Select your country/region in the menu or by clicking on the world map *
Country Selector Alternate Image
Support
           
           
           

          Vulnerabilities

           
           
          Date (dd/mm/yyyy) Product Description Products and versions affected Links to Information
          16/09/2014 Modicon PLC Ethernet Comm Modules
          Authentication Bypass on Web Server Many products affected - see disclosure for more details SEVD-2014-260-01 
          04/09/2014 VAMPSET Software
          Software halt VAMPSET V2.2.136 and previous SEVD 2014-247-01 
          29/08/2014 SCADA Expert ClearSCADA
          Weak Self-signed Certificate SCADA Expert ClearSCADA, all versions prior to September 2014 (see disclosure for details) SEVD 2014-241-02 
          29/08/2014 SCADA Expert ClearSCADA
          Multiple Vulnerabilities SCADA Expert ClearSCADA, all versions prior to September 2014 (see disclosure for details) SEVD 2014-241-01 
          18/08/2014 Wonderware Information Server
          Multiple Vulnerabilities Winderware Information Server, V5.5 and all versions prior (see disclosure for details) LFSEC00000102 
          30/04/2014 See disclosure
          HeartBleed - OpenSSL Heartbeat vulnerability See disclosure SEVD 2014-119-01 
          25/03/2014 OPC Factory Server
          Buffer Overflow OFS v3.5 and previous SEVD 2014-084-01 
          31/01/2014 OPC Factory Server
          Buffer Overflow in C++ Sample Code OPC Factory Server V3.35 and previous SEVD 2014-031-01 
          24/01/2014 SCADA Expert Vijeo Citect
          Vijeo Citect
          CitectSCADA
          PowerSCADA Expert
          PowerLogic SCADA
          Unhandled Exception
          • StruxureWare SCADA Expert Vijeo Citect v7.40
          • Vijeo Citect v7.20 to v7.30SP1
          • CitectSCADA v7.20 to v7.30SP1
          • StruxureWare PowerSCADA Expert v7.30 to v7.30SR1
          • PowerLogic SCADA v7.20 to v7.20SR1
          SEVD 2014-024-02 
          24/01/2014 SCADA Expert ClearSCADA
          File Parsing
          • ClearSCADA 2010 R3.1 or previous
          • SCADA Expert ClearSCADA R2 or previous
          SEVD 2014-024-01 
          15/01/2014 Floating License Manager
          Unquoted Service Path Versions 1.0.0 to 1.4.0 SEVD 2014-015-01 
          30/12/2013 Sage 3030 RTU
          Improper DNP3 Input Validation
          • SAGE 3030 C3413-500-001D3_P4
          • SAGE 3030 C3413-500-001F0_PB
          SEVD 2013-364-01 
          18/12/2013 Accutech Manager Configuration Software
          SQL Injection All versions prior to 2.00.4 SEVD 2013-352-01 
          11/12/2013 SCADAPack 33x, 35x
          VxWorks Debug Port
          • SCADAPack 33x V1.71 or previous
          • SCADAPack 35x V1.71 or previous
          SEVD 2013-345-01 
          10/12/2013 SUI Software
          Buffer Overflow
          • SUI V1.1 RC6
          • SUI V1.1 RC7
          SEVD 2013-344-01 
          05/12/2013 SCADA Expert ClearSCADA Software
          DNP3 Driver Fuzzing Vulnerability
          • ClearSCADA 2010 - see disclosure
          • SCADA Expert ClearSCADA 2013 - see disclosure
          SEVD 2013-339-01 
          13/09/2013 StruxureWare SCADA
          Expert ClearSCADA Software
          Incorrect Handling of Web Requests
          • SCADA Expert ClearSCADA 2013 R1
          • SCADA Expert ClearSCADA 2013 R1.1
          • SCADA Expert ClearSCADA 2013 R1.1a
          SEVD 2013-213-01 
          23/08/2013 OPC Factory Server (OFS) XML External Entity OFS v3.40 and all previous versions SEVD 2013-235-01 
          08/08/2013 Trio Radio AES Encryption Key Generation Trio J Series License Free Ethernet Radio V3.6.0, V3.6.1, V3.6.2 and V3.6.3 SEVD-2013-143-01 
          31/07/2013 Many - see disclosure Default Passwords Many - see disclosure SEVD 2013-212-01 
          16/07/2013 Vijeo Citect
          Citect SCADA
          Power Logic SCADA
          XML External Entity
          • Vijeo Citect v7.2 and previous
          • Citect SCADA v7.2 and previous
          • PowerLogic SCADA v7.2 and previous
          SEVD 2013-197-01 
          06/06/2013 See disclosure Microsoft Common Controls See disclosure SEVD 2013-157-01 
          11/04/2013 Citect SCADA
          Citect Facilities
          Buffer Overflow affecting Mitsubishi MX Component v3 Trial provided on Distribution Disk
          • Citect SCADA v7.0
          • Citect Facilities v7.1
          SEVD-2013-101-01 
          08/04/2013 MiCOM S1 Studio Software Read/Write access to executables in the Program Files directory MiCOM S1 Studio Software, all versions
          11/03/2013 Modbus Serial Driver Buffer Overflow
          • TwidoSuite,
          • PowerSuite,
          • SoMove,
          • SoMachine,
          • Unity Pro,
          • Unity Loader,
          • OFS,
          • PL7,
          • Concept
          25/02/2013 TAC I/A G3 Series SW Directory Traversal TAC I/A G3 ver. 3.5 and 3.6
          23/01/2013 Quantum,
          Premium,
          M340 PLC Communication Modules
          Multiple vulnerabilities See SEVD 2013-023-01 for affected products
          21/01/2013 Accutech Manager Software Tool Heap Overflow Accutech Manager SW v2.00.1 and older
          17/01/2013 PacDrive M,
          LMC 10/20,
          BLC3,
          BLM3,
          BLS,
          TLM,
          TLC,
          TLCC,
          ATV-CI,
          SMC,
          Altivar ATV-IC
          Unauthorized Access to User Functions See SEVD 2013-017-01 for affected products
          10/01/2013 IGSS Buffer Overflow
          • IGSS V9
          • IGSS V10
          09/01/2013 Schneider Electric Software Update (SESU) Utility Non-signed client/server communication
          • IDS
          • PowerSuite
          • Smart Widget
          • SoMachine
          • Spacial.pro
          • Unity Pro
          • Vijeo Designer
          • Web Gate Client Files
          06/12/2012 EzyLog Monitor Multiple Vulnerabilities EzyLog Monitor, P/N PVSNVLOG all versions
          17/09/2012 NMC Device IP Wizard
          Netbotz Advanced View
          PowerChute Network Shutdown
          PowerChute Business Edition
          StruxureWare Data Center Expert
          StruxureWare Operations
          Java Vulnerability
          • NMC Device IP Wizard (Java Ver 7)
          • Netbotz Advanced View (Java Ver 6)
          • PowerChute Network Shutdown (Java Ver 6)
          • PowerChute Business Edition (Java Ver 6)
          • StruxureWare Data Center Expert (Java Ver 6)
          • StruxureWare Operations (Java Ver 6)
           FA162073 (pdf file, 152Kb)
          17/08/2012 TAC I/A Series G3 Software Multiple vulnerabilities All current versions of TAC I/A Series G3 Software
          17/02/2012 AQUIS DLL Hijacking AQUIS V1.5 and any previous version
           AQUIS Patch (exe file, 163Mb)
          17/02/2012 TERMIS DLL Hijacking TERMIS V2.10 and any previous version
          TERMIS Patch (exe file, 175Mb)
          16/02/2012 Quantum PLC Metasploit tools to exploit HTTP user/PW information All RES207443 
          16/01/2012 IGSS IGSS DLL Hijacking All versions prior to V9.0.0.11291 IGSS v9 Program Updates (zip, 25Mb)
          12/01/2012 Quantum PLC
          Premium PLC
          M340 PLC
          Advantys STB DIO
          Multiple vulnerabilities See Resolution 206895 RES206895 
          12/01/2012 Quantum PLC
          Premium PLC
          Multiple vulnerabilities See Resolutions 207378 and 297906 RES207378 and RES297906 
          21/12/2011 IGSS IGSS Buffer Overflow v9.0.0.11355 and previous IGSS v9 Program Updates (zip, 25Mb)
          20/12/2011 IGSS Data Server Denial of Service and Buffer Overflow v9.0.0.11200 and previous IGSS v9 Program Updates (zip, 25Mb)
          12/12/2011 ION Power Meters and ION Setup SW Remote factory-level access
          • ION 7500/7600/8300/
            8400/8500 all versions
          • ION 7550/7650 prior to v371
          • ION 8600 prior to v335
          • ION 8650 prior to v403
          • ION 8800 prior to v340
          • ION Setup SW prior to v3.0
          ION Meter Information
          ION 7550 Patch
          ION 7650 Patch
          ION 8600 Patch
          ION 8650 Patch
          ION 8800 Patch
          ION Setup SW
          11/12/2011 IGSS and Safenet Sentinel HASP Input sanitization
          • HASP SDK prior to v5.11
          • HASP run-time prior to v6.x
          • IGSS V7
          Sentinel updates 
          07/12/2011 PowerChute Cross-site Scripting (XSS) PowerChute Business Edition (prior to v8.5) PowerChute Information
          28/11/2011 Vijeo Historian
          Citect Historian
          Citect SCADA Reports
          Web Server multiple vulnerabilities
          • Vijeo Historian v4.3 and previous
          • Citect Historian v4.3 and previous
          • Citect SCADA Reports v4.1 and previous
          Citect Information and Patch 
          08/11/2011 Citect SCADA and Mitsubishi MX4 SCADA Batch Server Buffer overflow
          • CitectSCADA V7.10 and prior using the CitectSCADA Batch Server module
          • Mitsubishi MX4 SCADA V7.10 and prior using the MX4 SCADA Batch module
          Citect Information 
          20/10/2011 Unity Pro
          OPC Factory Server
          Vijeo Citect
          Telemecanique Driver Pack Monitor Pro
          PL7 Pro
          Unitelway Device Driver Buffer Overflow
          • Unity Pro v6 and previous
          • OPC Factory Server v3.34 and previous
          • Vijeo Citect v7.2 and previous
          • Telemecanique Driver Pack v2.6 and previous
          • Monitor Pro v7.6 and previous
          • PL7 Pro v4.5 and previous
          OFS Information and Patch 
          25/08/2011 ClearSCADA
          SCX6
          Remote Authentication Bypass
          • ClearSCADA 2010 R1.0
          • ClearSCADA 2009
          • ClearSCADA 2007
          • ClearSCADA 2005
          • SCX Version 6.69 R1 and earlier
          • SCX Version 6.68 and earlier
          • SCX Version 6.67 and earlier
          ClearSCADA and SCX6 Information and Patch 
          08/07/2011 IGSS ODBC Remote Memory Corruption IGSS prior to ver 9.11143 IGSS v9 Program Updates (zip, 25Mb)
          06/06/2011 IGSS IGSS Denial of Service Prior to v7.10033 IGSS v7 Program Updates (zip, 10Mb)
          06/06/2011 IGSS IGSS Denial of Service Prior to v8.11102 IGSS v8 program updates (zip, 18Mb)
          06/06/2011 IGSS IGSS Denial of Service Prior to v9.11143 IGSS v9 Program Updates (zip, 25Mb)
          06/05/2011 IGSS Multiple vulnerabilities Prior to ver 9.0.0.11083
          IGSS v9 Program Updates (zip, 25Mb)
          29/04/2011 IGSS Remote stack overflow IGSS ver. 9 and all previous versions IGSS Program Updates 
          21/03/2011 IGSS Multiple vulnerabilities IGSS ver 9.00.00.1 and previous IGSS Program Updates 
          16/02/2011 ClearSCADA Multiple Vulnerabilities
          • ClearSCADA 2005 (all versions)
          • ClearSCADA 2007 (all versions)
          • ClearSCADA 2009 (all versions)
          ClearSCADA Information and Patch 
          08/02/2011 IGSS ODBC Server Remote Heap Corruption IGSS vers. 8 & 9 IGSS Program Updates 
            
           
          To know more

          To know more 

          Watch our video

          Watch our video
           

          Download our white paper

           

          Product security information