This page includes all US-CERT issued Vulnerability Notes. Additional SCADApedia information is available for each Vulnerability Note on this page.
3S
- 3S CoDeSys Multiple Vulnerabilities (07 Dec 2011)
7-Technologies
- 7T IGSS ODBC Remote Memory Corruption (08 Feb 2011)
- 7T IGSS ODBC Server Remote Heap Corruption (21 Mar 2011)
- 7T IGSS Multiple Stack Overflows Vulnerability (21 Mar 2011)
- 7T IGSS Stack Overflow Vulnerability One (21 Mar 2011)
- 7T IGSS Stack Overflow Vulnerability Two (21 Mar 2011)
- 7T IGSS Stack Overflows Vulnerability(21 Mar 2011)
- 7T IGSS Format String Vulnerability (21 Mar 2011)
- 7T IGSS Stack Overflow Vulnerability Three (21 Mar 2011)
- 7T IGSS Arbitrary Command Execution Vulnerability (21 Mar 2011)
- 7T IGSS Remote Buffer Overflow Vulnerability (29 Apr 2011)
- 7T IGSS Denial of Service Vulnerability (12 May 2011)
- 7T IGSS ODBC Remote Memory Corruption (07 Jul 2011)
ABB
- ABB PCU400 Remote Buffer Overflow (25 Sept 2008)
AdvanTech Studio
- AdvanTech Studio Remote Buffer Overflow (11 Jan 2011)
- Advantech Broadwin WebAccess Remote Buffer Overflow (11 Jan 2011)
ARC Informatique
- PcVue HMI/SCADA Mutliple ActiveX Vulnerabilities (28 Sept 2011)
- ARC Informatique’s PcVue Multiple Vulnerabilities (6 Dec 2011)
AREVA
- AREVA e-terrahabitat SCADA Systems Vulnerabilities (17 Feb 2009)
Atvise
- Atvise webMI Multiple Vulnerabilities (10 Oct 2011)
Automated Solutions
- Automated Solutions TCP Header Vulnerability (22 Nov 2010)
AzeoTech
- AzeoTech DAQFactory Remote Buffer Overflow (30 Dec 2009)
- AzeoTech DAQFactory Networking Vulnerabilities (24 Jun 2011)
- Azeotech DAQFactory Stack Overflow (13 Sep 2011)
Beckhoff
- Beckhoff TwinCAT Denial of Service Vulnerability (13 Sep 2011)
Cisco
- Cisco Network Building Mediator Authentication Bypass Vulnerability (27 May 2010)
- Cisco Network Building Mediator Remote Privilege Escalation Vulnerability One (27 May 2010)
- Cisco Network Building Mediator Remote Privilege Escalation Vulnerability Two (27 May 2010)
- Cisco Network Building Mediator HTTP Remote Information Disclosure Vulnerability (27 May 2010)
- Cisco Network Building Mediator XML RPC Remote Information Disclosure Vulnerability (27 May 2010)
- Cisco Network Building Mediator System Configuration File Information Disclosure Vulnerability (27 May 2010)
- Cisco Hardcoded SNMP Community Strings (7 July 2010)
Citect
- CitectSCADA Stack Overflow Vulnerability (11 Jun 2008)
Cogent
- Cogent DataHub Multiple Vulnerabilities (13 Sep 2011)
Control MicroSystems
- Control MicroSystems Heap Overflow Vulnerability (8 June 2010)
- Control MicroSystems Insecure Web Authentication Vulnerability (8 June 2010)
- Control MicroSystems Cross-Site Scripting Vulnerability (8 June 2010)
- Control Microsystems ClearSCADA Remote Authentication Bypass (25 Aug 2011)
Ecava
- Ecava Directory Traversal (21 Dec 2010)
- Ecava Stack Buffer Overflow Vulnerability (16 Dec 2010)
- Ecava IntegraXor Unauthenticated SQL Vulnerability (23 Mar 2011)
- Ecava IntegraXor Cross Site Scripting (XSS) Vulnerabily (27 May 2011)
GE
- GE Fanuc Cimplicity Heap Buffer Overflow (24 Jan 2008)
- GE Fanuc Proficy Arbitrary File Upload And Execution (24 Jan 2008)
- GE Fanuc Proficy Plaintext Password Vulnerability (24 Jan 2008)
- GE Intelligent Platform Proficy Plant Applications Buffer Overflow (1 Nov 2011)
- GE Intelligent Platforms Proficy Historian Web Administrator XSS (1 Nov 2011)
- GE Intelligent Platforms Proficy Historian Data Archiver Buffer Overflow (1 Nov 2011)
Gesytec
Honeywell
- Honeywell ScanServer ActiveX Control Vulnerability (13 Apr 2011)
- Honeywell Tema Remote Installer Active X Vulnerability (12 Oct 2011)
ICONICS
- ICONICS Dialog Wrapper Module ActiveX control vulnerable to buffer overflow (2 Jan 2007)
- Iconics GENESIS32/GENESIS64 Freeing of Arbitrary or Uninitialized Memory Vulnerability (21 Mar 2011)
- Iconics GENESIS32/GENESIS64 Integer Overflow Vulnerability One (21 Mar 2011)
- Iconics GENESIS32/GENESIS64 Integer Overflow Vulnerability Two (21 Mar 2011)
- Iconics GENESIS32/GENESIS64 Integer Overflow Vulnerability Three (21 Mar 2011)
- Iconics GENESIS32/GENESIS64 Integer Overflow Vulnerability Four (21 Mar 2011)
- Iconics GENESIS32/GENESIS64 Integer Overflow Vulnerability Five (21 Mar 2011)
- Iconics GENESIS32/GENESIS64 Integer Overflow Vulnerability Six (21 Mar 2011)
- Iconics GENESIS32/GENESIS64 Integer Overflow Vulnerability Seven (21 Mar 2011)
- Iconics GENESIS32/GENESIS64 Integer Overflow Vulnerability Eight (21 Mar 2011)
- Iconics GENESIS32/GENESIS64 Integer Overflow Vulnerability Nine (21 Mar 2011)
- Iconics GENESIS32/GENESIS64 Integer Overflow Vulnerability Ten (21 Mar 2011)
- Iconics GENESIS32/GENESIS64 Integer Overflow Vulnerability Eleven (21 Mar 2011)
- Iconics GENESIS32/GENESIS64 Integer Overflow Vulnerability Twelve (21 Mar 2011)
- Iconics GENESIS32/GENESIS64 Multiple Vulnerabilities (18 Apr 2011)
- Iconics GENESIS32 and BizVis ActiveX Stack Overflow Vulnerability (11 May 2011)
- Iconics GENESIS32 and BizVis Login Vulnerability (01 Jul 2011)
- Iconics GENESIS32 and BizVis ActiveX Trusted Zone Vulnerability (01 Jul 2011)
- ICONICS GENESIS32 Multiple Vulnerabilities (30 Sep 2011)
Inductive Automation
InduSoft
- InduSoft ISSymbol ActiveX Control Buffer Overflows (17 Jun 2011)
- InduSoft Web Studio Multiple Vulnerabilities (15 Nov 2011)
Intellicom
- Intellicom Multiple Vulnerabilities (Info Disclosure, Unauthenticated File Uploads) (1 Oct 2010)
- Intellicom NetBiter WebSCADA NetBiterConfig Remote Buffer Overflow (30 Dec 2009)
Invensys
- Invensys ActiveX control stack buffer overflow (4 Aug 2010)
- Invensys DB lock manager service (lm_tcp) Buffer Overflow (8 Dec 2010)
- Invensys Wonderware InTouch insecure NetDDE share (25 Jan 2008)
- Invensys Wonderware SuiteLink Denial of Service (5 May 2008)
- Invensys Wonderware InBatch Client ActiveX Buffer Overflow (13 Apr 2011)
- Invensys Wonderware Information Server Stack Buffer Overflow Vulnerability (26 Jul 2011)
IRAI
- IRAI Automgen Buffer Overflow Vulnerability (10 Oct 2011)
Koyo
- Koyo DirectLogic 405 H4-ECOM100 Ethernet Module Information Disclosure (2 Oct 2008)
- Koyo DirectLogic 405 H4-ECOM100 Ethernet Module Cross-Site Scripting Vulnerability (2 Oct 2008)
- Koyo DirectLogic 405 H4-ECOM100 Ethernet Module Arbitrary Firmware Upload (2 Oct 2008)
LiveData
- LiveData ICCP Server heap buffer overflow vulnerability (16 May 2006)
- LiveData ICCP Server COTP Vulnerability (2 May 2007)
- LiveData ICCP Server HTTP/SOAP Heap Overflow Vulnerability (2 May 2007)
MeasureSoft
- Measuresoft ScadaPro Multiple Vulnerabilities (13 Sep 2011)
MICROSYS
- MICROSYS, spol. s r.o. Promotic Multiple Vulnerabilities (13 Oct 2011)
- MICROSYS PROMOTIC Vulnerability (29 Nov 2011)
Mitsubishi
MOXA
- MOXA MDM Tool Buffer Overflow Vulnerability (20 Oct 2010)
NETxAutomation
Open Automation Software
- Open Automation Software’s OPC Systems.Net Vulnerability (12 Oct 2011)
OSIsoft
- OSIsoft PI Server Authentication Weakness (30 Sept 2009)
Optima
- Optima APIFTP Server Vulnerabilitiess (28 Nov 2011)
Procyon
- Scadatec Procyon Telnet Buffer Overflow Vulnerability (06 Sept 2011)
Progea
- Progea Movicon Data Leakage and Denial-of-Service Vulnerability (15 Mar 2011)
- Progea Movicon Multiple Vulnerabilities (13 Sep 2011)
RealFlex
- RealFlex Buffer Overflow Vulnerability (26 Sept 2008)
- RealFlex HMI Service Buffer Overflow Vulnerabilities (27 Oct 2010)
- RealWin Stack Overflow Vulnerability One (21 Mar 2011)
- RealWin Stack Overflow Vulnerability Two (21 Mar 2011)
- RealWin Stack Overflow Vulnerability Three (21 Mar 2011)
- RealWin Stack Overflow Vulnerability Four (21 Mar 2011)
- RealWin Integer Overflow Vulnerability (21 Mar 2011)
- RealWin Stack Overflow Vulnerability Five (21 Mar 2011)
- RealWin Stack Overflow Vulnerability Six (21 Mar 2011)
Rockwell Automation
- Rockwell Automation AB Micrologix 1100 and 1400 multiple vulnerabilities (19 Jan 2010)
- Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge information disclosure (22 Oct 2008)
- Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge URI redirection vulnerability (22 Oct 2008)
- Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge cross-site scripting vulnerability (22 Oct 2008)
- Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Arbitrary Firmware Upload (22 Oct 2008)
- Rockwell Automation Electronic Data Sheet (EDS) Hardware Installation Tool Buffer Overflow Vulnerability (10 Jun 2011)
- Rockwell RSLogix Overflow Vulnerability (13 Sep 2011)
- Rockwell RSLogix Denial of Service Vulnerabilityy (30 Sep 2011)
Samsung
SCADA Engine
- SCADA Engine OPC Client Buffer Overflow Vulnerability (21 Sept 2010)
ScadaTec
- ScadaTEC SCADAPhone and ModbusTagServer Buffer Overflow (12 Sept 2011)
Schneider Electric
- Schneider Electric UnitelWay Windows Device Driver Buffer Overflow (20 Oct 2011)
- CitectSCADA and MX4 SCADA Batch Server Buffer Overflow (8 Nov 2011)
- Schneider Electric Vijeo Historian Web Server Multiple Vulnerabilities (8 Nov 2011)
Sielco Sistemi
- Sielco Sistemi Stack Overflow Vulnerability (17 Jan 2011)
- Sielco Sistemi Winlog Buffer Overflow (06 Dec 2011)
Siemens
- Siemens Tecnomatix FactoryLink Stack Overflow Vulnerability (21 Mar 2011)
- Siemens Tecnomatix FactoryLink Arbitrary Files Reading and Listing Vulnerability (21 Mar 2011)
- Siemens Tecnomatix FactoryLink Memory-Corruption-Vulnerability (21 Mar 2011)
- Siemens Tecnomatix FactoryLink Stack Overflow Vulnerability Two (21 Mar 2011)
- Siemens Tecnomatix FactoryLink Arbirtary File Downloading Vulnerability (21 Mar 2011)
- Siemens Tecnomatix FactoryLink Arbirtary Denial of Service Vulnerability (21 Mar 2011)
- Siemens Tecnomatix FactoryLink Stack Multiple Vulnerabilities (05 Apr 2011)
- Siemens SIMATIC WinCC Exploitable Crashes (01 Jul 2011)
- Siemens WinCC Runtime Advanced Loader Heap Overflow Vulnerability (06 Sep 2011)
- Siemens Automation License Manager Multiple Vulnerabilities (28 Nov 2011)
- Siemens SIMATIC WinCC Flexible Vulnerabilities (2 Dec 2011)
SISCO
- SISCO OSI stack fails to properly validate packets (20 Sep 2006)
- SISCO OSI stack fails to properly handle malformed packets (17 Jan 2007)
Sunway
- Sunway ForceControl Multiple Vulnerabilities (23 Sep 2011)
Takebishi Electric
Unitronics
- Unitronics UniOPC Server Input Handling Vulnerability (08 Oct 2011)
WellinTech
- WellinTech Remote Heap Overflow Vulnerability (19 Jan 2011)
- WellinTech KingView 6.53 Stack-based Buffer Overflow Vulnerability (15 Mar 2011)
Wind River Systems
- Wind River Systems Information Disclosure – Debug Service (2 Aug 2010)
- Wind River Systems Weak Authentication (2 Aug 2010)
