Select your country/region in the menu or by clicking on the world map *
Country Selector Alternate Image

                Security Notifications

                Date (dd/mm/yyyy) Product Description Products and versions affected Links to Information


                SoMachine HVAC Programming Software

                Remote Code Execution

                SoMachine HVAC Programming Software v2.0.2



                Pelco Digital Sentry

                Remote Code Execution

                Digital Sentry versions prior to 7.13



                PM8ECC Communications Add-on for PM800 Power Meter

                Cross-Site Scripting

                PowerLogic PM8ECC, firmware versions prior to 2.651

                14/03/2016 Pro-Face GP-Pro EX
                Multiple Vulnerabilities GP-Pro EX, see disclosure SEVD-2016-074-01 
                12/03/2016 SAGE RTU
                Improper Ethernet Frame Padding SAGE RTU, see disclosure SEVD-2016-072-01 
                29/02/2016 MiCOM Px30 and Px40 Protective Relay
                Integer Overflow MiCOM Px30 and Px40, all versions SEVD-2016-060-01 
                17/02/2016 ConneXium Managed Switch
                Password synchronization issue See disclosure SEVD-2016-048-01 
                04/02/2016 ConneXium Lite Managed Switch
                Unauthorized upload of firmware TCSESL043F23F0, and versions 01.01 and all previous versions SEVD-2016-035-01 
                25/01/2016 StruxureWare Building Operations
                Weak Credentials and OS Command Injection Automation Server series (AS, AS-P), V1.7 and prior SEVD-2016-025-01 
                20/01/2016 Altivar Drives
                Modification of Drive Parameters See disclosure ST03406 
                11/01/2016 MiCOM C264
                Integer Overflow See disclosure SEVD-2016-011-01 
                10/12/2015 M340 PLC
                Buffer Overflow See disclosure SEVD-2015-344-01 
                25/11/2015 ProClima SW
                Remote Code Execution ProClima, all versions prior to V6.2 SEVD-2015-329-01 
                11/09/2015 Struxureware Building Expert
                Cleartext Data Transmission Struxureware Building Expert, prior to version 2.15 SEVD-2015-254-01 
                08/09/2015 InduSoft Web Studio
                Multiple vulnerabilities InduSoft Web Studio V7.1.3.6 and previous versions SEVD-2015-251-01 
                21/08/2015 Modicon M340 PLC
                Remote File Inclusion See disclosure SEVD-2015-233-01 
                30/07/2015 DTM for IMT25 Magnetic Flow
                Buffer Overflow IMT25 DTM V1.500.000 and previous SEVD-2015-215-01 
                15/07/2015 ConneXium Managed Switch
                Authentication Bypass ConneXium Managed Switch, see disclosure SEVD-2015-196-01 
                30/06/2015 OPC Factory Server (OFS)
                DLL Hijacking OFS V3.5 and previous SEVD-2015-181-01 
                23/06/2015 Wonderware InTouch, AppServer, Historian, SuiteLink
                Binary Planting Wonderware System Platform 2014 R2 and earlier LFSEC00000106 
                23/06/2015 PowerChute Business Edition
                Cross Site Scripting PCBE Agent V9.0.3 FA247020 
                11/06/2015 SAGE RTU
                TCP Sequence Number Predictability See disclosure SEVD-2015-162-01 
                13/05/2015 OPC Factory Server (OFS)
                DLL Hijacking V3.5 and all previous versions SEVD-2015-133-01 
                10/04/2015 InduSoft Web Studio
                Cleartext Project Window Password Storage and all previous versions SEVD-2015-100-01 
                25/03/2015 VAMPSET Software
                Buffer Overflow 2.2.145 and all previous versions SEVD-2015-084-01 
                06/03/2015 Pelco DS-NVs Video Management Software
                Buffer Overflow 7.6.32 and all previous versions SEVD-2015-065-01 
                23/02/2015 InduSoft Web Studio
                Multiple Vulnerabilities and all previous versions SEVD-2015-054-01 
                23/02/2015 InTouch Machine Edition 2014
                Multiple Vulnerabilities and all previous versions SEVD-2015-054-02 
                20/02/2015 DTM Software for SRD 960 and SRD 991 Control Valve Positioners
                Stack Buffer Overflow 3.1.6 and all previous versions SEVD-2015-050-01 
                09/01/2015 SoMove, Unity, SoMachine
                Insecure DLL in FDT1 DTM Setup See attached SEVD-2015-009-01 
                08/01/2015 ETG 3000 FactoryCast Gateway
                Multiple Vulnerabilities
                • TSXETG3000 all versions
                • TSXETG3010 all versions
                • TSXETG3021 all versions
                • TSXETG3022 all versions
                19/12/2014 Wonderware InTouch Access Anywhere Server
                Stack-based Buffer Overflow See attached LFSEC00000104 
                12/12/2014 APC Products
                POODLE SSL V3 Vulnerability Multiple Products FA236744 
                10/12/2014 ProClima Software
                ActiveX Control Vulnerability ProClima V6.0.1 and previous SEVD 2014-344-01 
                30/10/2014 APC Products
                Shellshock - Bash Utility Vulnerability Multiple Products FA234833 
                16/09/2014 Modicon PLC Ethernet Comm Modules
                Authentication Bypass on Web Server Many products affected - see disclosure for more details SEVD-2014-260-01 
                04/09/2014 VAMPSET Software
                Software halt VAMPSET V2.2.136 and previous SEVD 2014-247-01 
                29/08/2014 SCADA Expert ClearSCADA
                Weak Self-signed Certificate SCADA Expert ClearSCADA, all versions prior to September 2014 (see disclosure for details) SEVD 2014-241-02 
                29/08/2014 SCADA Expert ClearSCADA
                Multiple Vulnerabilities SCADA Expert ClearSCADA, all versions prior to September 2014 (see disclosure for details) SEVD 2014-241-01A 
                18/08/2014 Wonderware Information Server
                Multiple Vulnerabilities Wonderware Information Server, V5.5 and all versions prior (see disclosure for details) LFSEC00000102 
                25/03/2014 OPC Factory Server
                Buffer Overflow OFS v3.5 and previous SEVD 2014-084-01 
                31/01/2014 OPC Factory Server
                Buffer Overflow in C++ Sample Code OPC Factory Server V3.35 and previous SEVD 2014-031-01 
                24/01/2014 SCADA Expert Vijeo Citect
                Vijeo Citect
                PowerSCADA Expert
                PowerLogic SCADA
                Unhandled Exception
                • StruxureWare SCADA Expert Vijeo Citect v7.40
                • Vijeo Citect v7.20 to v7.30SP1
                • CitectSCADA v7.20 to v7.30SP1
                • StruxureWare PowerSCADA Expert v7.30 to v7.30SR1
                • PowerLogic SCADA v7.20 to v7.20SR1
                SEVD 2014-024-02 
                24/01/2014 SCADA Expert ClearSCADA
                File Parsing
                • ClearSCADA 2010 R3.1 or previous
                • SCADA Expert ClearSCADA R2 or previous
                SEVD 2014-024-01 
                15/01/2014 Floating License Manager
                Unquoted Service Path Versions 1.0.0 to 1.4.0 SEVD 2014-015-01 
                30/12/2013 Sage 3030 RTU
                Improper DNP3 Input Validation
                • SAGE 3030 C3413-500-001D3_P4
                • SAGE 3030 C3413-500-001F0_PB
                SEVD 2013-364-01 
                18/12/2013 Accutech Manager Configuration Software
                SQL Injection All versions prior to 2.00.4 SEVD 2013-352-01 
                11/12/2013 SCADAPack 33x, 35x
                VxWorks Debug Port
                • SCADAPack 33x V1.71 or previous
                • SCADAPack 35x V1.71 or previous
                SEVD 2013-345-01 
                10/12/2013 SUI Software
                Buffer Overflow
                • SUI V1.1 RC6
                • SUI V1.1 RC7
                SEVD 2013-344-01 
                05/12/2013 SCADA Expert ClearSCADA Software
                DNP3 Driver Fuzzing Vulnerability
                • ClearSCADA 2010 - see disclosure
                • SCADA Expert ClearSCADA 2013 - see disclosure
                SEVD 2013-339-01 
                13/09/2013 StruxureWare SCADA
                Expert ClearSCADA Software
                Incorrect Handling of Web Requests
                • SCADA Expert ClearSCADA 2013 R1
                • SCADA Expert ClearSCADA 2013 R1.1
                • SCADA Expert ClearSCADA 2013 R1.1a
                SEVD 2013-213-01 
                23/08/2013 OPC Factory Server (OFS) XML External Entity OFS v3.40 and all previous versions SEVD 2013-235-01 
                08/08/2013 Trio Radio AES Encryption Key Generation Trio J Series License Free Ethernet Radio V3.6.0, V3.6.1, V3.6.2 and V3.6.3 SEVD-2013-143-01 
                31/07/2013 Many - see disclosure Default Passwords Many - see disclosure SEVD 2013-212-01 
                16/07/2013 Vijeo Citect
                Citect SCADA
                Power Logic SCADA
                XML External Entity
                • Vijeo Citect v7.2 and previous
                • Citect SCADA v7.2 and previous
                • PowerLogic SCADA v7.2 and previous
                SEVD 2013-197-01 
                06/06/2013 See disclosure Microsoft Common Controls See disclosure SEVD 2013-157-01 
                11/04/2013 Citect SCADA
                Citect Facilities
                Buffer Overflow affecting Mitsubishi MX Component v3 Trial provided on Distribution Disk
                • Citect SCADA v7.0
                • Citect Facilities v7.1
                08/04/2013 MiCOM S1 Studio Software Read/Write access to executables in the Program Files directory MiCOM S1 Studio Software, all versions
                11/03/2013 Modbus Serial Driver Buffer Overflow
                • TwidoSuite,
                • PowerSuite,
                • SoMove,
                • SoMachine,
                • Unity Pro,
                • Unity Loader,
                • OFS,
                • PL7,
                • Concept
                25/02/2013 TAC I/A G3 Series SW Directory Traversal TAC I/A G3 ver. 3.5 and 3.6
                23/01/2013 Quantum,
                M340 PLC Communication Modules
                Multiple vulnerabilities See SEVD 2013-023-01 for affected products
                21/01/2013 Accutech Manager Software Tool Heap Overflow Accutech Manager SW v2.00.1 and older
                17/01/2013 PacDrive M,
                LMC 10/20,
                Altivar ATV-IC
                Unauthorized Access to User Functions See SEVD 2013-017-01 for affected products
                10/01/2013 IGSS Buffer Overflow
                • IGSS V9
                • IGSS V10
                09/01/2013 Schneider Electric Software Update (SESU) Utility Non-signed client/server communication
                • IDS
                • PowerSuite
                • Smart Widget
                • SoMachine
                • Unity Pro
                • Vijeo Designer
                • Web Gate Client Files
                06/12/2012 EzyLog Monitor Multiple Vulnerabilities EzyLog Monitor, P/N PVSNVLOG all versions
                17/09/2012 NMC Device IP Wizard
                Netbotz Advanced View
                PowerChute Network Shutdown
                PowerChute Business Edition
                StruxureWare Data Center Expert
                StruxureWare Operations
                Java Vulnerability
                • NMC Device IP Wizard (Java Ver 7)
                • Netbotz Advanced View (Java Ver 6)
                • PowerChute Network Shutdown (Java Ver 6)
                • PowerChute Business Edition (Java Ver 6)
                • StruxureWare Data Center Expert (Java Ver 6)
                • StruxureWare Operations (Java Ver 6)
                 FA162073 (pdf file, 152Kb)
                17/08/2012 TAC I/A Series G3 Software Multiple vulnerabilities All current versions of TAC I/A Series G3 Software
                17/02/2012 AQUIS DLL Hijacking AQUIS V1.5 and any previous version
                 AQUIS Patch (exe file, 163Mb)
                17/02/2012 TERMIS DLL Hijacking TERMIS V2.10 and any previous version
                TERMIS Patch (exe file, 175Mb)
                16/02/2012 Quantum PLC Metasploit tools to exploit HTTP user/PW information All RES207443 
                16/01/2012 IGSS IGSS DLL Hijacking All versions prior to V9.0.0.11291 IGSS v9 Program Updates (zip, 25Mb)
                12/01/2012 Quantum PLC
                Premium PLC
                M340 PLC
                Advantys STB DIO
                Multiple vulnerabilities See Resolution 206895 RES206895 
                12/01/2012 Quantum PLC
                Premium PLC
                Multiple vulnerabilities See Resolutions 207378 and 297906 RES207378 and RES297906 
                21/12/2011 IGSS IGSS Buffer Overflow v9.0.0.11355 and previous IGSS v9 Program Updates (zip, 25Mb)
                20/12/2011 IGSS Data Server Denial of Service and Buffer Overflow v9.0.0.11200 and previous IGSS v9 Program Updates (zip, 25Mb)
                12/12/2011 ION Power Meters and ION Setup SW Remote factory-level access
                • ION 7500/7600/8300/
                  8400/8500 all versions
                • ION 7550/7650 prior to v371
                • ION 8600 prior to v335
                • ION 8650 prior to v403
                • ION 8800 prior to v340
                • ION Setup SW prior to v3.0
                ION Meter Information
                ION 7550 Patch
                ION 7650 Patch
                ION 8600 Patch
                ION 8650 Patch
                ION 8800 Patch
                ION Setup SW
                11/12/2011 IGSS and Safenet Sentinel HASP Input sanitization
                • HASP SDK prior to v5.11
                • HASP run-time prior to v6.x
                • IGSS V7
                Sentinel updates 
                07/12/2011 PowerChute Cross-site Scripting (XSS) PowerChute Business Edition (prior to v8.5) PowerChute Information
                28/11/2011 Vijeo Historian
                Citect Historian
                Citect SCADA Reports
                Web Server multiple vulnerabilities
                • Vijeo Historian v4.3 and previous
                • Citect Historian v4.3 and previous
                • Citect SCADA Reports v4.1 and previous
                Citect Information and Patch 
                08/11/2011 Citect SCADA and Mitsubishi MX4 SCADA Batch Server Buffer overflow
                • CitectSCADA V7.10 and prior using the CitectSCADA Batch Server module
                • Mitsubishi MX4 SCADA V7.10 and prior using the MX4 SCADA Batch module
                Citect Information 
                20/10/2011 Unity Pro
                OPC Factory Server
                Vijeo Citect
                Telemecanique Driver Pack Monitor Pro
                PL7 Pro
                Unitelway Device Driver Buffer Overflow
                • Unity Pro v6 and previous
                • OPC Factory Server v3.34 and previous
                • Vijeo Citect v7.2 and previous
                • Telemecanique Driver Pack v2.6 and previous
                • Monitor Pro v7.6 and previous
                • PL7 Pro v4.5 and previous
                OFS Information and Patch 
                25/08/2011 ClearSCADA
                Remote Authentication Bypass
                • ClearSCADA 2010 R1.0
                • ClearSCADA 2009
                • ClearSCADA 2007
                • ClearSCADA 2005
                • SCX Version 6.69 R1 and earlier
                • SCX Version 6.68 and earlier
                • SCX Version 6.67 and earlier
                ClearSCADA and SCX6 Information and Patch 
                08/07/2011 IGSS ODBC Remote Memory Corruption IGSS prior to ver 9.11143 IGSS v9 Program Updates (zip, 25Mb)
                06/06/2011 IGSS IGSS Denial of Service Prior to v7.10033 IGSS v7 Program Updates (zip, 10Mb)
                06/06/2011 IGSS IGSS Denial of Service Prior to v8.11102 IGSS v8 program updates (zip, 18Mb)
                06/06/2011 IGSS IGSS Denial of Service Prior to v9.11143 IGSS v9 Program Updates (zip, 25Mb)
                06/05/2011 IGSS Multiple vulnerabilities Prior to ver
                IGSS v9 Program Updates (zip, 25Mb)
                29/04/2011 IGSS Remote stack overflow IGSS ver. 9 and all previous versions IGSS Program Updates 
                21/03/2011 IGSS Multiple vulnerabilities IGSS ver and previous IGSS Program Updates 
                16/02/2011 ClearSCADA Multiple Vulnerabilities
                • ClearSCADA 2005 (all versions)
                • ClearSCADA 2007 (all versions)
                • ClearSCADA 2009 (all versions)
                ClearSCADA Information and Patch 
                08/02/2011 IGSS ODBC Server Remote Heap Corruption IGSS vers. 8 & 9 IGSS Program Updates 
                To know more

                To know more 

                Watch our video

                Watch our video

                Download our white paper


                Product security information