Nozomi Networks Labs
Vulnerability Advisories
Vulnerability Advisories
Mitsubishi Electric MELSEC iQ-R Series products – CVE-2021-20591
An attacker may prevent legitimate clients from connecting to an affected product by manipulating the link parameter or changing its state
Mitsubishi Electric recommends that users apply the suggested mitigation so an unauthorized user cannot stop the establishment of Ethernet communications between devices.
JTEKT TOYOPUC products – CVE-2021-27458
An attacker could prevent Ethernet communication from being established in the affected products by manipulating the link parameter or changing its state.
JTEKT Corporation recommends that users apply the suggested mitigation so an unauthorized user cannot stop the establishment of Ethernet communications between devices.
Reolink P2P protocol deobfuscation and credentials leak – CVE-2020-25173
The communication between Reolink NVR, P2P servers and applications is obfuscated with a custom protocol that relies on an hardcoded key. By deobfuscating the protocol, is possible to access the cleartext content of the communication. During the tests, this was observed to contain the P2P credentials.
Reolink P2P Video/audio Lack of Encryption and Stream Reconstruction – CVE-2020-25169
Reolink P2P video/audio stream is transmitted without any encryption. Any actor who can access the client/NVR traffic, as it traverses the Internet, can access its content with no confidentiality for the parties involved.
Mitsubishi Electric Multiple Factory Automation Engineering Software Products (Update A) – CVE-2020-14496
Successful exploitation of this vulnerability could allow an attacker to escalate privileges and execute malicious programs. This could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.
Schneider Electric Modicon Controllers Denial of Service – CVE-2018-7794
This vulnerability could cause a denial-of-service condition when reading data with invalid index using Modbus TCP.
Siemens SCALANCE X Switches Denial of Service – CVE-2019-10942
An attacker may send large message packages repeatedly to the telnet service, which may create a denial-of-service condition.
Mitsubishi Electric MELSEC-Q Series Ethernet Module Denial of Service – CVE-2019-10977
An attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition.
Rockwell Automation CompactLogix 5370 Stack-based Buffer Overflow – CVE-2019-10952
An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability.
Siemens SIMATIC S7 Denial of Service – CVE-2018-13815
An attacker could exhaust the available connection pool of an affected device by opening a sufficient number of connections to the device.
Rockwell Automation RSLinx Classic Denial of Service – CVE-2018-14827
A remote, unauthenticated threat actor may intentionally send specially-crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality.
Emerson DeltaV DCS Workstations Unauthorized Code Execution – CVE-2018-14791
Non-administrative users are able to change executable and library files on the affected products.
Emerson DeltaV DCS Workstations Unauthorized Code Execution – CVE-2018-14797
A specially-crafted DLL file may be placed in the search path and loaded as an internal and valid DLL. This may allow arbitrary code execution.
Emerson DeltaV DCS Workstations Unauthorized Code Execution – CVE-2018-14795
Improper path validation may allow an attacker to replace executable files.
Siemens SIMATIC STEP 7 and SIMATIC WinCC Unauthorized Code Execution – CVE-2018-11454
Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources, which may be transferred to devices and executed there by a different user.
Siemens SIMATIC STEP 7 and SIMATIC WinCC Unauthorized Code Execution – CVE-2018-11453
Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially-crafted files. This may prevent TIA Portal startup (denial-of-service) or lead to local code execution.
GE PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CPU320/CRU320, RXi Denial of Service – CVE-2018-8867
The device does not properly validate input, which could allow a remote attacker to send specially-crafted packets. This may cause the device to become unavailable.
WAGO 750 Series Denial of Service – CVE-2018-8836
A remote attack may take advantage of an improper implementation of the 3-way handshake during a TCP connection, affecting the communications with commission and service tools. Specially-crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software. This may result in a denial-of-service condition relating to communications with commissioning and service tools.
Emerson ControlWave Micro Process Automation Controller Denial of Service – CVE-2018-5452
A stack-based buffer overflow vulnerability caused by sending crafted packets on port 20547 could force the PLC to change its state into halt mode.
Schneider Electric Modicon M340 PLC – CVE-2017-6017
Successful exploitation of this vulnerability may render the device unresponsive. A physical reset of the PLC may be required.
Threat Intelligence
Curated and maintained by Nozomi Networks Labs, the Threat Intelligence™ service provides threat and vulnerability updates to Guardian, making it easy for IT/OT professionals to stay on top of current OT and IoT risks.
“Threat actors love finding new ways to attack critical infrastructure. We love finding new ways to detect their malware before damage occurs.”
© 2021 Nozomi Networks, Inc.
All Rights Reserved.