Select your country/region in the menu or by clicking on the world map *
Country Selector Alternate Image

                Security Notifications

                Date (dd/mm/yyyy) Product Description Products and versions affected Links to Information


                Pelco Digital Sentry

                Remote Code Execution

                Digital Sentry versions prior to 7.13



                PM8ECC Communications Add-on for PM800 Power Meter

                Cross-Site Scripting

                PowerLogic PM8ECC, firmware versions prior to 2.651

                14/03/2016 Pro-Face GP-Pro EX
                Multiple Vulnerabilities GP-Pro EX, see disclosure SEVD-2016-074-01 
                12/03/2016 SAGE RTU
                Improper Ethernet Frame Padding SAGE RTU, see disclosure SEVD-2016-072-01 
                29/02/2016 MiCOM Px30 and Px40 Protective Relay
                Integer Overflow MiCOM Px30 and Px40, all versions SEVD-2016-060-01 
                17/02/2016 ConneXium Managed Switch
                Password synchronization issue See disclosure SEVD-2016-048-01 
                04/02/2016 ConneXium Lite Managed Switch
                Unauthorized upload of firmware TCSESL043F23F0, and versions 01.01 and all previous versions SEVD-2016-035-01 
                25/01/2016 StruxureWare Building Operations
                Weak Credentials and OS Command Injection Automation Server series (AS, AS-P), V1.7 and prior SEVD-2016-025-01 
                20/01/2016 Altivar Drives
                Modification of Drive Parameters See disclosure ST03406 
                11/01/2016 MiCOM C264
                Integer Overflow See disclosure SEVD-2016-011-01 
                10/12/2015 M340 PLC
                Buffer Overflow See disclosure SEVD-2015-344-01 
                25/11/2015 ProClima SW
                Remote Code Execution ProClima, all versions prior to V6.2 SEVD-2015-329-01 
                11/09/2015 Struxureware Building Expert
                Cleartext Data Transmission Struxureware Building Expert, prior to version 2.15 SEVD-2015-254-01 
                08/09/2015 InduSoft Web Studio
                Multiple vulnerabilities InduSoft Web Studio V7.1.3.6 and previous versions SEVD-2015-251-01 
                21/08/2015 Modicon M340 PLC
                Remote File Inclusion See disclosure SEVD-2015-233-01 
                30/07/2015 DTM for IMT25 Magnetic Flow
                Buffer Overflow IMT25 DTM V1.500.000 and previous SEVD-2015-215-01 
                15/07/2015 ConneXium Managed Switch
                Authentication Bypass ConneXium Managed Switch, see disclosure SEVD-2015-196-01 
                30/06/2015 OPC Factory Server (OFS)
                DLL Hijacking OFS V3.5 and previous SEVD-2015-181-01 
                23/06/2015 Wonderware InTouch, AppServer, Historian, SuiteLink
                Binary Planting Wonderware System Platform 2014 R2 and earlier LFSEC00000106 
                23/06/2015 PowerChute Business Edition
                Cross Site Scripting PCBE Agent V9.0.3 FA247020 
                11/06/2015 SAGE RTU
                TCP Sequence Number Predictability See disclosure SEVD-2015-162-01 
                13/05/2015 OPC Factory Server (OFS)
                DLL Hijacking V3.5 and all previous versions SEVD-2015-133-01 
                10/04/2015 InduSoft Web Studio
                Cleartext Project Window Password Storage and all previous versions SEVD-2015-100-01 
                25/03/2015 VAMPSET Software
                Buffer Overflow 2.2.145 and all previous versions SEVD-2015-084-01 
                06/03/2015 Pelco DS-NVs Video Management Software
                Buffer Overflow 7.6.32 and all previous versions SEVD-2015-065-01 
                23/02/2015 InduSoft Web Studio
                Multiple Vulnerabilities and all previous versions SEVD-2015-054-01 
                23/02/2015 InTouch Machine Edition 2014
                Multiple Vulnerabilities and all previous versions SEVD-2015-054-02 
                20/02/2015 DTM Software for SRD 960 and SRD 991 Control Valve Positioners
                Stack Buffer Overflow 3.1.6 and all previous versions SEVD-2015-050-01 
                09/01/2015 SoMove, Unity, SoMachine
                Insecure DLL in FDT1 DTM Setup See attached SEVD-2015-009-01 
                08/01/2015 ETG 3000 FactoryCast Gateway
                Multiple Vulnerabilities
                • TSXETG3000 all versions
                • TSXETG3010 all versions
                • TSXETG3021 all versions
                • TSXETG3022 all versions
                19/12/2014 Wonderware InTouch Access Anywhere Server
                Stack-based Buffer Overflow See attached LFSEC00000104 
                12/12/2014 APC Products
                POODLE SSL V3 Vulnerability Multiple Products FA236744 
                10/12/2014 ProClima Software
                ActiveX Control Vulnerability ProClima V6.0.1 and previous SEVD 2014-344-01 
                30/10/2014 APC Products
                Shellshock - Bash Utility Vulnerability Multiple Products FA234833 
                16/09/2014 Modicon PLC Ethernet Comm Modules
                Authentication Bypass on Web Server Many products affected - see disclosure for more details SEVD-2014-260-01 
                04/09/2014 VAMPSET Software
                Software halt VAMPSET V2.2.136 and previous SEVD 2014-247-01 
                29/08/2014 SCADA Expert ClearSCADA
                Weak Self-signed Certificate SCADA Expert ClearSCADA, all versions prior to September 2014 (see disclosure for details) SEVD 2014-241-02 
                29/08/2014 SCADA Expert ClearSCADA
                Multiple Vulnerabilities SCADA Expert ClearSCADA, all versions prior to September 2014 (see disclosure for details) SEVD 2014-241-01A 
                18/08/2014 Wonderware Information Server
                Multiple Vulnerabilities Wonderware Information Server, V5.5 and all versions prior (see disclosure for details) LFSEC00000102 
                25/03/2014 OPC Factory Server
                Buffer Overflow OFS v3.5 and previous SEVD 2014-084-01 
                31/01/2014 OPC Factory Server
                Buffer Overflow in C++ Sample Code OPC Factory Server V3.35 and previous SEVD 2014-031-01 
                24/01/2014 SCADA Expert Vijeo Citect
                Vijeo Citect
                PowerSCADA Expert
                PowerLogic SCADA
                Unhandled Exception
                • StruxureWare SCADA Expert Vijeo Citect v7.40
                • Vijeo Citect v7.20 to v7.30SP1
                • CitectSCADA v7.20 to v7.30SP1
                • StruxureWare PowerSCADA Expert v7.30 to v7.30SR1
                • PowerLogic SCADA v7.20 to v7.20SR1
                SEVD 2014-024-02 
                24/01/2014 SCADA Expert ClearSCADA
                File Parsing
                • ClearSCADA 2010 R3.1 or previous
                • SCADA Expert ClearSCADA R2 or previous
                SEVD 2014-024-01 
                15/01/2014 Floating License Manager
                Unquoted Service Path Versions 1.0.0 to 1.4.0 SEVD 2014-015-01 
                30/12/2013 Sage 3030 RTU
                Improper DNP3 Input Validation
                • SAGE 3030 C3413-500-001D3_P4
                • SAGE 3030 C3413-500-001F0_PB
                SEVD 2013-364-01 
                18/12/2013 Accutech Manager Configuration Software
                SQL Injection All versions prior to 2.00.4 SEVD 2013-352-01 
                11/12/2013 SCADAPack 33x, 35x
                VxWorks Debug Port
                • SCADAPack 33x V1.71 or previous
                • SCADAPack 35x V1.71 or previous
                SEVD 2013-345-01 
                10/12/2013 SUI Software
                Buffer Overflow
                • SUI V1.1 RC6
                • SUI V1.1 RC7
                SEVD 2013-344-01 
                05/12/2013 SCADA Expert ClearSCADA Software
                DNP3 Driver Fuzzing Vulnerability
                • ClearSCADA 2010 - see disclosure
                • SCADA Expert ClearSCADA 2013 - see disclosure
                SEVD 2013-339-01 
                13/09/2013 StruxureWare SCADA
                Expert ClearSCADA Software
                Incorrect Handling of Web Requests
                • SCADA Expert ClearSCADA 2013 R1
                • SCADA Expert ClearSCADA 2013 R1.1
                • SCADA Expert ClearSCADA 2013 R1.1a
                SEVD 2013-213-01 
                23/08/2013 OPC Factory Server (OFS) XML External Entity OFS v3.40 and all previous versions SEVD 2013-235-01 
                08/08/2013 Trio Radio AES Encryption Key Generation Trio J Series License Free Ethernet Radio V3.6.0, V3.6.1, V3.6.2 and V3.6.3 SEVD-2013-143-01 
                31/07/2013 Many - see disclosure Default Passwords Many - see disclosure SEVD 2013-212-01 
                16/07/2013 Vijeo Citect
                Citect SCADA
                Power Logic SCADA
                XML External Entity
                • Vijeo Citect v7.2 and previous
                • Citect SCADA v7.2 and previous
                • PowerLogic SCADA v7.2 and previous
                SEVD 2013-197-01 
                06/06/2013 See disclosure Microsoft Common Controls See disclosure SEVD 2013-157-01 
                11/04/2013 Citect SCADA
                Citect Facilities
                Buffer Overflow affecting Mitsubishi MX Component v3 Trial provided on Distribution Disk
                • Citect SCADA v7.0
                • Citect Facilities v7.1
                08/04/2013 MiCOM S1 Studio Software Read/Write access to executables in the Program Files directory MiCOM S1 Studio Software, all versions
                11/03/2013 Modbus Serial Driver Buffer Overflow
                • TwidoSuite,
                • PowerSuite,
                • SoMove,
                • SoMachine,
                • Unity Pro,
                • Unity Loader,
                • OFS,
                • PL7,
                • Concept
                25/02/2013 TAC I/A G3 Series SW Directory Traversal TAC I/A G3 ver. 3.5 and 3.6
                23/01/2013 Quantum,
                M340 PLC Communication Modules
                Multiple vulnerabilities See SEVD 2013-023-01 for affected products
                21/01/2013 Accutech Manager Software Tool Heap Overflow Accutech Manager SW v2.00.1 and older
                17/01/2013 PacDrive M,
                LMC 10/20,
                Altivar ATV-IC
                Unauthorized Access to User Functions See SEVD 2013-017-01 for affected products
                10/01/2013 IGSS Buffer Overflow
                • IGSS V9
                • IGSS V10
                09/01/2013 Schneider Electric Software Update (SESU) Utility Non-signed client/server communication
                • IDS
                • PowerSuite
                • Smart Widget
                • SoMachine
                • Unity Pro
                • Vijeo Designer
                • Web Gate Client Files
                06/12/2012 EzyLog Monitor Multiple Vulnerabilities EzyLog Monitor, P/N PVSNVLOG all versions
                17/09/2012 NMC Device IP Wizard
                Netbotz Advanced View
                PowerChute Network Shutdown
                PowerChute Business Edition
                StruxureWare Data Center Expert
                StruxureWare Operations
                Java Vulnerability
                • NMC Device IP Wizard (Java Ver 7)
                • Netbotz Advanced View (Java Ver 6)
                • PowerChute Network Shutdown (Java Ver 6)
                • PowerChute Business Edition (Java Ver 6)
                • StruxureWare Data Center Expert (Java Ver 6)
                • StruxureWare Operations (Java Ver 6)
                 FA162073 (pdf file, 152Kb)
                17/08/2012 TAC I/A Series G3 Software Multiple vulnerabilities All current versions of TAC I/A Series G3 Software
                17/02/2012 AQUIS DLL Hijacking AQUIS V1.5 and any previous version
                 AQUIS Patch (exe file, 163Mb)
                17/02/2012 TERMIS DLL Hijacking TERMIS V2.10 and any previous version
                TERMIS Patch (exe file, 175Mb)
                16/02/2012 Quantum PLC Metasploit tools to exploit HTTP user/PW information All RES207443 
                16/01/2012 IGSS IGSS DLL Hijacking All versions prior to V9.0.0.11291 IGSS v9 Program Updates (zip, 25Mb)
                12/01/2012 Quantum PLC
                Premium PLC
                M340 PLC
                Advantys STB DIO
                Multiple vulnerabilities See Resolution 206895 RES206895 
                12/01/2012 Quantum PLC
                Premium PLC
                Multiple vulnerabilities See Resolutions 207378 and 297906 RES207378 and RES297906 
                21/12/2011 IGSS IGSS Buffer Overflow v9.0.0.11355 and previous IGSS v9 Program Updates (zip, 25Mb)
                20/12/2011 IGSS Data Server Denial of Service and Buffer Overflow v9.0.0.11200 and previous IGSS v9 Program Updates (zip, 25Mb)
                12/12/2011 ION Power Meters and ION Setup SW Remote factory-level access
                • ION 7500/7600/8300/
                  8400/8500 all versions
                • ION 7550/7650 prior to v371
                • ION 8600 prior to v335
                • ION 8650 prior to v403
                • ION 8800 prior to v340
                • ION Setup SW prior to v3.0
                ION Meter Information
                ION 7550 Patch
                ION 7650 Patch
                ION 8600 Patch
                ION 8650 Patch
                ION 8800 Patch
                ION Setup SW
                11/12/2011 IGSS and Safenet Sentinel HASP Input sanitization
                • HASP SDK prior to v5.11
                • HASP run-time prior to v6.x
                • IGSS V7
                Sentinel updates 
                07/12/2011 PowerChute Cross-site Scripting (XSS) PowerChute Business Edition (prior to v8.5) PowerChute Information
                28/11/2011 Vijeo Historian
                Citect Historian
                Citect SCADA Reports
                Web Server multiple vulnerabilities
                • Vijeo Historian v4.3 and previous
                • Citect Historian v4.3 and previous
                • Citect SCADA Reports v4.1 and previous
                Citect Information and Patch 
                08/11/2011 Citect SCADA and Mitsubishi MX4 SCADA Batch Server Buffer overflow
                • CitectSCADA V7.10 and prior using the CitectSCADA Batch Server module
                • Mitsubishi MX4 SCADA V7.10 and prior using the MX4 SCADA Batch module
                Citect Information 
                20/10/2011 Unity Pro
                OPC Factory Server
                Vijeo Citect
                Telemecanique Driver Pack Monitor Pro
                PL7 Pro
                Unitelway Device Driver Buffer Overflow
                • Unity Pro v6 and previous
                • OPC Factory Server v3.34 and previous
                • Vijeo Citect v7.2 and previous
                • Telemecanique Driver Pack v2.6 and previous
                • Monitor Pro v7.6 and previous
                • PL7 Pro v4.5 and previous
                OFS Information and Patch 
                25/08/2011 ClearSCADA
                Remote Authentication Bypass
                • ClearSCADA 2010 R1.0
                • ClearSCADA 2009
                • ClearSCADA 2007
                • ClearSCADA 2005
                • SCX Version 6.69 R1 and earlier
                • SCX Version 6.68 and earlier
                • SCX Version 6.67 and earlier
                ClearSCADA and SCX6 Information and Patch 
                08/07/2011 IGSS ODBC Remote Memory Corruption IGSS prior to ver 9.11143 IGSS v9 Program Updates (zip, 25Mb)
                06/06/2011 IGSS IGSS Denial of Service Prior to v7.10033 IGSS v7 Program Updates (zip, 10Mb)
                06/06/2011 IGSS IGSS Denial of Service Prior to v8.11102 IGSS v8 program updates (zip, 18Mb)
                06/06/2011 IGSS IGSS Denial of Service Prior to v9.11143 IGSS v9 Program Updates (zip, 25Mb)
                06/05/2011 IGSS Multiple vulnerabilities Prior to ver
                IGSS v9 Program Updates (zip, 25Mb)
                29/04/2011 IGSS Remote stack overflow IGSS ver. 9 and all previous versions IGSS Program Updates 
                21/03/2011 IGSS Multiple vulnerabilities IGSS ver and previous IGSS Program Updates 
                16/02/2011 ClearSCADA Multiple Vulnerabilities
                • ClearSCADA 2005 (all versions)
                • ClearSCADA 2007 (all versions)
                • ClearSCADA 2009 (all versions)
                ClearSCADA Information and Patch 
                08/02/2011 IGSS ODBC Server Remote Heap Corruption IGSS vers. 8 & 9 IGSS Program Updates 
                To know more

                To know more 

                Watch our video

                Watch our video

                Download our white paper


                Product security information