VALIDATION (CWE-20) |
| 2022 | CVE-2022-0583 | Wireshark | Wireshark | IMPROPER INPUT VALIDATION (CWE-20) |
| 2022 | CVE-2022-0582 | Wireshark | Wireshark | IMPROPER INPUT VALIDATION (CWE-20) |
| 2022 | CVE-2021-22817 | Schneider Electric | Vijeo Designer | INCORRECT DEFAULT PERMISSIONS (CWE-276) |
| 2022 | CVE-2021-44477 | GE | ToolBoxST | IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE (CWE-611) |
| 2022 | CVE-2018-16202 | GE | ToolBoxST | PATH TRAVERSAL (CWE-22) |
| 2021 | CVE-2021-26264 | Emerson | DeltaV | MISSING AUTHENTICATION FOR CRITICAL FUNCTION (CWE-306) |
| 2021 | CVE-2021-44463 | Emerson | DeltaV | UNCONTROLLED SEARCH PATH ELEMENT (CWE-427) |
| 2021 | CVE-2021-42373 | BusyBox | BusyBox | IMPROPER INPUT VALIDATION (CWE-22) |
| 2021 | CVE-2021-42374 | BusyBox | BusyBox | IMPROPER INPUT VALIDATION (CWE-22) |
| 2021 | CVE-2021-42375 | BusyBox | BusyBox | IMPROPER INPUT VALIDATION (CWE-22) |
| 2021 | CVE-2021-42376 | BusyBox | BusyBox | IMPROPER INPUT VALIDATION (CWE-22) |
| 2021 | CVE-2021-42377 | BusyBox | BusyBox | IMPROPER INPUT VALIDATION (CWE-22) |
| 2021 | CVE-2021-42378 | BusyBox | BusyBox | IMPROPER INPUT VALIDATION (CWE-22) |
| 2021 | CVE-2021-42379 | BusyBox | BusyBox | IMPROPER INPUT VALIDATION (CWE-22) |
| 2021 | CVE-2021-42380 | BusyBox | BusyBox | IMPROPER INPUT VALIDATION (CWE-22) |
| 2021 | CVE-2021-42381 | BusyBox | BusyBox | IMPROPER INPUT VALIDATION (CWE-22) |
| 2021 | CVE-2021-42382 | BusyBox | BusyBox | IMPROPER INPUT VALIDATION (CWE-22) |
| 2021 | CVE-2021-42383 | BusyBox | BusyBox | IMPROPER INPUT VALIDATION (CWE-22) |
| 2021 | CVE-2021-42384 | BusyBox | BusyBox | IMPROPER INPUT VALIDATION (CWE-22) |
| 2021 | CVE-2021-42385 | BusyBox | BusyBox | IMPROPER INPUT VALIDATION (CWE-22) |
| 2021 | CVE-2021-42386 | BusyBox | BusyBox | IMPROPER INPUT VALIDATION (CWE-22) |
| 2021 | CVE-2021-42543 | AzeoTech | DAQFactory | USE OF INHERENTLY DANGEROUS FUNCTION (CWE-242) |
| 2021 | CVE-2021-42698 | AzeoTech | DAQFactory | DESERIALIZATION OF UNTRUSTED DATA (CWE-502) |
| 2021 | CVE-2021-42699 | AzeoTech | DAQFactory | CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION (CWE-319) |
| 2021 | CVE-2021-42701 | AzeoTech | DAQFactory | MODIFICATION OF ASSUMED-IMMUTABLE DATA (MAID) (CWE-471) |
| 2021 | CVE-2021-37177 | Siemens | SINEMA Remote Connect Server | MODIFICATION OF ASSUMED-IMMUTABLE DATA (CWE-471) |
| 2021 | CVE-2021-37183 | Siemens | SINEMA Remote Connect Server | IMPROPER ACCESS CONTROL (CWE-284) |
| 2021 | CVE-2021-37190 | Siemens | SINEMA Remote Connect Server | EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR (CWE-200) |
| 2021 | CVE-2021-37191 | Siemens | SINEMA Remote Connect Server | IMPROPER CONTROL OF INTERACTION FREQUENCY (CWE-799) |
| 2021 | CVE-2021-37192 | Siemens | SINEMA Remote Connect Server | EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR (CWE-200) |
| 2021 | CVE-2021-37193 | Siemens | SINEMA Remote Connect Server | MODIFICATION OF ASSUMED-IMMUTABLE DATA (CWE-471) |
| 2021 | CVE-2021-33025 | xArrow | xArrow SCADA | IMPROPER INPUT VALIDATION (CWE-22) |
| 2021 | CVE-2021-32959 | AVEVA | SuiteLink Server | HEAP-BASED BUFFER OVERFLOW (CWE-122) |
| 2021 | CVE-2021-32963 | AVEVA | SuiteLink Server | NULL POINTER DEREFERENCE (CWE-476) |
| 2021 | CVE-2021-32979 | AVEVA | SuiteLink Server | NULL POINTER DEREFERENCE (CWE-476) |
| 2021 | CVE-2021-32971 | AVEVA | SuiteLink Server | NULL POINTER DEREFERENCE (CWE-476) |
| 2021 | CVE-2021-32987 | AVEVA | SuiteLink Server | NULL POINTER DEREFERENCE (CWE-476) |
| 2021 | CVE-2021-32999 | AVEVA | SuiteLink Server | IMPROPER HANDLING OF EXCEPTIONAL CONDITIONS (CWE-755) |
| 2021 | CVE-2021-32977 | AVEVA | System Platform | IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE (CWE-347) |
| 2021 | CVE-2021-32985 | AVEVA | System Platform | ORIGIN VALIDATION ERROR (CWE-346) |
| 2021 | CVE-2021-32981 | AVEVA | System Platform | PATH TRAVERSAL (CWE-22) |
| 2021 | CVE-2021-33010 | AVEVA | System Platform | UNCAUGHT EXCEPTION (CWE-248) |
| 2021 | CVE-2021-33008 | AVEVA | System Platform | MISSING AUTHENTICATION FOR CRITICAL FUNCTION (CWE-306) |
| 2021 | CVE-2021-33056 | Belledonne Communications | belle-sip | NULL Pointer Dereference (CWE-476) |
| 2021 | CVE-2021-22740 | Schneider Electric | homeLYnk | Information Exposure vulnerability (CWE-200) |
| 2021 | CVE-2021-22739 | Schneider Electric | homeLYnk | Information Exposure vulnerability (CWE-200) |
| 2021 | CVE-2021-22738 | Schneider Electric | homeLYnk | Use of a Broken or Risky Cryptographic Algorithm vulnerability (CWE-327) |
| 2021 | CVE-2021-22737 | Schneider Electric | homeLYnk | Insufficiently Protected Credentials vulnerability (CWE-522) |
| 2021 | CVE-2021-22736 | Schneider Electric | homeLYnk | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) (CWE-22) |
| 2021 | CVE-2021-22735 | Schneider Electric | homeLYnk | Improper Verification of Cryptographic Signature vulnerability (CWE-347) |
| 2021 | CVE-2021-22734 | Schneider Electric | homeLYnk | Improper Verification of Cryptographic Signature vulnerability (CWE-347) |
| 2021 | CVE-2021-22733 | Schneider Electric | homeLYnk | Improper Privilege Management vulnerability (CWE-269) |
| 2021 | CVE-2021-22732 | Schneider Electric | homeLYnk | Improper Privilege Management vulnerability (CWE-269) |
| 2021 | CVE-2021-32611 | Antisip | libExosip2 | NULL Pointer Dereference (CWE-476) |
| 2021 | CVE-2021-22685 | Cassia Networks | Access Controller | PATH TRAVERSAL (CWE-22) |
| 2021 | CVE-2021-22682 | Horner Automation | Cscape | IMPROPER ACCESS CONTROL (CWE-284) |
| 2021 | CVE-2021-22678 | Horner Automation | Cscape | IMPROPER INPUT VALIDATION (CWE-20) |
| 2021 | CVE-2021-27498 | EIPStackGroup | OpENer Ethernet/IP Stack | REACHABLE ASSERTION (CWE-617) |
| 2021 | CVE-2021-27500 | EIPStackGroup | OpENer Ethernet/IP Stack | REACHABLE ASSERTION (CWE-617) |
| 2021 | CVE-2021-27482 | EIPStackGroup | OpENer Ethernet/IP Stack | OUT-OF-BOUNDS READ (CWE-125) |
| 2021 | CVE-2021-27478 | EIPStackGroup | OpENer Ethernet/IP Stack | INCORRECT CONVERSION BETWEEN NUMERIC TYPES (CWE-681) |
| 2021 | CVE-2021-27460 | Rockwell Automation | FactoryTalk AssetCentre | DESERIALIZATION OF UNTRUSTED DATA (CWE-502) |
| 2021 | CVE-2021-27464 | Rockwell Automation | FactoryTalk AssetCentre | SQL INJECTION (CWE-89) |
| 2021 | CVE-2021-27468 | Rockwell Automation | FactoryTalk AssetCentre | SQL INJECTION (CWE-89) |
| 2021 | CVE-2021-27472 | Rockwell Automation | FactoryTalk AssetCentre | SQL INJECTION (CWE-89) |
| 2021 | CVE-2021-27476 | Rockwell Automation | FactoryTalk AssetCentre | OS COMMAND INJECTION (CWE-78) |
| 2021 | CVE-2021-27474 | Rockwell Automation | FactoryTalk AssetCentre | USE OF POTENTIALLY DANGEROUS FUNCTION (CWE-676) |
| 2021 | CVE-2021-27470 | Rockwell Automation | FactoryTalk AssetCentre | DESERIALIZATION OF UNTRUSTED DATA (CWE-502) |
| 2021 | CVE-2021-27466 | Rockwell Automation | FactoryTalk AssetCentre | DESERIALIZATION OF UNTRUSTED DATA (CWE-502) |
| 2021 | CVE-2021-27462 | Rockwell Automation | FactoryTalk AssetCentre | DESERIALIZATION OF UNTRUSTED DATA (CWE-502) |
| 2021 | CVE-2021-27406 | PerFact | OpenVPN-Client | EXTERNAL CONTROL OF SYSTEM OR CONFIGURATION SETTING (CWE-15) |
| 2021 | CVE-2021-22681 | Rockwell Automation | Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers | INSUFFICIENTLY PROTECTED CREDENTIALS (CWE-522) |
| 2021 | CVE-2021-22665 | Rockwell Automation | DriveTools SP, Drives AOP | UNCONTROLLED SEARCH PATH ELEMENT (CWE-427) |
| 2020 | CVE-2020-10292 | KUKA | FactoryTalkVisual Components Network License Server | UNCAUGHT EXCEPTION (CWE-248) |
| 2020 | CVE-2020-10291 | KUKA | Visual Components Network License Server | EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR (CWE-200) |
| 2020 | CVE-2020-27255 | Rockwell Automation | FactoryTalk Linx | HEAP-BASED BUFFER OVERFLOW (CWE-122) |
| 2020 | CVE-2020-27251 | Rockwell Automation | FactoryTalk Linx | HEAP-BASED BUFFER OVERFLOW (CWE-122) |
| 2020 | CVE-2020-27253 | Rockwell Automation | FactoryTalk Linx | IMPROPER INPUT VALIDATION (CWE-20) |
| 2020 | CVE-2020-25159 | Real Time Automation | EtherNet/IP Protocol Stack | STACK-BASED BUFFER OVERFLOW (CWE-121) |
| 2020 | CVE-2020-16233 | WIBU-SYSTEMS | CodeMeter | IMPROPER RESOURCE SHUTDOWN OR RELEASE (CWE-404) |
| 2020 | CVE-2020-14515 | WIBU-SYSTEMS | CodeMeter | IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE (CWE-347) |
| 2020 | CVE-2020-14513 | WIBU-SYSTEMS | CodeMeter | IMPROPER INPUT VALIDATION (CWE-20) |
| 2020 | CVE-2020-14519 | WIBU-SYSTEMS | CodeMeter | ORIGIN VALIDATION ERROR (CWE-346) |
| 2020 | CVE-2020-14517 | WIBU-SYSTEMS | CodeMeter | INADEQUATE ENCRYPTION STRENGTH (CWE-326) |
| 2020 | CVE-2020-14509 | WIBU-SYSTEMS | CodeMeter | BUFFER ACCESS WITH INCORRECT LENGTH VALUE (CWE-805) |
| 2020 | CVE-2020-14512 | Secomea | GateManager | USE OF PASSWORD HASH WITH INSUFFICIENT COMPUTATIONAL EFFORT (CWE-916) |
| 2020 | CVE-2020-14510 | Secomea | GateManager | USE OF HARD-CODED CREDENTIALS (CWE-798) |
| 2020 | CVE-2020-14508 | Secomea | GateManager | OFF-BY-ONE ERROR (CWE-193) |
| 2020 | CVE-2020-14500 | Secomea | GateManager | IMPROPER NEUTRALIZATION OF NULL BYTE OR NUL CHARACTER (CWE-158) |
| 2020 | CVE-2020-14498 | HMS Industrial Networks | eCatcher | STACK-BASED BUFFER OVERFLOW (CWE-121) |
| 2020 | CVE-2020-12025 | Rockwell Automation | Logix Designer Studio 5000 | IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE (CWE-611) |
| 2020 | CVE-2020-12033 | Rockwell Automation | FactoryTalk Services Platform | IMPROPER INPUT VALIDATION (CWE-20) |
| 2020 | CVE-2020-12005 | Rockwell Automation | FactoryTalk Linx | UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE (CWE-434) |
| 2020 | CVE-2020-12003 | Rockwell Automation | FactoryTalk Linx | IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (‘PATH TRAVERSAL’) (CWE-22) |
| 2020 | CVE-2020-12001 | Rockwell Automation | FactoryTalk Linx | IMPROPER INPUT VALIDATION (CWE-20) |
| 2020 | CVE-2020-11999 | Rockwell Automation | FactoryTalk Linx | IMPROPER INPUT VALIDATION (CWE-20) |
| 2020 | CVE-2020-12034 | Rockwell Automation | EDS Subsystem | IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (‘SQL INJECTION’) (CWE-89) |
| 2020 | CVE-2020-12038 | Rockwell Automation | EDS Subsystem | IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER (CWE-119) |
| 2020 | CVE-2020-7496 | Schneider Electric | EcoStruxure Operator Terminal Expert | ARGUMENT INJECTION (CWE-88) |
| 2020 | CVE-2020-7495 | Schneider Electric | EcoStruxure Operator Terminal Expert | PATH TRAVERSAL (CWE-22) |
| 2020 | CVE-2020-7494 | Schneider Electric | EcoStruxure Operator Terminal Expert | PATH TRAVERSAL (CWE-22) |
| 2020 | CVE-2020-10641 | Inductive Automation | Ignition | IMPROPER ACCESS CONTROLS (CWE-284) |
| 2020 | CVE-2020-6992 | GE | CIMPLICITY | IMPROPER PRIVILEGE MANAGEMENT (CWE-269) |
| 2020 | CVE-2020-10939 | Phoenix Contact | PC WORX SRT | IMPROPER PRIVILEGE MANAGEMENT (CWE-269) |
| 2019 | CVE-2019-18255 | GE | HMI/SCADA iFIX | INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE (CWE-732) |
| 2019 | CVE-2019-18243 | GE | HMI/SCADA iFIX | INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE (CWE-732) |
| 2019 | CVE-2019-13559 | GE | Mark VIe Controller | USE OF HARD-CODED CREDENTIALS (CWE-798) |
| 2019 | CVE-2019-13554 | GE | Mark VIe Controller | IMPROPER AUTHORIZATION (CWE-285) |