Threatscape

All the following vulnerabilities were discovered either by Positive Research experts or by automated security products from Positive Technologies, including MaxPatrol and PT Application Inspector.
High (7.5) (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
PT-2018-21: Buffer Overflow in Schneider Electric's Modicon Premium, Modicon Quantum, and Modicon M340
Fix date: March 22, 2018
Vector: Remote
Systems affected: Schneider Electric Modicon Quantum
Schneider Electric Modicon Premium
Schneider Electric Modicon M340
Vendor: Schneider Electric
Notification status: 28.04.2017 - Vendor gets vulnerability details
22.03.2018 - Vendor releases fixed version and details
03.09.2018 - Public disclosure
High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
PT-2018-20: Arbitrary Code Execution in Schneider Electric's BMXNOR0200
Fix date: March 22, 2018
Vector: Remote
Systems affected: Schneider Electric Modicon BMXNOR0200
Vendor: Schneider Electric
Notification status: 28.04.2017 - Vendor gets vulnerability details
22.03.2018 - Vendor releases fixed version and details
03.09.2018 - Public disclosure
High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
PT-2018-19: Authorization Bypass in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200
Fix date: March 22, 2018
Vector: Remote
Systems affected: Schneider Electric Modicon Quantum
Schneider Electric Modicon Premium
Schneider Electric Modicon M340
Schneider Electric Modicon BMXNOR0200
Vendor: Schneider Electric
Notification status: 28.04.2017 - Vendor gets vulnerability details
22.03.2018 - Vendor releases fixed version and details
03.09.2018 - Public disclosure
High (7.5) (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
PT-2018-18: Buffer Overflow in Schneider Electric's Modicon Premium, Modicon Quantum, and Modicon M340
Fix date: March 22, 2018
Vector: Remote
Systems affected: Schneider Electric Modicon Quantum
Schneider Electric Modicon Premium
Schneider Electric Modicon M340
Vendor: Schneider Electric
Notification status: 28.04.2017 - Vendor gets vulnerability details
22.03.2018 - Vendor releases fixed version and details
03.09.2018 - Public disclosure
High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
PT-2018-17: Information Disclosure in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200
Fix date: March 22, 2018
Vector: Remote
Systems affected: Schneider Electric Modicon Quantum
Schneider Electric Modicon Premium
Schneider Electric Modicon M340
Schneider Electric Modicon BMXNOR0200
Vendor: Schneider Electric
Notification status: 28.04.2017 - Vendor gets vulnerability details
22.03.2018 - Vendor releases fixed version and details
03.09.2018 - Public disclosure
High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
PT-2018-16: Hardcoded Accounts in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200
Fix date: March 22, 2018
Vector: Remote
Systems affected: Schneider Electric Modicon Quantum
Schneider Electric Modicon Premium
Schneider Electric Modicon M340
Schneider Electric Modicon BMXNOR0200
Vendor: Schneider Electric
Notification status: 28.04.2017 - Vendor gets vulnerability details
22.03.2018 - Vendor releases fixed version and details
03.09.2018 - Public disclosure
High (8.8) (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
PT-2018-15: Arbitrary Code Execution in Schneider Electric's Modicon Quantum
Fix date: March 22, 2018
Vector: Remote
Systems affected: Schneider Electric Modicon Quantum
Vendor: Schneider Electric
Notification status: 28.04.2017 - Vendor gets vulnerability details
22.03.2018 - Vendor releases fixed version and details
03.09.2018 - Public disclosure
High (9.0) (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
PT-2018-14: Buffer Overflow in PHOENIX CONTACT FL SWITCH
Fix date: May 16, 2018
Vector: Remote
Systems affected: FL SWITCH 3xxx
FL SWITCH 4xxx
FL SWITCH 48xxx
Vendor: PHOENIX CONTACT
Notification status: 22.02.2018 - Vendor gets vulnerability details
16.05.2018 - Vendor releases fixed version and details
29.08.2018 - Public disclosure
High (9.1) (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
PT-2018-13: Command Injection in PHOENIX CONTACT FL SWITCH
Fix date: May 16, 2018
Vector: Remote
Systems affected: FL SWITCH 3xxx
FL SWITCH 4xxx
FL SWITCH 48xxx
Vendor: PHOENIX CONTACT
Notification status: 22.02.2018 - Vendor gets vulnerability details
16.05.2018 - Vendor releases fixed version and details
29.08.2018 - Public disclosure
Medium (5.3) (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
PT-2018-12: Information Disclosure in PHOENIX CONTACT FL SWITCH
Fix date: May 16, 2018
Vector: Remote
Systems affected: FL SWITCH 3xxx
FL SWITCH 4xxx
FL SWITCH 48xxx
Vendor: PHOENIX CONTACT
Notification status: 22.02.2018 - Vendor gets vulnerability details
16.05.2018 - Vendor releases fixed version and details
29.08.2018 - Public disclosure
High (8.1) (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
PT-2018-11: Buffer Overflow in PHOENIX CONTACT FL SWITCH
Fix date: May 16, 2018
Vector: Remote
Systems affected: FL SWITCH 3xxx
FL SWITCH 4xxx
FL SWITCH 48xxx
Vendor: PHOENIX CONTACT
Notification status: 22.02.2018 - Vendor gets vulnerability details
16.05.2018 - Vendor releases fixed version and details
29.08.2018 - Public disclosure
High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
PT-2018-10: Server-Side Request Forgery in Ipswitch WhatsUp Gold
Fix date: March 7, 2018
Vector: Remote
Systems affected: Ipswitch WhatsUp Gold 17.x
Vendor: Ipswitch
Notification status: 21.04.2017 - Vendor gets vulnerability details
07.03.2018 - Vendor releases fixed version and details
22.08.2018 - Public disclosure
High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
PT-2018-09: Code Injection in Ipswitch WhatsUp Gold
Fix date: March 7, 2018
Vector: Remote
Systems affected: Ipswitch WhatsUp Gold 17.x
Vendor: Ipswitch
Notification status: 21.04.2017 - Vendor gets vulnerability details
07.03.2018 - Vendor releases fixed version and details
22.08.2018 - Public disclosure
High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
PT-2018-08: SQL injection in Ipswitch WhatsUp Gold
Fix date: July 22, 2017
Vector: Remote
Systems affected: Ipswitch WhatsUp Gold 17.x
Vendor: Ipswitch
Notification status: 21.04.2017 - Vendor gets vulnerability details
22.07.2017 - Vendor releases fixed version and details
28.04.2018 - Public disclosure
High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
PT-2018-07: Arbitrary Command Execution in Ipswitch WhatsUp Gold
Fix date: July 22, 2017
Vector: Remote
Systems affected: Ipswitch WhatsUp Gold 17.x
Vendor: Ipswitch
Notification status: 21.04.2017 - Vendor gets vulnerability details
22.07.2017 - Vendor releases fixed version and details
28.04.2018 - Public disclosure
High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
PT-2018-06: Authentication Bypass in Hirschmann Automation and Control GmbH Classic Platform Switches
Fix date: March 6, 2018
Vector: Remote
Systems affected: RSR
RS
RSB
MACH100
MACH1000
MACH4000
OCTOPUS
MS
Vendor: Hirschmann
Notification status: 16.03.2017 - Vendor gets vulnerability details
06.03.2018 - Vendor releases fixed version and details
28.04.2018 - Public disclosure
High (7.5) (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
PT-2018-05: Unauthorized Firmware Modification in Siemens EN100 Ethernet modules
Fix date: March 8, 2018
Vector: Remote
Systems affected: EN100 Ethernet module IEC 61850 variant
EN100 Ethernet module PROFINET IO variant
EN100 Ethernet module Modbus TCP variant
EN100 Ethernet module DNP3 variant
EN100 Ethernet module IEC 104 variant
Vendor: Siemens
Notification status: 17.12.2015 - Vendor gets vulnerability details
08.03.2018 - Vendor releases fixed version and details
30.03.2018 - Public disclosure
High (9.0) (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
PT-2018-04: Sensitive Information Disclosure in Siemens SIPROTEC 4 and SIPROTEC Compact relays
Fix date: March 8, 2018
Vector: Remote
Systems affected: SIPROTEC 4 7SJ66
SIPROTEC Compact 7SK80
SIPROTEC Compact 7SJ80
SIPROTEC Compact
SIPROTEC 4
Vendor: Siemens
Notification status: 17.12.2015 - Vendor gets vulnerability details
08.03.2018 - Vendor releases fixed version and details
30.03.2018 - Public disclosure
High (10) (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
PT-2018-03: Control Takeover in Siemens DIGSI 4 and EN100 Ethernet modules
Fix date: March 8, 2018
Vector: Remote
Systems affected: DIGSI 4
EN100 Ethernet module IEC 61850 variant
EN100 Ethernet module PROFINET IO variant
EN100 Ethernet module DNP3 variant
EN100 Ethernet module IEC 104 variant
Vendor: Siemens
Notification status: 17.12.2015 - Vendor gets vulnerability details
08.03.2018 - Vendor releases fixed version and details
30.03.2018 - Public disclosure
High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
PT-2018-02: Improper Authorization in PHOENIX CONTACT FL SWITCH
Fix date: January 11, 2018
Vector: Remote
Systems affected: FL SWITCH 3xxx
FL SWITCH 4xxx
FL SWITCH 48xxx
Vendor: PHOENIX CONTACT
Notification status: 02.08.2017 - Vendor gets vulnerability details
11.01.2018 - Vendor releases fixed version and details
22.01.2018 - Public disclosure
Severity level
Date filters
Date range
Year
Month
Starts:
Year
Month
Ends:
Year
Month
Vendor
Company name
Systems affected
Software name
Reset filter
Positive Technologies Application Inspector
Editor’s Choice