Select your country/region in the menu or by clicking on the world map *
Country Selector Alternate Image
Support
                   
                   
                   

                  Vulnerabilities

                   
                   
                  Date (dd/mm/yyyy) Product Description Products and versions affected Links to Information
                  30/06/2015 OPC Factory Server (OFS)
                  DLL Hijacking OFS V3.5 and previous SEVD-2015-181-01 
                  23/06/2015 Wonderware InTouch, AppServer, Historian, SuiteLink
                  Binary Planting Wonderware System Platform 2014 R2 and earlier LFSEC00000106 
                  23/06/2015 PowerChute Business Edition
                  Cross Site Scripting PCBE Agent V9.0.3 FA247020 
                  11/06/2015 SAGE RTU
                  TCP Sequence Number Predictability See disclosure SEVD-2015-162-01 
                  13/05/2015 OPC Factory Server (OFS)
                  DLL Hijacking V3.5 and all previous versions SEVD-2015-133-01 
                  10/04/2015 InduSoft Web Studio
                  Cleartext Project Window Password Storage 7.1.3.4 and all previous versions SEVD-2015-100-01 
                  25/03/2015 VAMPSET Software
                  Buffer Overflow 2.2.145 and all previous versions SEVD-2015-084-01 
                  06/03/2015 Pelco DS-NVs Video Management Software
                  Buffer Overflow 7.6.32 and all previous versions SEVD-2015-065-01 
                  23/02/2015 InduSoft Web Studio
                  Multiple Vulnerabilities 7.1.3.2 and all previous versions SEVD-2015-054-01 
                  23/02/2015 InTouch Machine Edition 2014
                  Multiple Vulnerabilities 7.1.3.2 and all previous versions SEVD-2015-054-02 
                  20/02/2015 DTM Software for SRD 960 and SRD 991 Control Valve Positioners
                  Stack Buffer Overflow 3.1.6 and all previous versions SEVD-2015-050-01 
                  09/01/2015 SoMove, Unity, SoMachine
                  Insecure DLL in FDT1 DTM Setup See attached SEVD-2015-009-01 
                  08/01/2015 ETG 3000 FactoryCast Gateway
                  Multiple Vulnerabilities
                  • TSXETG3000 all versions
                  • TSXETG3010 all versions
                  • TSXETG3021 all versions
                  • TSXETG3022 all versions
                  SEVD-2015-008-01 
                  19/12/2014 Wonderware InTouch Access Anywhere Server
                  Stack-based Buffer Overflow See attached LFSEC00000104 
                  12/12/2014 APC Products
                  POODLE SSL V3 Vulnerability Multiple Products FA236744 
                  10/12/2014 ProClima Software
                  ActiveX Control Vulnerability ProClima V6.0.1 and previous SEVD 2014-344-01 
                  30/10/2014 APC Products
                  Shellshock - Bash Utility Vulnerability Multiple Products FA234833 
                  16/09/2014 Modicon PLC Ethernet Comm Modules
                  Authentication Bypass on Web Server Many products affected - see disclosure for more details SEVD-2014-260-01 
                  04/09/2014 VAMPSET Software
                  Software halt VAMPSET V2.2.136 and previous SEVD 2014-247-01 
                  29/08/2014 SCADA Expert ClearSCADA
                  Weak Self-signed Certificate SCADA Expert ClearSCADA, all versions prior to September 2014 (see disclosure for details) SEVD 2014-241-02 
                  29/08/2014 SCADA Expert ClearSCADA
                  Multiple Vulnerabilities SCADA Expert ClearSCADA, all versions prior to September 2014 (see disclosure for details) SEVD 2014-241-01A 
                  18/08/2014 Wonderware Information Server
                  Multiple Vulnerabilities Wonderware Information Server, V5.5 and all versions prior (see disclosure for details) LFSEC00000102 
                  30/04/2014 See disclosure
                  HeartBleed - OpenSSL Heartbeat vulnerability See disclosure SEVD 2014-119-01 
                  25/03/2014 OPC Factory Server
                  Buffer Overflow OFS v3.5 and previous SEVD 2014-084-01 
                  31/01/2014 OPC Factory Server
                  Buffer Overflow in C++ Sample Code OPC Factory Server V3.35 and previous SEVD 2014-031-01 
                  24/01/2014 SCADA Expert Vijeo Citect
                  Vijeo Citect
                  CitectSCADA
                  PowerSCADA Expert
                  PowerLogic SCADA
                  Unhandled Exception
                  • StruxureWare SCADA Expert Vijeo Citect v7.40
                  • Vijeo Citect v7.20 to v7.30SP1
                  • CitectSCADA v7.20 to v7.30SP1
                  • StruxureWare PowerSCADA Expert v7.30 to v7.30SR1
                  • PowerLogic SCADA v7.20 to v7.20SR1
                  SEVD 2014-024-02 
                  24/01/2014 SCADA Expert ClearSCADA
                  File Parsing
                  • ClearSCADA 2010 R3.1 or previous
                  • SCADA Expert ClearSCADA R2 or previous
                  SEVD 2014-024-01 
                  15/01/2014 Floating License Manager
                  Unquoted Service Path Versions 1.0.0 to 1.4.0 SEVD 2014-015-01 
                  30/12/2013 Sage 3030 RTU
                  Improper DNP3 Input Validation
                  • SAGE 3030 C3413-500-001D3_P4
                  • SAGE 3030 C3413-500-001F0_PB
                  SEVD 2013-364-01 
                  18/12/2013 Accutech Manager Configuration Software
                  SQL Injection All versions prior to 2.00.4 SEVD 2013-352-01 
                  11/12/2013 SCADAPack 33x, 35x
                  VxWorks Debug Port
                  • SCADAPack 33x V1.71 or previous
                  • SCADAPack 35x V1.71 or previous
                  SEVD 2013-345-01 
                  10/12/2013 SUI Software
                  Buffer Overflow
                  • SUI V1.1 RC6
                  • SUI V1.1 RC7
                  SEVD 2013-344-01 
                  05/12/2013 SCADA Expert ClearSCADA Software
                  DNP3 Driver Fuzzing Vulnerability
                  • ClearSCADA 2010 - see disclosure
                  • SCADA Expert ClearSCADA 2013 - see disclosure
                  SEVD 2013-339-01 
                  13/09/2013 StruxureWare SCADA
                  Expert ClearSCADA Software
                  Incorrect Handling of Web Requests
                  • SCADA Expert ClearSCADA 2013 R1
                  • SCADA Expert ClearSCADA 2013 R1.1
                  • SCADA Expert ClearSCADA 2013 R1.1a
                  SEVD 2013-213-01 
                  23/08/2013 OPC Factory Server (OFS) XML External Entity OFS v3.40 and all previous versions SEVD 2013-235-01 
                  08/08/2013 Trio Radio AES Encryption Key Generation Trio J Series License Free Ethernet Radio V3.6.0, V3.6.1, V3.6.2 and V3.6.3 SEVD-2013-143-01 
                  31/07/2013 Many - see disclosure Default Passwords Many - see disclosure SEVD 2013-212-01 
                  16/07/2013 Vijeo Citect
                  Citect SCADA
                  Power Logic SCADA
                  XML External Entity
                  • Vijeo Citect v7.2 and previous
                  • Citect SCADA v7.2 and previous
                  • PowerLogic SCADA v7.2 and previous
                  SEVD 2013-197-01 
                  06/06/2013 See disclosure Microsoft Common Controls See disclosure SEVD 2013-157-01 
                  11/04/2013 Citect SCADA
                  Citect Facilities
                  Buffer Overflow affecting Mitsubishi MX Component v3 Trial provided on Distribution Disk
                  • Citect SCADA v7.0
                  • Citect Facilities v7.1
                  SEVD-2013-101-01 
                  08/04/2013 MiCOM S1 Studio Software Read/Write access to executables in the Program Files directory MiCOM S1 Studio Software, all versions
                  11/03/2013 Modbus Serial Driver Buffer Overflow
                  • TwidoSuite,
                  • PowerSuite,
                  • SoMove,
                  • SoMachine,
                  • Unity Pro,
                  • Unity Loader,
                  • OFS,
                  • PL7,
                  • Concept
                  25/02/2013 TAC I/A G3 Series SW Directory Traversal TAC I/A G3 ver. 3.5 and 3.6
                  23/01/2013 Quantum,
                  Premium,
                  M340 PLC Communication Modules
                  Multiple vulnerabilities See SEVD 2013-023-01 for affected products
                  21/01/2013 Accutech Manager Software Tool Heap Overflow Accutech Manager SW v2.00.1 and older
                  17/01/2013 PacDrive M,
                  LMC 10/20,
                  BLC3,
                  BLM3,
                  BLS,
                  TLM,
                  TLC,
                  TLCC,
                  ATV-CI,
                  SMC,
                  Altivar ATV-IC
                  Unauthorized Access to User Functions See SEVD 2013-017-01 for affected products
                  10/01/2013 IGSS Buffer Overflow
                  • IGSS V9
                  • IGSS V10
                  09/01/2013 Schneider Electric Software Update (SESU) Utility Non-signed client/server communication
                  • IDS
                  • PowerSuite
                  • Smart Widget
                  • SoMachine
                  • Spacial.pro
                  • Unity Pro
                  • Vijeo Designer
                  • Web Gate Client Files
                  06/12/2012 EzyLog Monitor Multiple Vulnerabilities EzyLog Monitor, P/N PVSNVLOG all versions
                  17/09/2012 NMC Device IP Wizard
                  Netbotz Advanced View
                  PowerChute Network Shutdown
                  PowerChute Business Edition
                  StruxureWare Data Center Expert
                  StruxureWare Operations
                  Java Vulnerability
                  • NMC Device IP Wizard (Java Ver 7)
                  • Netbotz Advanced View (Java Ver 6)
                  • PowerChute Network Shutdown (Java Ver 6)
                  • PowerChute Business Edition (Java Ver 6)
                  • StruxureWare Data Center Expert (Java Ver 6)
                  • StruxureWare Operations (Java Ver 6)
                   FA162073 (pdf file, 152Kb)
                  17/08/2012 TAC I/A Series G3 Software Multiple vulnerabilities All current versions of TAC I/A Series G3 Software
                  17/02/2012 AQUIS DLL Hijacking AQUIS V1.5 and any previous version
                   AQUIS Patch (exe file, 163Mb)
                  17/02/2012 TERMIS DLL Hijacking TERMIS V2.10 and any previous version
                  TERMIS Patch (exe file, 175Mb)
                  16/02/2012 Quantum PLC Metasploit tools to exploit HTTP user/PW information All RES207443 
                  16/01/2012 IGSS IGSS DLL Hijacking All versions prior to V9.0.0.11291 IGSS v9 Program Updates (zip, 25Mb)
                  12/01/2012 Quantum PLC
                  Premium PLC
                  M340 PLC
                  Advantys STB DIO
                  Multiple vulnerabilities See Resolution 206895 RES206895 
                  12/01/2012 Quantum PLC
                  Premium PLC
                  Multiple vulnerabilities See Resolutions 207378 and 297906 RES207378 and RES297906 
                  21/12/2011 IGSS IGSS Buffer Overflow v9.0.0.11355 and previous IGSS v9 Program Updates (zip, 25Mb)
                  20/12/2011 IGSS Data Server Denial of Service and Buffer Overflow v9.0.0.11200 and previous IGSS v9 Program Updates (zip, 25Mb)
                  12/12/2011 ION Power Meters and ION Setup SW Remote factory-level access
                  • ION 7500/7600/8300/
                    8400/8500 all versions
                  • ION 7550/7650 prior to v371
                  • ION 8600 prior to v335
                  • ION 8650 prior to v403
                  • ION 8800 prior to v340
                  • ION Setup SW prior to v3.0
                  ION Meter Information
                  ION 7550 Patch
                  ION 7650 Patch
                  ION 8600 Patch
                  ION 8650 Patch
                  ION 8800 Patch
                  ION Setup SW
                  11/12/2011 IGSS and Safenet Sentinel HASP Input sanitization
                  • HASP SDK prior to v5.11
                  • HASP run-time prior to v6.x
                  • IGSS V7
                  Sentinel updates 
                  07/12/2011 PowerChute Cross-site Scripting (XSS) PowerChute Business Edition (prior to v8.5) PowerChute Information
                  28/11/2011 Vijeo Historian
                  Citect Historian
                  Citect SCADA Reports
                  Web Server multiple vulnerabilities
                  • Vijeo Historian v4.3 and previous
                  • Citect Historian v4.3 and previous
                  • Citect SCADA Reports v4.1 and previous
                  Citect Information and Patch 
                  08/11/2011 Citect SCADA and Mitsubishi MX4 SCADA Batch Server Buffer overflow
                  • CitectSCADA V7.10 and prior using the CitectSCADA Batch Server module
                  • Mitsubishi MX4 SCADA V7.10 and prior using the MX4 SCADA Batch module
                  Citect Information 
                  20/10/2011 Unity Pro
                  OPC Factory Server
                  Vijeo Citect
                  Telemecanique Driver Pack Monitor Pro
                  PL7 Pro
                  Unitelway Device Driver Buffer Overflow
                  • Unity Pro v6 and previous
                  • OPC Factory Server v3.34 and previous
                  • Vijeo Citect v7.2 and previous
                  • Telemecanique Driver Pack v2.6 and previous
                  • Monitor Pro v7.6 and previous
                  • PL7 Pro v4.5 and previous
                  OFS Information and Patch 
                  25/08/2011 ClearSCADA
                  SCX6
                  Remote Authentication Bypass
                  • ClearSCADA 2010 R1.0
                  • ClearSCADA 2009
                  • ClearSCADA 2007
                  • ClearSCADA 2005
                  • SCX Version 6.69 R1 and earlier
                  • SCX Version 6.68 and earlier
                  • SCX Version 6.67 and earlier
                  ClearSCADA and SCX6 Information and Patch 
                  08/07/2011 IGSS ODBC Remote Memory Corruption IGSS prior to ver 9.11143 IGSS v9 Program Updates (zip, 25Mb)
                  06/06/2011 IGSS IGSS Denial of Service Prior to v7.10033 IGSS v7 Program Updates (zip, 10Mb)
                  06/06/2011 IGSS IGSS Denial of Service Prior to v8.11102 IGSS v8 program updates (zip, 18Mb)
                  06/06/2011 IGSS IGSS Denial of Service Prior to v9.11143 IGSS v9 Program Updates (zip, 25Mb)
                  06/05/2011 IGSS Multiple vulnerabilities Prior to ver 9.0.0.11083
                  IGSS v9 Program Updates (zip, 25Mb)
                  29/04/2011 IGSS Remote stack overflow IGSS ver. 9 and all previous versions IGSS Program Updates 
                  21/03/2011 IGSS Multiple vulnerabilities IGSS ver 9.00.00.1 and previous IGSS Program Updates 
                  16/02/2011 ClearSCADA Multiple Vulnerabilities
                  • ClearSCADA 2005 (all versions)
                  • ClearSCADA 2007 (all versions)
                  • ClearSCADA 2009 (all versions)
                  ClearSCADA Information and Patch 
                  08/02/2011 IGSS ODBC Server Remote Heap Corruption IGSS vers. 8 & 9 IGSS Program Updates 
                    
                   
                  To know more

                  To know more 

                  Watch our video

                  Watch our video
                   

                  Download our white paper

                   

                  Product security information