KLCERT-20-021: Moxa NPort IA5000A Series. Cleartext Transmission of Sensitive Information via Moxa Service
Cleartext Transmission of Sensitive Information via Moxa Service in NPort IA5000A series serial devices.
KLCERT-20-020: Moxa NPort IA5000A Series. Using the Telnet service
The NPort devices use Telnet as one of the network device management services. Telnet does not support the encryption of client-server communications, making it vulnerable to Man-in-the-Middle attacks.
KLCERT-20-019: Moxa NPort IA5000A Series. Passwords stored in plaintext
The result of exporting a device’s configuration contains the passwords of all users on the system and other sensitive data in the original form if “Pre-shared key” doesn’t set.
KLCERT-20-018: Moxa NPort IA5000A Series. Broken access control
By exploiting the vulnerability, a user with “Read Only” privilege level can send requests via the web console to have the device’s configuration changed.
KLCERT-17-029: Authentication bypass in Rockwell Automation Logix controllers
A remote unauthenticated attacker able to bypass a verification mechanism and authenticate with Logix controllers and PLC emulator of RSLogix 5000 or Studio 5000 Logix Designer Software.
KLCERT-20-017: Session Information Exposure in ARC Informatique PcVue
An information exposure vulnerability exists in PcVue 12, allowing a non-authorized user to access session data of legitimate users.
KLCERT-20-016: Denial-of-Service in ARC Informatique PcVue
A Denial Of Service vulnerability exists in PcVue from version 8.10 onward, due to the ability for a non-authorized user to modify information used to validate messages sent by legitimate web clients.
KLCERT-20-015: Remote Code Execution in ARC Informatique PcVue
A Remote Code Execution vulnerability exists in PcVue from version 8.10 onward, due to the unsafe deserialization of messages received on the interface.
KLCERT-20-014: Session token exposed in Honeywell ControlEdge PLC and RTU
Exposed session token in Honeywell ControlEdge PLC and RTU.
KLCERT-20-013: Unencypted password transmission in Honeywell ControlEdge PLC and RTU
Unencrypted password transmission on the network in Honeywell ControlEdge PLC and RTU.