|
|
|
|
|
|
|
|---|---|---|---|---|---|
| 2019/12/10 | Modicon Controllers | CVE-2019-6856, CVE-2019-6857, CVE-2018-7794 | Multiple Vulnerabilities | Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium | SEVD-2019-344-01 |
| 2019/12/10 | Power SCADA Operation | CVE-2019-13537 | CWE-121 Stack-based Buffer Overflow | Power SCADA Operation 9.0, Power SCADA Expert 8.2, Power SCADA Expert 8.1, Power SCADA Expert 8.0, Power SCADA Expert 7.4, and Power SCADA Expert 7.3 (including all associated Cumulative Updates) | SEVD-2019-344-04 |
| 2019/12/10 | EcoStruxure Geo SCADA Expert (ClearSCADA) | CVE-2019-6854 | CWE-264 Permissions, Privileges, and Access Controls | EcoStruxure Geo SCADA Expert (ClearSCADA) with initial releases before 1 January 2019 | SEVD-2019-344-05 |
| 2019/12/10 | Modicon Controllers | CVE-2019-6841, CVE-2019-6842, CVE-2019-6843, CVE-2019-6844, CVE-2019-6846, CVE-2019-6847 | Multiple Vulnerabilities (Notification Updated) | Modicon M580 (all firmware versions) , Modicon M340 (all firmware versions) . Modicon BMxCRA and 140CRA modules (all firmware versions) | SEVD-2019-281-02 (V2.0) |
| 2019/12/10 | Modicon Controllers | CVE-2017-6017 | Improper Check for Unusual or Exceptional Conditions Vulnerability (Notification Updated) | M340 CPUs with firmware prior to V2.9, M580 CPUs with firmware prior to V2.3, Quantum CPUs with firmware prior to V3.52, Premium CPUs all versions, M1E CPUs all versions | SEVD-2017-048-02 (V3.0) |
| 2019/12/10 | Schneider Electric Floating License Manager | CVE-2019-20031, CVE-2019-20032, CVE-2019-20033, CVE-2019-20034 | Multiple Vulnerabilities (Notification Updated) | Schneider Electric Floating License Manager V2.3.0.0 and earlier (EcoStruxure Machine Expert) | SEVD-2019-134-04 (V2.2) |
| 2019/11/12 | Andover Continuum | CVE-2019-6853 | CWE-79: Failure to Preserve Web Page Structure (Cross-Site Scripting) | Andover Continuum models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702. | SEVD-2019-316-01 |
| 2019/11/12 | Wind River VxWorks (URGENT/11) | CVE-2019-12256, CVE-2019-12257, CVE-2019-12255, CVE-2019-12260, CVE-2019-12261, CVE-2019-12263, CVE-2019-12258, CVE-2019-12259, CVE-2019-12262, CVE-2019-12264, CVE-2019-12265 | Multiple Vulnerabilities (Bulletin Updated) | See Security Bulletin | SESB-2019-214-01 (V2.2) |
| 2019/11/12 | ConneXium Gateway TSXETG100 and PowerLogic Ethernet Gateway EGX100 | CVE-2018-7834 | CWE-79: Cross-Site Scripting (Notification Updated) | TSXETG100, EGX100 (all variants), ECI850 (all variants) | SEVD-2019-134-07 (V2) |
| 2019/11/12 | Triconex TriStation Emulator | CVE-2018-7803 | CWE-754: Improper Check for Unusual or Exceptional Conditions (Notification Updated) | Triconex TriStation Emulator V1.2.0 | SEVD-2019-071-03 (V2) |
| 2019/10/08 | Modicon Controllers | CVE-2019-6851 | CWE-538: File and Directory Information Exposure | Modicon M580 (all firmware versions), Modicon M340 (all firmware versions), Modicon Premium (all firmware versions), Modicon Quantum (all firmware versions) | SEVD-2019-281-01 |
| 2019/10/08 | Modicon Controllers | CVE-2019-6841, CVE-2019-6842, CVE-2019-6843, CVE-2019-6844, CVE-2019-6846, CVE-2019-6847 | Multiple Vulnerabilities | Modicon M580 (all firmware versions), Modicon M340 (all firmware versions). Modicon BMxCRA and 140CRA modules (all firmware versions) | SEVD-2019-281-02 |
| 2019/10/08 | Modicon Controllers | CVE-2019-6845 | CWE-319: Cleartext Transmission of Sensitive Information | Modicon M580 (all firmware versions), Modicon M340 (all firmware versions), Modicon Premium (all firmware versions), Modicon Quantum (all firmware versions) | SEVD-2019-281-03 |
| 2019/10/08 | Schneider Electric Floating License Manager | CVE-2019-20031, CVE-2019-20032, CVE-2019-20033, CVE-2019-20034 | Multiple Vulnerabilities (Notification Updated) | Schneider Electric Floating License Manager V2.3.0.0 and earlier (EcoStruxure Machine Expert) | SEVD-2019-134-04 (V2.1) |
| 2019/10/08 | SoMachine HVAC & SoMove | CVE-2019-6826 | CWE-426: Untrusted Search Path (Notification Updated) | SoMachine HVAC v2.4.1 and earlier versions and SoMove FDT v2.7.5 and earlier versions | SEVD-2019-225-04 (V2.0) |
| 2019/10/08 | Embedded Web Servers for Modicon | CVE-2018-7804, CVE-2018-7809, CVE-2018-7810, CVE-2018-7811, CVE-2018-7812, CVE-2018-7830, CVE-2018-7831, CVE-2018-7833 | Multiple Vulnerabilities (Notification Updated) | All Modicon M340, Premium, Quantum PLCs and BMXNOR0200 | SEVD-2018-327-01 (V3) |
| 2019/09/19 | ProClima | CVE-2019-6823, CVE-2019-6824, CVE-2019-6825 | Multiple Vulnerabilities (Notification Updated) | All versions of ProClima prior to version 8.0.0 | SEVD-2019-162-01 (V1.1) |
| 2019/09/10 | U.motion Server | CVE-2019-6835, CVE-2019-6836, CVE-2019-6837, CVE-2019-6838, CVE-2019-6839, CVE-2019-6840 | Multiple Vulnerabilities | MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15 | SEVD-2019-253-01 |
| 2019/09/10 | Modicon Quantum 140 NOE771x1 | CVE-2019-6811 | CWE-754 – Improper Check for Unusual or Exceptional Conditions | Quantum 140 NOE771x1 version 6.9 and earlier | SEVD-2019-253-02 |
| 2019/09/10 | TwidoSuite | - | Multiple Vulnerabilities | TwidoSuite v2.20.11 running on Windows 7 SP1 32-bit | SEVD-2019-253-03 |
| 2019/08/19 | Microsoft Remote Desktop Services – DejaBlue | CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1223, CVE-2019-1224, CVE-2019-1225, CVE-2019-1226 | Multiple Vulnerabilities (Updated Bulletin) | See Security Bulletin | SESB-2019-214-01 (V1.2) |
| 2019/08/13 | Modicon M340 Controller | CVE-2019-6813 | CWE-754: Improper Check for Unusual or Exceptional Conditions | All firmware versions | SEVD-2019-225-02 |
| 2019/08/13 | Modicon Ethernet / Serial RTU Module | CVE-2019-6831, CVE-2019-6810, CVE-2019-6813 | Multiple Vulnerabilities | All firmware versions | SEVD-2019-225-03 |
| 2019/08/13 | TelevisGo | CVE-2019-8258, CVE-2018-15361, CVE-2019-8259, CVE-2019-8260, CVE-2019-8261, CVE-2019-8262, CVE-2019-8280, CVE-2019-8263, CVE-2019-8264, CVE-2019-8265, CVE-2019-8266, CVE-2019-8267, CVE-2019-8268, CVE-2019-8269, CVE-2019-8270, CVE-2019-8271, CVE-2019-8272, CVE-2019-8273, CVE-2019-8274, CVE-2019-8275, CVE-2019-8276, CVE-2019-8277 | Multiple Vulnerabilities | Versions manufactured prior to 15th July 2019. | SEVD-2019-225-05 |
| 2019/08/13 | Schneider Electric Software Update (SESU) – SUT Service Component | CVE-2019-6834 | CWE-502: Deserialization of Untrusted Data | Versions 2.1.1 to 2.3.0. | SEVD-2019-225-06 |
| 2019/08/13 | spaceLYnk & homeLYnk | CVE-2019-6832 | CWE-287: Authentication Issues | spaceLYnk all versions before 2.4.0 and Wiser for KNX (formerly known as homeLYnk) all versions before 2.4.0 | SEVD-2019-225-07 |
| 2019/08/13 | Modicon Controllers | CVE-2018-7846, CVE-2018-7849, CVE-2018-7843, CVE-2018-7848, CVE-2018-7842, CVE-2018-7847, CVE-2018-7850, CVE-2018-7845, CVE-2018-7852, CVE-2018-7853, CVE-2018-7854, CVE-2018-7855, CVE-2018-7856, CVE-2018-7857, CVE-2019-6806, CVE-2019-6807, CVE-2019-6808, CVE-2018-7844, CVE-2019-6830, CVE-2019-6828, CVE-2019-6829, CVE-2019-6809 | Multiple Vulnerabilities (Notification Updated) | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium | SEVD-2019-134-11(V2.0) |
| 2019/08/13 | Modicon Controllers and SCADAPack | CVE-2017-6034 | Authentication Bypass by Capture-Replay | Modicon Momentum M1E 171CBU98090 (All versions), Modicon Momentum M1E 171CBU98091 (All versions), Modicon M340 (All versions prior to V2.70), Modicon M580 (All versions prior to V2.01), Modicon Premium (All versions prior to V3.10), Modicon Quantum (All versions prior to V3.12), Modicon M221 (All versions), SCADAPack 32 RTU (All Versions), SCADAPack 300 series RTU (314, 330, 334, 350) (All Versions), SCADAPack 300 E and 500 E series RTU (312E, 313E, 314E, 330E, 333E, 337E, 350E, 530E, 535E) (All Versions), SCADAPack 57x RTU (570, 575) (All Versions) | SEVD-2017-065-01 (V3.0) |
| 2019/07/09 | Zelio Soft 2 | CVE-2019-6822 | CWE-416: Use After Free | V5.2 and earlier versions | SEVD-2019-190-01 |
| 2019/07/09 | Interactive Graphical SCADA System (IGSS) | CVE-2019-6827 | CWE-787: Out-of-bounds Write | Versions 14 and prior | SEVD-2019-190-02 |
| 2019/07/09 | Modicon M580 Controller | CVE-2018-7838 | CWE-119 Buffer Errors | Modicon M580 CPU - BMEP582040 all versions before V2.90 and Modicon Ethernet Module BMENOC0301 all versions before V2.16 | SEVD-2019-190-03 |
| 2019/07/09 | Modicon Controllers | CVE-2019-6819 | CWE-754: Improper Check for Unusual or Exceptional Conditions | Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium | SEVD-2019-134-05 (V1.1) |
| 2019/06/11 | PowerSCADA Expert | CVE-2019-10981 | CWE-255: Credentials Management | "PowerSCADA Expert 7.30PowerSCADA Expert 7.40PowerSCADA Expert 8.0 without Service Release 1" | SEVD-2019-162-02 |
| 2019/06/11 | U.motion Builder software V1.1 | CVE-2018-7841 | CWE-89: SQL Injection (Notification Updated) | U.motion Builder version 1.3.4 | SEVD-2019-071-02 (V1.5) PDF |
| 2019/05/16 | Intel Microarchitectural Data Sampling (Zombieload) | CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091 | Side Channel Attacks | See Security Bulletin | SESB-2019-136-01 |
| 2019/05/16 | Remote Desktop Services (RDS) | CVE-2019-0708 | Remote Code Execution | See Security Bulletin | SESB-2019-136-02 |
| 2019/05/14 | Modicon Controllers | CVE-2018-7851 | CWE-119: Buffer errors | Modicon M580 with firmware prior to V2.50 Modicon M340 with firmware prior to V3.01 BMxCRA312xx with firmware prior to V2.40 All firmware versions of Modicon Premium and 140CRA312xxx | SEVD-2019-134-10 |
| 2019/05/14 | Modicon Quantum | CVE-2019-6815, CVE-2019-6816 | Multiple Vulnerabilities | Modicon Quantum - all firmware versions | SEVD-2019-134-09 |
| 2019/05/14 | Modicon Quantum | CVE-2018-7788 | CWE-255: Credentials Management | Modicon Quantum with firmware versions prior to V2.40. | SEVD-2019-134-08 |
| 2019/05/14 | Modicon RTU Module | CVE-2019-6812 | CWE-798: Use of hardcoded credentials | BMX-NOR-0200H with firmware versions prior to V1.7 IR 19 | SEVD-2019-134-06 |
| 2019/05/14 | Modicon Controllers | CVE-2019-6819 | CWE-754: Improper Check for Unusual or Exceptional Conditions | Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium | SEVD-2019-134-05 |
| 2019/05/14 | Modicon Controllers | CVE-2019-6821 | CWE-330: Use of Insufficiently Random Values | Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum | SEVD-2019-134-03 |
| 2019/05/14 | Modicon and PacDrive Controller | CVE-2019-6820 | CWE-306: Missing Authentication for Critical Function | All versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2 | SEVD-2019-134-02 |
| 2019/02/14 | SoMachine Basic and Modicon M221 | CVE-2018-7821, CVE-2018-7822, CVE-2018-7823 | Multiple Vulnerabilities | SoMachine Basic, all versions Modicon M221, all references, all versions prior to firmware V1.10.0.0 | SEVD-2019-045-01 |
| 2019/02/14 | Vijeo Designer Lite | - | Buffer Error (CWE-119) | Vijeo Designer Lite V1.3SP1 | SEVD-2019-045-02 |
| 2019/01/14 | IIoT Monitor | CVE-2018-7835, CVE-2018-7836, CVE-2018-7837, CVE-2018-7839 | Multiple Vulnerabilities (Notification Updated) | IIoT Monitor 3.1.38 | SEVD-2018-354-03 |
| 2018/12/27 | Zelio Soft | CVE-2018-7817 | Use after free vulnerability | Zelio Soft 2 v5.1 and prior versions | SEVD-2018-361-01 |
| 2018/12/20 | EVLink Parking | CVE-2018-7800, CVE-2018-7801, CVE-2018-7802 | Multiple Vulnerabilities | EVLink Parking v3.2.0-12_v1 and earlier. | SEVD-2018-354-01 |
| 2018/12/20 | Pro-Face GP-Pro EX | CVE-2018-7832 | Improper Input Validation | Pro-Face GP-Pro EX v4.08 and previous versions | SEVD-2018-354-02 |
| 2018/12/18 | 2018/12/18 | CVE-2018-7796 | Buffer Error Vulnerability | All released versions of PowerSuite2 | SEVD-2018-351-01 |
| 2018/12/18 | Modicon Controllers | CVE-2017-6017 | Improper Check for Unusual or Exceptional Conditions Vulnerability (Notification Updated) | M340 CPUs with firmware prior to V2.9, M580 CPUs with firmware prior to V2.3, Quantum CPUs with firmware prior to V3.52, Premium CPUs all versions, M1E CPUs all versions | SEVD-2017-048-02 |
| 2018/12/14 | Triconex | Malware Discovered Affecting Triconex Safety Controllers | Malware Discovered Affecting Triconex Safety Controllers | Tricon Model MP3008, versions 10.0 – 10.4 | SEVD-2017-347-01 |
| 2018/12/13 | Power Monitoring Expert, Energy Expert (formerly Power Manager) | CVE-2018-7797 | URL redirection vulnerability | EcoStruxure™ Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure™ Energy Expert 1.3 (formerly Power Manager), EcoStruxure™ Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure™ Power Monitoring Expert (PME) v9.0, EcoStruxure™ Energy Expert v2.0, EcoStruxure™ Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module | SEVD-2018-347-01 |
| 2018/12/04 | Eurotherm by Schneider Electric GUIcon V2.0 | CVE-2018-7813, CVE-2018-7814, CVE-2018-7815 | Multiple Vulnerabilities | GUIcon Version 2.0 (Gold Build 683.0) | SEVD-2018-338-01 |
| 2018/10/25 | Schneider Electric Software Update | - | DLL hijacking | all versions prior to V2.2.0 | SEVD-2018-298-01 |
| 2018/09/27 | Modicon M221 | CVE-2018-7798 | Insufficient Verification of Data Authenticity (CWE-345) CVE-2018-7798 | Modicon M221 All Versions | SEVD-2018-270-01 |
| 2018/08/24 | Conext Combox and Conext Battery Monitor | - | USB removable media shipped with the products may have been exposed to malware | - USB media shipped with Conext Combox (sku 865-1058), all versions - USB media shipped with Conext Battery Monitor (sku 865-1080-01), all versions | SESN-2018-236-01 |
| 2018/08/23 | Modicon M221 | CVE-2018-7790, CVE-2018-7792, CVE-2018-7791 | Multiple Vulnerabilities CVE-2018-7790, CVE-2018-7792, CVE-2018-7791 | Modicon M221, all references, all versions prior to firmware V1.6.2.0. | SEVD-2018-235-01 |
| 2018/08/21 | Modicon M221 | CVE-2018-7789 | Improper Check for Unusual or Exceptional Conditions CVE-2018-7789 | Modicon M221, all references, all versions prior to firmware V1.6.2.0. | SEVD-2018-233-01 |
| 2018/08/16 | PowerLogic PM5560 | CVE-2018-7795 | Cross Protocol Injection CVE-2018-7795 | PM5560 prior to FW version 2.5.4 | SEVD-2018-228-01 |
| 2018/05/31 | U.Motion Builder | CVE-2018-7784 CVE-2018-7785 CVE-2018-7786 CVE-2018-7787 | Multiple Vulnerabilities CVE-2018-7784 CVE-2018-7785 CVE-2018-7786 CVE-2018-7787 | All versions prior to 1.3.4 | SEVD-2018-151-01 |
| 2018/05/24 | EcoStruxure Modicon Builder | CVE-2016-10395, CVE-2017-5571, CVE-2016-2177 | Multiple Vulnerabilities CVE-2016-10395 CVE-2017-5571 CVE-2016-2177 | V3.0 and prior versions | SEVD-2018-144-01 |
| 2018/05/22 | SoMachine Basic | CVE-2018-7783 | CVE-2018-7783 Out-Of-Band Remote Arbitrary Data Retrieval | All versions prior to v1.6 SP1 | SEVD-2018-142-01 |
| 2018/05/17 | PlantStruxure PES | CVE-2016-10395 CVE-2017-5571 CVE-2016-2177 | Multiple Vulnerabilities • CVE-2016-10395 • CVE-2017-5571 • CVE-2016-2177 | V4.3 SP1 and prior versions | SEVD-2018-137-01 |
| 2018/04/19 | EVlink Charging Station | CVE-2018-7778 | CVE-2018-7778 | All versions prior to v3.2.0-12_v1 | SEVD-2018-109-01 |
| 2018/04/19 | Wiser for KNX (formerly homeLYnk / spaceLYnk) | CVE-2018-7779 | CVE-2018-7779 | • Wiser for KNX, V2.1.0 and prior • homeLYnk V2.0.1 and prior • spaceLYnk V2.1.0 and prior | SEVD-2018-109-02 |
| 2018/04/05 | U.motion Builder | CVE-2018-7763, CVE-2018-7764, CVE-2018-7765, CVE-2018-7766, CVE-2018-7767, CVE-2018-7768, CVE-2018-7769, CVE-2018-7770, CVE-2018-7771, CVE-2018-7772, CVE-2018-7773, CVE-2018-7774, CVE-2018-7776, CVE-2018-7777, CVE-2018-7494 | Multiple vulnerabilities | All versions prior to v1.3.4 | Security Notification – U.motion Builder |
| 2018/03/22 | Modicon | CVE-2018-7240, CVE-2018-7241, CVE-2018-7242 | Arbitrary code execution, hardcoded accounts, vulnerable hash algorithms | All Modicon Premium, Quantum, M340 and BMXNOR0200 controllers | Security Notification - Embedded FTP Servers for Modicon |
| 2018/03/22 | Modicon | CVE-2018-7759, CVE-2018-7760, CVE-2018-7761, CVE-2018-7762 | Denial of service, authorization bypass, arbitrary code execution, buffer overflow | All Modicon M340, Premium, Quantum PLCs and BMXNOR0200 | Security Notification - Embedded Web Servers for Modicon |
| 2018/03/15 | MGE Network Management Card Transverse installed in MGE UPS and MGE STS | CVE-2018-7243, CVE-2018-7244, CVE-2018-7245, CVE-2018-7246 | Authorization Bypass, Information Exposure, Improper Authorization, Cleartext Transmission of Sensitive Information | MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Comet 3000, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000, MGE STS (Upsilon and Epsilon) | Security Notification – MGE Network Management Card Transverse installed in MGE UPS and MGE STS |
| 2018/03/15 | MiCOM P540D Range with Legacy Ethernet Board | CVE-2018-7758 | Denial of Service | Within this list of product versions only products with CORTEC digit 9 = “8” (DNP3oE protocol -enabled) are affected : MiCOM P445 versions: 35, 36, 37, E0, F0*, F1, F2 MiCOM P443, P446 versions: 54, 55, 57, B0, D0*, D1, D2 MiCOM P543 to P546 versions: 44, 54, 45, 55, 47, 57, A0, B0, C0*, DO*, D1, D2 MiCOM P841A versions: 44, 45, 47, A0, C0(*), C1, C2 MiCOM P841B versions: 54, 55, 57, B0, D0*), D1, D2 *Excluding minor revision F | Security Notification – MiCOM P540D Range with Legacy Ethernet Board |
| 2018/03/15 | MiCOM Px4x with Legacy Ethernet Board | CVE-2018-7758 | Denial of Service | Within this list of product versions only products with CORTEC digit 9 = “8” (DNP3oE protocol) and last digit = “J” or “K” (Hardware version) are affected MiCOM P14x version 46, MiCOM P44x version D6 excluding D6(E), MiCOM P64x all versions, MiCOM P849 all versions | Security Notification – MiCOM Px4x with Legacy Ethernet Board |
| 2018/03/15 | MiCOM Px4x Rejuvenated | CVE-2018-7758 | Denial of Service | Within this list of product versions only products with CORTEC digit 9 = “8” (DNP3oE protocol) and last digit = “L” or “M” (Hardware version) are affected MiCOM P540D range:MiCOM P443 version H4, MiCOM P445 version H4, MiCOM P446 version H4, MiCOM All P54x version H4, MiCOM P841A version H4, MiCOM P841B version H4 MiCOM Px4x: MiCOM P14x all versions except B2(B), MiCOM P44x all versions, MiCOM P64x all versions, MiCOM P746 all versions, MiCOM P849 all versions | Security Notification – MiCOM Px4x Rejuvenated |
| 2018/03/01 | SoMove | CVE-2018-7239 | DLL Hijacking | V2.6.2 and prior | Security Notification – SoMove |
| 2018/02/20 | Saitel DP | CVE-2016-5195 | CVE-2016-5195 | all versions prior to 11.06.04 | Security Notification – Saitel DP |
| 2018/02/15 | EcoStruxure Power Monitoring Expert, Energy Expert (formerly Power Manager), EcoStruxure Power SCADA Operations (formerly PowerSCADA Expert) | CVE-2016-10395 | CVE-2016-10395 | EcoStruxure Power Monitoring Expert 8.2 (Standard, DC, HC Editions) StruxureWare Power Monitoring Expert 8.1 (Standard, DC, HC Editions) StruxureWare Power Monitoring Expert 8.0 (Standard, DC, HC, Buildings Editions) StruxureWare Power Monitoring Expert 7.2.x Energy Expert 1.x (formerly Power Manager) EcoStruxure Power SCADA Operations 8.x (formerly PowerSCADA Expert) (Only with Advanced Reports and Dashboards Module | Security Notification – EcoStruxure Power Monitoring Expert, Energy Expert (formerly Power Manager), EcoStruxure Power SCADA Operations (formerly PowerSCADA |
| 2018/02/15 | SCADA Expert Vijeo Citect / CitectSCADA, Vijeo Historian / Citect Historian™ ,CitectHistorian, and Citect™ Anywhere | CVE-2016-10395, CVE-2017-5571, CVE-2016-2177 | CVE-2016-10395, CVE-2017-5571, CVE-2016-2177 | Version 7.30, 7.40 of SCADA Expert Vijeo Citect / CitectSCADA™ Version 2015, 2016 of CitectSCADA Version 4.40, 4.50 of Vijeo Historian / Citect Historian™ Version 2016 of CitectHistorian Citect™ Anywhere | Vulnerability within Schneider Electric Floating License Manager |
| 2018/02/08 | StruxureOn Gateway | CVE-2017-9970 | Remote Code Execution | V1.1.3 and prior versions | Security Notification – StruxureOn Gateway |
| 2018/02/08 | IGSS Mobile | CVE-2017-9968, CVE-2017-9969 | Lack of certificate pinning, cleartext storage of password and other sensitive data | Android and iOS, version 3.01 and prior versions | Security Notification – IGSS Mobile |
| 2018/02/06 | Spectre and Meltdown | CVE-2017-5754, CVE-2017-5753, CVE-2017-5715 | side channel attacks | See Security Notification | Security Notification- Spectre and Meltdown |
| 2018/02/06 | IGSS SCADA Software | CVE-2017-9967 | Security Misconfiguration | V12 and all previous versions | Security Notification – IGSS SCADA Software |
| 2017/03/02 | VAMPSET | CVE-2017-7967 | Memory Corruption | v2.2.189 and prior | Security Notification – VAMPSET |
| 2017/03/27 | Wonderware InTouch Access Anywhere | - | Cross-Site Request Forgery, Information Exposure, Inadequate Encryption Strength | v11.5.2 and prior | LFSEC00000114 |
| 2017/05/26 | Samba Vulnerability | CVE-2017-7494 | Remote code execution | All versions after 3.5 | Security Notification – Samba Vulnerability |
| 2017/05/15 | Customers running Windows OS | CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148 | WannaCry Ransomware Attack | All versions | Security Notification – WannaCry Ransomware Attack |
| 2017/04/28 | Wonderware Historian Client | - | XML Injection Vulnerability | v2014 R2 SP1 and prior | LFSEC00000120 |
| 2017/03/01 | SCADA Expert ClearSCADA | - | Denial of Service | v2015 R2 and prior | Security Notification – SCADA Expert ClearSCADA |
| 2016/12/27 | PlantStruxure PES License Manager | CVE-2015-8277 | Buffer Overflow | All versions | Security Notification – PlantStruxure PES License Manager |
| 2016/12/27 | PlantStruxure PES Software | - | Arbitrary Code Execution | All versions | Security Notification – PlantStruxure PES Software |
| 2016/10/28 | Magelis HMI | - | Denial of Service and Loss of Communications | Multiple products, see notification | Security Notification - Magelis HMI |
| 2016/10/26 | Connexium Firewall | - | Buffer Overflow | ConneXium Firewall, all versions | Security Notification - Connexium Firewall |
| 2016/10/14 | Unity PRO Software | - | Remote Code Execution using Unity Simulator | Unity PRO, all versions prior to V11.1 | Security Notification - Unity Simulator |
| 2016/09/27 | PM800 ECC Power Meter | - | Unauthenticated Access | PowerLogic PM8ECC, all firmware versions up to 2.651 | Security Notification - PM800 ECC Power Meter |
| 2016/06/10 | SoMachine HVAC Programming Software | - | Remote Code Execution | SoMachine HVAC Programming Software v2.0.2 | Security Notification - SoMachine HVAC Programming Software |
| 2016/03/14 | Pro-Face GP-Pro EX | CVE-2016-2292, CVE-2015-2291, CVE-2015-2290, CVE-2015-7921 | Multiple Vulnerabilities | GP-Pro EX, see disclosure | Security Notification - Pro-Face GP-Pro EX |
| 2016/03/12 | SAGE RTU | - | Improper Ethernet Frame Padding | SAGE RTU, see disclosure | Security Notification - SAGE RTU |
| 2016/02/29 | MiCOM Px30 and Px40 Protective Relay | - | Integer Overflow | MiCOM Px30 and Px40, all versions | Security Notification - MiCOM Protection Relays |
| 2016/02/17 | ConneXium Managed Switch | - | Password synchronization issue | See disclosure | Security Notification - ConneXium |
| 2016/02/04 | ConneXium Lite Managed Switch | - | Unauthorized upload of firmware | TCSESL043F23F0, and versions 01.01 and all previous versions | Security Notification - ConneXium |
| 2016/01/25 | StruxureWare Building Operations | - | Weak Credentials and OS Command Injection | Automation Server series (AS, AS-P), V1.7 and prior | Security Notification - SBO Automation Server |
| 2016/01/20 | Altivar Drives | - | Modification of Drive Parameters | See disclosure | Altivar, Cyber security Information and Guidance (01/2016) |
| 2016/01/11 | MiCOM C264 | - | Integer Overflow | See disclosure | Security Notification - MiCOM C264 |
| 2015/12/10 | M340 PLC | - | Buffer Overflow | See disclosure | Security Notification - GoAhead Web Server Vulnerability |
| 2015/11/25 | ProClima SW | - | Remote Code Execution | ProClima, all versions prior to V6.2 | Security Notification - ProClima Software |
| 2015/09/11 | Struxureware Building Expert | CVE-2015-3962 | Cleartext Data Transmission | Struxureware Building Expert, prior to version 2.15 | Security Notification - Struxureware Building Expert |
| 2015/09/08 | InduSoft Web Studio | - | Multiple vulnerabilities | InduSoft Web Studio V7.1.3.6 and previous versions | Security Notification - InduSoft Web Studio Vulnerabilities |
| 2015/08/21 | Modicon M340 PLC | - | Remote File Inclusion | See disclosure | Security Notification - Modicon PLC Web Servers |
| 2015/07/30 | DTM for IMT25 Magnetic Flow | - | Buffer Overflow | IMT25 DTM V1.500.000 and previous | Security Notification - DTM for IMT25 Magnetic Flow |
| 2015/07/15 | ConneXium Managed Switch | - | Authentication Bypass | ConneXium Managed Switch, see disclosure | Security Notification - ConneXium Managed Switches |
| 2015/06/23 | Wonderware InTouch, AppServer, Historian, SuiteLink | - | Binary Planting | Wonderware System Platform 2014 R2 and earlier | LFSEC00000106 |
| 2015/06/23 | PowerChute Business Edition | - | Cross Site Scripting | PCBE Agent V9.0.3 | FA247020 |
| 2015/06/11 | SAGE RTU | - | TCP Sequence Number Predictability | See disclosure | Security Notification - SAGE RTU |
| 2016/12/08 | Data Center Expert Software | - | Storage of passwords | 7.3.1.114, 7.2.4 and earlier versions | Security Notification – Data Center Expert |
| 2016/11/30 | Power Monitoring Expert and PowerSCADA Expert Software | CVE-2015-8277 | Flexera License Manager Component Buffer Overflow | See disclosure | Security Notification – Power Monitoring Expert and PowerSCADA Expert |
| 2016/11/29 | Vijeo Citect, Citect SCADA, Vijeo Historian, and Citect Historian | - | Flexera License Manager Component Buffer Overflow | See disclosure | Security Notification – Vijeo Citect, Citect SCADA, Vijeo Historian, Citect Historian |
| 2015/05/13 | OPC Factory Server (OFS) | - | DLL Hijacking | V3.5 and all previous versions | Security Notification: OPC Factory Server (OFS) |
| 2015/04/10 | InduSoft Web Studio | - | Cleartext Project Window Password Storage | 7.1.3.4 and all previous versions | Security Notification - InduSoft Web Studio |
| 2015/03/25 | VAMPSET Software | - | Buffer Overflow | 2.2.145 and all previous versions | Security Notification - VAMPSET Software |
| 2015/02/23 | InduSoft Web Studio | - | Multiple Vulnerabilities | 7.1.3.2 and all previous versions | Security Notification - InduSoft Web Studio Vulnerabilities |
| 2015/02/23 | InTouch Machine Edition 2014 | - | Multiple Vulnerabilities | 7.1.3.2 and all previous versions | Security Notification - InTouch Machine Edition Vulnerability Disclosure |
| 2015/02/20 | DTM Software for SRD 960 and SRD 991 Control Valve Positioners | - | Stack Buffer Overflow | 3.1.6 and all previous versions | Vulnerability Disclosure for SRD960 and SRD991 Valve Positioner DTM |
| 2015/01/09 | SoMove, Unity, SoMachine | - | Insecure DLL in FDT1 DTM Setup | See attached | Security Notification - FDT V1.2 DTMs |
| 2015/01/08 | ETG 3000 FactoryCast Gateway | - | Multiple Vulnerabilities | TSXETG3000 all versions TSXETG3010 all versions TSXETG3021 all versions TSXETG3022 all versions | Vulnerability Disclosure - ETG3000 FactoryCast HMI Gateway |
| 2017/01/11 | HomeLYnk Controller | - | Cross-Site Scripting | All versions prior to V1.50 | Security Notification – homeLYnk Controller |
| 2017/02/17 | M340 Controller | - | Resource Exhaustion | All versions prior to V2.9 | Security Notification – M340 Controller |
| 2017/02/13 | Wonderware Tableau Server | - | Privilege Escalation | Tableau Server versions 7.0 to 10.1.3 | LFSEC00000119 |
| 2017/02/17 | M221/M241 Controller | - | Demonstration of exploit at RSA Conference | All versions | Security Notification – M221_M241 Controller |
| 2017/02/21 | HomeLYnk Controller | - | Command Injection | v1.5.1 and prior | Security Notification – HomeLYnk Controller |
| 2017/02/21 | Conext ComBox | - | Denial of Service | v3.03 BN 830 and all firmware versions prior | Security Notification – Conext ComBox |
| 2017/03/06 | Modicon PLC | CVE-2017-6028 | Improper session key implementation | 171CBU98090 - All versions 171CBU98091 - All versions | Security Notification – Modicon Family of PLCs |
| 2017/03/16 | Modicon | - | TCP Predictability | M221/M241/M251 | Security Notification – Modicon M221/M241/M251 |
| 2017/03/16 | Modicon | - | Authentication Bypass (session cookie) | M241/M251 | Security Notification – Modicon M241/M251 |
| 2017/03/16 | Modicon | - | Authentication Bypass (credentials) | M241/M251 | Security Notification – Modicon M241/M251 |
| 2017/03/24 | PowerSCADA Expert Licensing Brick | CVE-2016-6273 | Denial of Service | 171CBU98090 - All versions 171CBU98091 - All versions | Security Notification – PowerSCADA Expert Licensing Brick |
| 2017/03/24 | PlantStruxure PES License Manager | CVE-2016-6273 | Denial of Service | v11 and prior | Security Notification – PlantStruxure PES License Manager |
| 2017/03/24 | Citect Floating License Manager | - | Denial of Service | SCADA Expert Vijeo Citect / CitectSCADA- V7.30, 7.40, 7.50, 8.0 Vijeo Historian/Citect Historian –V4.40, 4.50, 4.60, Citect Anywhere | Security Notification – Citect Floating License Manager |
| 2017/03/31 | IGSS Software | - | DLL Hijacking | v12 and prior | Security Notification – IGSS Software |
| 2017/03/31 | Wonderware InduSoft Web Studio | - | Privilege Escalation | v8.0 Patch 3 and prior | Security Notification – Wonderware InduSoft Web Studio |
| 2017/04/07 | SoMachine Basic | CVE-2017-7574 | Hardcoded Password-Fixed Key | v1.5 and prior | Security Notification – SoMachine Basic |
| 2017/04/07 | Modicon M221 / SoMachine Basic | CVE-2017-7575 | Weak Authentication/Authorization | v1.5.0.1 of Modicon M221 firmware and prior and v1.5 of SoMachine versions and prior | Security Notification – Modicon M221_SoMachine Basic |
| 2017/05/05 | SoMachine HVAC Programming Software | - | Buffer Overflow | SoMachine HVAC v2.1.0 Programming Software for M171/M172 Controllers | Security Notification – SoMachine HVAC Programming Software |
| 2017/05/05 | SoMachine HVAC Programming Software | - | DLL Hijacking | SoMachine HVAC v2.1.0 Programming Software for M171/M172 Controllers | Security Notification – SoMachine HVAC Programming Software |
| 2017/06/20 | Citect Anywhere | - | Cross site request forgery, outdated cipher suites, arbitrary server target nodes, escaping Citect app | v1.0 | Security Notification – Citect Anywhere |
| 2017/06/15 | Crash Override/Industroyer | - | Malware Module | Customers leveraging IEC870-5-101, IEC870-5- 104, IEC61850, and OPC DA Protocols | Security Notification – Crash Override |
| 2017/06/22 | PowerSCADA Anywhere | CVE-2017-7969, CVE-2017-7970, CVE-2017-7971, CVE-2017-7972 | Cross site request forgery, outdated cipher suites, arbitrary server target nodes, escaping application | Version 1.0 of PowerSCADA Anywhere redistributed with PowerSCADA Expert v8.1 and v8.2 | Security Notification – PowerSCADA Anywhere |
| 2017/06/27 | U.motion Builder Software | CVE-2017-7973, CVE-2017-7974, CVE-2017-9956, CVE-2017-9957, CVE-2017-9958, CVE-2017-9959, CVE-2017-9960 | SQL injection, Path Traversal, Authentication Bypass, Hard-Coded Password, Improper Access Control, Denial of Service, Information Disclosure | v1.2.1 and prior | Security Notification – U.motion Builder Software |
| 2017/06/28 | Petya | - | Ransomware attacks | Customers who have not applied MS17-010 patch | Security Notification – Petya Ransomware |
| 2017/06/30 | Wonderware ArchestrA Logger | - | Stack-based buffer overflow, uncontrolled resource consumption, null pointer dereference | v2017.426.2307.1 and prior | LFSEC00000116 |
| 2017/06/30 | Ampla MES | - | Cleartext Storage of Sensitive Information, Use of Password Hash with Insufficient Computational Effort | v6.4 and prior | LFSEC00000118 |
| 2017/07/14 | Pro-face GP-Pro EX | CVE-2017-9961 | Arbitrary code execution | Version 4.07.000 | Security Notification – Pro-face GP-Pro EX |
| 2017/07/18 | Trio TView Software | 100+ | Java Runtime Environment vulnerabilities | v3.27.0 and prior | Security Notification – Trio TView Software |
| 2017/08/24 | PowerSCADA Expert | CVE-2017-9629, CVE-2017-9627, CVE-2017-9631 | Remote Code Execution, Memory Leaks, Null Pointer Dereferences | Wonderware ArchestrA Logger component used within the PowerSCADA Expert v8.2 product | Security Notification – PowerSCADA Expert |
| 2017/09/15 | Indusoft Web Studio | - | Remote Arbitrary Command Execution | InduSoft Web Studio v8.0 SP2 and prior | LFSEC00000121 |
| 2017/09/21 | ClearSCADA | CVE-2017-9962 | Memory Allocation | ClearSCADA 2017, 2015 R2, 2015 R1.1, 2015 R1 and all prior versions | Security Notification – ClearSCADA |
| 2017/11/07 | EcoStruxure Power Monitoring Expert, EcoStruxure Building Operation & StruxureWare PowerSCADA Expert | CVE-2017-11357 | cryptographic weakness in Telerik component | EcoStruxure Power Monitoring Expert 8.2, 8.1, 8.0, 7.2.x, EcoStruxure Building Operation - Energy Expert, & StruxureWare PowerSCADA Expert versions 8.0, 8.1, 8.2, when using Advanced Reporting & Dashboards Module ONLY | Security Notification – EcoStruxure Power Monitoring Expert, EcoStruxure Building Operation & StruxureWare PowerSCADA Expert |
| 2017/11/09 | InduSoft Web Studio & InTouch Machine Edition | - | Remote Code Execution | InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions | LFSEC00000124 |
| 2017/12/07 | EcoStruxure Substation Operation User Interface | CVE-2017-3635, CVE-2017-3636, CVE-2017-3641, CVE-2017-3651, CVE-2017-3652 | Vulnerabilities in MySQL Server | MySQL Server version 5.5.56 and earlier impacting EcoStruxure Substation Operation User Interface (formerly EcoSUI) version 2.1.17279 and earlier. | Security Notification – EcoStruxure Substation Operation User Interface |
| 2017/12/13 | Triconex | - | Malware Discovered Affecting Triconex Safety Controllers | All versions | Security Notification - Malware Discovered Affecting Triconex Safety Controllers |
| 2014/12/19 | Wonderware InTouch Access Anywhere Server | - | Stack-based Buffer Overflow | See attached | LFSEC00000104 |
| 2014/12/12 | APC Products | CVE-2014-3566 | POODLE SSL V3 Vulnerability | Multiple Products | FA236744 |
| 2014/12/10 | ProClima Software | CVE-2014- 8513, CVE-2014-8514, CVE-2014-9188, CVE2014-8511, CVE-2014-8512 | ActiveX Control Vulnerability | ProClima V6.0.1 and previous | SEVD-2014-344-01 |
| 2014/10/30 | APC Products | CVE-2014-6271,CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278 | Shellshock - Bash Utility Vulnerability | Multiple Products | FA234833 |
| 2014/09/16 | Modicon PLC Ethernet Comm Modules | - | Authentication Bypass on Web Server | Many products affected - see disclosure for more details | SEVD-2014-260-01 |
| 2014/09/04 | VAMPSET Software | - | Software halt | VAMPSET V2.2.136 and previous | SEVD-2014-247-01 |
| 2014/08/29 | SCADA Expert ClearSCADA | - | Weak Self-signed Certificate | SCADA Expert ClearSCADA, all versions prior to September 2014 (see disclosure for details) | SEVD-2014-241-01 |
| 2014/08/29 | SCADA Expert ClearSCADA | - | Multiple Vulnerabilities | SCADA Expert ClearSCADA, all versions prior to September 2014 (see disclosure for details) | SEVD 2014-241-01A |
| 2014/08/15 | Wonderware Information Server | - | Multiple Vulnerabilities | Wonderware Information Server, V5.5 and all versions prior (see disclosure for details) | LFSEC00000102 |
| 2014/03/25 | OPC Factory Server | - | Buffer Overflow | OFS v3.5 and previous | SEVD 2014-084-01 |
| 2014/01/31 | OPC Factory Server | - | Buffer Overflow in C++ Sample Code | OPC Factory Server V3.35 and previous | SEVD 2014-031-01 |
| 2014/01/24 | SCADA Expert Vijeo Citect | - | Unhandled Exception | StruxureWare SCADA Expert Vijeo Citect v7.40 | SEVD 2014-024-02 |
| 2014/01/24 | Vijeo Citect | - | Unhandled Exception | Vijeo Citect v7.20 to v7.30SP1 | SEVD 2014-024-02 |
| 2014/01/24 | CitectSCADA | - | Unhandled Exception | CitectSCADA v7.20 to v7.30SP1 | SEVD 2014-024-02 |
| 2014/01/24 | PowerSCADA Expert | - | Unhandled Exception | StruxureWare PowerSCADA Expert v7.30 to v7.30SR1 | SEVD 2014-024-02 |
| 2014/01/24 | PowerLogic SCADA | - | Unhandled Exception | PowerLogic SCADA v7.20 to v7.20SR1 | SEVD 2014-024-02 |
| 2014/01/24 | SCADA Expert ClearSCADA | - | File Parsing | ClearSCADA 2010 R3.1 or previous | SEVD 2014-024-01 |
| 2014/01/24 | SCADA Expert ClearSCADA | - | File Parsing | SCADA Expert ClearSCADA R2 or previous | SEVD 2014-024-01 |
| 2014/01/15 | Floating License Manager | - | Unquoted Service Path | Versions 1.0.0 to 1.4.0 | SEVD 2014-015-01 |
| 2013/12/30 | Sage 3030 RTU | - | Improper DNP3 Input Validation | SAGE 3030 C3413-500-001D3_P4 | SEVD 2013-364-01 |
| 2013/12/30 | Sage 3030 RTU | - | Improper DNP3 Input Validation | SAGE 3030 C3413-500-001F0_PB | SEVD 2013-364-01 |
| 2013/12/18 | Accutech Manager Configuration Software | - | SQL Injection | All versions prior to 2.00.4 | SEVD 2013-352-01 |
| 2013/12/11 | SCADAPack 33x, 35x | - | VxWorks Debug Port | SCADAPack 33x V1.71 or previous | SEVD 2013-345-01 |
| 2013/12/11 | SCADAPack 33x, 35x | - | VxWorks Debug Port | SCADAPack 35x V1.71 or previous | SEVD 2013-345-01 |
| 2013/12/10 | SUI Software | - | Buffer Overflow | SUI V1.1 RC6 | SEVD 2013-344-01 |
| 2013/12/10 | SUI Software | - | Buffer Overflow | SUI V1.1 RC7 | SEVD 2013-344-01 |
| 2013/12/05 | SCADA Expert ClearSCADA Software | - | DNP3 Driver Fuzzing Vulnerability | ClearSCADA 2010 - see disclosure | SEVD 2013-339-01 |
| 2013/12/05 | SCADA Expert ClearSCADA Software | - | DNP3 Driver Fuzzing Vulnerability | SCADA Expert ClearSCADA 2013 - see disclosure | SEVD 2013-339-01 |
| 2013/09/13 | StruxureWare SCADA | - | Incorrect Handling of Web Requests | SCADA Expert ClearSCADA 2013 R1 | SEVD 2013-213-01 |
| 2013/09/13 | Expert ClearSCADA Software | - | Incorrect Handling of Web Requests | SCADA Expert ClearSCADA 2013 R1.1 | SEVD 2013-213-01 |
| 2013/09/13 | Expert ClearSCADA Software | - | Incorrect Handling of Web Requests | SCADA Expert ClearSCADA 2013 R1.1a | SEVD 2013-213-01 |
| 2013/08/23 | OPC Factory Server (OFS) | - | XML External Entity | OFS v3.40 and all previous versions | SEVD 2013-235-01 |
| 2013/08/08 | Trio Radio | - | AES Encryption Key Generation | Trio J Series License Free Ethernet Radio V3.6.0, V3.6.1, V3.6.2 and V3.6.3 | SEVD 2013-143-01 |
| 2013/07/31 | Many - see disclosure | - | Default Passwords | Many - see disclosure | SEVD 2013-212-01 |
| 2013/07/16 | Vijeo Citect | - | XML External Entity | Vijeo Citect v7.2 and previous | SEVD 2013-197-01 |
| 2013/07/16 | Citect SCADA | - | XML External Entity | Citect SCADA v7.2 and previous | SEVD 2013-197-01 |
| 2013/07/16 | Power Logic SCADA | - | XML External Entity | PowerLogic SCADA v7.2 and previous | SEVD 2013-197-01 |
| 2013/06/06 | See disclosure | - | Microsoft Common Controls | See disclosure | SEVD 2013-157-01 |
| 2013/04/11 | Citect SCADA | - | Buffer Overflow affecting Mitsubishi MX Component v3 Trial provided on Distribution Disk | Citect SCADA v7.0 | SEVD 2013-101-01 |
| 2013/04/11 | Citect Facilities | - | Buffer Overflow affecting Mitsubishi MX Component v3 Trial provided on Distribution Disk | Citect Facilities v7.1 | SEVD 2013-101-01 |
| 2013/04/08 | MiCOM S1 Studio Software | - | Read/Write access to executables in the Program Files directory | MiCOM S1 Studio Software, all versions | SEVD 2013-087-01 |
| 2013/03/11 | Modbus Serial Driver | - | Buffer Overflow | TwidoSuite | SEVD 2013-070-01 |
| 2013/03/11 | Modbus Serial Driver | - | Buffer Overflow | PowerSuite | SEVD 2013-070-01 |
| 2013/03/11 | Modbus Serial Driver | - | Buffer Overflow | SoMove | SEVD 2013-070-01 |
| 2013/03/11 | Modbus Serial Driver | - | Buffer Overflow | SoMachine | SEVD 2013-070-01 |
| 2013/03/11 | Modbus Serial Driver | - | Buffer Overflow | Unity Pro | SEVD 2013-070-01 |
| 2013/03/11 | Modbus Serial Driver | - | Buffer Overflow | Unity Loader | SEVD 2013-070-01 |
| 2013/03/11 | Modbus Serial Driver | - | Buffer Overflow | OFS | SEVD 2013-070-01 |
| 2013/03/11 | Modbus Serial Driver | - | Buffer Overflow | PL7 | SEVD 2013-070-01 |
| 2013/03/11 | Modbus Serial Driver | - | Buffer Overflow | Concept | SEVD 2013-070-01 |
| 2013/02/25 | TAC I/A G3 Series SW | - | Directory Traversal | TAC I/A G3 ver. 3.5 and 3.6 | SEVD 2013-056-01 |
| 2013/01/23 | Quantum, Premium, | - | Multiple vulnerabilities | See attached | SEVD 2013-023-01 |
| 2013/01/23 | M340 PLC Communication Modules | - | Multiple vulnerabilities | See attached | SEVD 2013-023-01 |
| 2013/01/21 | Accutech Manager Software Tool | - | Heap Overflow | Accutech Manager SW v2.00.1 and older | SEVD 2013-021-01 |
| 2013/01/17 | PacDrive M, LMC 10/20, | - | Unauthorized Access to User Functions | See attached | SEVD 2013-017-01 |
| 2013/01/17 | LC3, BLM3, BLS, TLM, TLC, TLCC, ATV-CI, SMC, | - | Unauthorized Access to User Functions | See attached | SEVD 2013-017-01 |
| 2013/01/17 | Altivar ATV-IC | - | Unauthorized Access to User Functions | See attached | SEVD 2013-017-01 |
| 2013/01/10 | IGSS | - | Buffer Overflow | IGSS V9 | IGSS v9 Program Update (zip, 25Mb) |
| 2013/01/10 | IGSS | - | Buffer Overflow | IGSS V10 | IGSS V10 Program Update (zip, 11Mb) |
| 2013/01/09 | Schneider Electric Software Update (SESU) Utility | - | Non-signed client/server communication | IDS | SEVD 2013-009-01 |
| 2013/01/09 | Schneider Electric Software Update (SESU) Utility | - | Non-signed client/server communication | PowerSuite | SEVD 2013-009-01 |
| 2013/01/09 | Schneider Electric Software Update (SESU) Utility | - | Non-signed client/server communication | Smart Widget | SEVD 2013-009-01 |
| 2013/01/09 | Schneider Electric Software Update (SESU) Utility | - | Non-signed client/server communication | SoMachine | SEVD 2013-009-01 |
| 2013/01/09 | Schneider Electric Software Update (SESU) Utility | - | Non-signed client/server communication | Spacial.pro | SEVD 2013-009-01 |
| 2013/01/09 | Schneider Electric Software Update (SESU) Utility | - | Non-signed client/server communication | Unity Pro | SEVD 2013-009-01 |
| 2013/01/09 | Schneider Electric Software Update (SESU) Utility | - | Non-signed client/server communication | Vijeo Designer | SEVD 2013-009-01 |
| 2013/01/09 | Schneider Electric Software Update (SESU) Utility | - | Non-signed client/server communication | Web Gate Client Files | SEVD 2013-009-01 |
| 2012/12/06 | EzyLog Monitor | - | Multiple Vulnerabilities | EzyLog Monitor, P/N PVSNVLOG all versions | |
| 2012/09/17 | NMC Device IP Wizard | CVE-2012-4681 | Java Vulnerability | NMC Device IP Wizard (Java Ver 7) | FA162073 (pdf file, 152Kb) |
| 2012/09/17 | Netbotz Advanced View | CVE-2012-4681 | Java Vulnerability | Netbotz Advanced View (Java Ver 6) | FA162073 (pdf file, 152Kb) |
| 2012/09/17 | PowerChute Network Shutdown | CVE-2012-4681 | Java Vulnerability | PowerChute Network Shutdown (Java Ver 6) | FA162073 (pdf file, 152Kb) |
| 2012/09/17 | PowerChute Business Edition | CVE-2012-4681 | Java Vulnerability | PowerChute Business Edition (Java Ver 6) | FA162073 (pdf file, 152Kb) |
| 2012/09/17 | StruxureWare Data Center Expert | CVE-2012-4681 | Java Vulnerability | StruxureWare Data Center Expert (Java Ver 6) | FA162073 (pdf file, 152Kb) |
| 2012/09/17 | StruxureWare Operations | CVE-2012-4681 | Java Vulnerability | StruxureWare Operations (Java Ver 6) | FA162073 (pdf file, 152Kb) |
| 2012/08/17 | TAC I/A Series G3 Software | - | Multiple vulnerabilities | All current versions of TAC I/A Series G3 Software | TAC I/A Series G3 Software |
| 2012/02/17 | AQUIS | - | DLL Hijacking | AQUIS V1.5 and any previous version | AQUIS Patch (exe file, 163Mb) |
| 2012/02/17 | TERMIS | - | DLL Hijacking | TERMIS V2.10 and any previous version | TERMIS Patch (exe file, 175Mb) |
| 2012/02/16 | Quantum PLC | - | Metasploit tools to exploit HTTP user/PW information | All | RES207443 |
| 2012/01/16 | IGSS | - | IGSS DLL Hijacking | All versions prior to V9.0.0.11291 | IGSS Program Updates |
| 2012/01/12 | Quantum PLC | - | Multiple vulnerabilities | See Resolution 206895 | RES206895 |
| 2012/01/12 | Premium PLC | - | Multiple vulnerabilities | See Resolution 206895 | RES206895 |
| 2012/01/12 | M340 PLC | - | Multiple vulnerabilities | See Resolution 206895 | RES206895 |
| 2012/01/12 | Advantys STB DIO | - | Multiple vulnerabilities | See Resolution 206895 | RES206895 |
| 2012/01/12 | Quantum PLC | - | Multiple vulnerabilities | See Resolutions and 297906 | RES207378 and RES297906 |
| 2012/01/12 | Premium PLC | - | Multiple vulnerabilities | See Resolutions 207378 | RES207378 |
| 2011/12/21 | IGSS | - | IGSS Buffer Overflow | v9.0.0.11355 and previous | IGSS Program Updates |
| 2011/12/20 | IGSS Data Server | - | Denial of Service and Buffer Overflow | v9.0.0.11200 and previous | IGSS Program Updates |
| 2011/12/12 | ION Power Meters and ION Setup SW | - | Remote factory-level access | ION 7500/7600/8300/ | ION Meter Information |
| 2011/12/12 | ION Power Meters and ION Setup SW | - | Remote factory-level access | 8400/8500 all versions | ION 7550 Patch |
| 2011/12/12 | ION Power Meters and ION Setup SW | - | Remote factory-level access | - | ION 7650 Patch |
| 2011/12/12 | ION Power Meters and ION Setup SW | - | Remote factory-level access | ION 7550/7650 prior to v371 | ION 8600 Patch |
| 2011/12/12 | ION Power Meters and ION Setup SW | - | Remote factory-level access | ION 8600 prior to v335 | ION 8650 Patch |
| 2011/12/12 | ION Power Meters and ION Setup SW | - | Remote factory-level access | ION 8650 prior to v403 | ION 8800 Patch |
| 2011/12/12 | ION Power Meters and ION Setup SW | - | Remote factory-level access | ION 8800 prior to v340 | ION Setup SW |
| 2011/12/12 | ION Power Meters and ION Setup SW | - | Remote factory-level access | ION Setup SW prior to v3.0 | ION Setup SW |
| 2011/12/11 | IGSS and Safenet Sentinel HASP | - | Input sanitization | HASP SDK prior to v5.11, HASP run-time prior to v6.x, IGSS V7 | Sentinel updates |
| 2011/12/07 | PowerChute | - | Cross-site Scripting (XSS) | PowerChute Business Edition (prior to v8.5) | PowerChute Information |
| 2011/11/28 | Vijeo Historian | - | Web Server multiple vulnerabilities | Vijeo Historian v4.3 and previous | Citect Information and Patch |
| 2011/11/28 | Citect Historian | - | Web Server multiple vulnerabilities | Citect Historian v4.3 and previous | Citect Information and Patch |
| 2011/11/28 | Citect SCADA Reports | - | Web Server multiple vulnerabilities | Citect SCADA Reports v4.1 and previous | Citect Information and Patch |
| 2011/11/08 | Citect SCADA and Mitsubishi MX4 SCADA Batch Server | - | Buffer overflow | CitectSCADA V7.10 and prior using the CitectSCADA Batch Server module | Citect Information |
| 2011/11/08 | Citect SCADA and Mitsubishi MX4 SCADA Batch Server | - | Buffer overflow | Mitsubishi MX4 SCADA V7.10 and prior using the MX4 SCADA Batch module | Citect Information |
| 2011/10/20 | Unity Pro | - | Unitelway Device Driver Buffer Overflow | Unity Pro v6 and previous | OFS Information and Patch |
| 2011/10/20 | OPC Factory Server | - | Unitelway Device Driver Buffer Overflow | OPC Factory Server v3.34 and previous | OFS Information and Patch |
| 2011/10/20 | Vijeo Citect | - | Unitelway Device Driver Buffer Overflow | Vijeo Citect v7.2 and previous | OFS Information and Patch |
| 2011/10/20 | Telemecanique Driver Pack Monitor Pro | - | Unitelway Device Driver Buffer Overflow | Telemecanique Driver Pack v2.6 and previous | OFS Information and Patch |
| 2011/10/20 | PL7 Pro | - | Unitelway Device Driver Buffer Overflow | Monitor Pro v7.6 and previous | OFS Information and Patch |
| 2011/10/20 | PL7 Pro | - | Unitelway Device Driver Buffer Overflow | PL7 Pro v4.5 and previous | OFS Information and Patch |
| 2011/08/25 | ClearSCADA, SCX6 | - | Remote Authentication Bypass | ClearSCADA 2010 R1.0, ClearSCADA 2009, ClearSCADA 2007, ClearSCADA 2005, SCX Version 6.69 R1 and earlier, SCX Version 6.68 and earlier, SCX Version 6.67 and earlier | ClearSCADA Information and Patch |
| 2011/07/08 | IGSS | - | ODBC Remote Memory Corruption | IGSS prior to ver 9.11143 | IGSS v9 Program Updates |
| 2011/06/06 | IGSS | - | IGSS Denial of Service | IGSS Prior to v7.10033 | IGSS v7 Program Updates |
| 2011/06/06 | IGSS | - | IGSS Denial of Service | IGSS Prior to v8.11102 | IGSS v8 Program Updates |
| 2011/06/06 | IGSS | - | IGSS Denial of Service | IGSS Prior to v9.11143 | IGSS v9 Program Updates |
| 2011/05/06 | IGSS | - | Multiple vulnerabilities | IGSS Prior to ver 9.0.0.11083 | IGSS v9 Program Updates |
| 2011/04/29 | IGSS | - | Remote stack overflow | IGSS ver. 9 and all previous versions | IGSS Program Updates |
| 2011/03/21 | IGSS | - | Multiple vulnerabilities | IGSS ver 9.00.00.1 and previous | IGSS Program Updates |
| 2011/02/16 | ClearSCADA | - | Multiple Vulnerabilities | ClearSCADA 2005 (all versions), ClearSCADA 2007 (all versions), ClearSCADA 2009 (all versions) | ClearSCADA Information and Patch |
| 2011/02/08 | IGSS | - | ODBC Server Remote Heap Corruption | IGSS vers. 8 & 9 | IGSS Program Updates |