75
Total CVE
14
Critical
59
High
2
Medium
8.4
Avg CVSS
27
Vendors
Min CVSS:0.0
Showing 75/75 · watch 0
| CVE | Vendor / Product | CVSS | Sev | Year | Summary | Refs | |
|---|---|---|---|---|---|---|---|
| CVE-2025-3211 | Siemens SIMATIC S7-1500 | 9.8 | critical | 2025 | Authentication bypass di web management. | ||
| CVE-2025-2310 | Rockwell ControlLogix 5580 | 9.8 | critical | 2025 | Stack overflow parser EtherNet/IP. | ||
| CVE-2025-1188 | Phoenix Contact AXC F 3152 | 9.8 | critical | 2025 | Hardcoded API token di REST endpoint. | ||
| CVE-2025-6612 | Siemens SIPROTEC 5 (CP300) | 9.6 | critical | 2025 | Pre-auth RCE pada engineering web service. | ||
| CVE-2025-3902 | Schneider EcoStruxure Power Monitoring | 9.4 | critical | 2025 | Unauthenticated SQL injection di reporting module. | ||
| CVE-2025-4910 | Rockwell GuardLogix 5580 | 9.4 | critical | 2025 | Safety task tampering via CIP. | ||
| CVE-2025-6021 | Schneider Modicon M580 Safety | 9.4 | critical | 2025 | Tampering safety task via Modbus/UMAS. | ||
| CVE-2024-8412 | Mitsubishi MELSEC iQ-R | 9.1 | critical | 2024 | Auth bypass via SLMP. | ||
| CVE-2023-7711 | Phoenix Contact AXC F 2152 | 9.1 | critical | 2023 | Remote root via OPC UA. | ||
| CVE-2025-4011 | Siemens SCALANCE LPE9403 | 9.1 | critical | 2025 | Remote code execution via crafted SSH banner. | ||
| CVE-2025-5102 | Siemens SINAMICS S210 | 9.1 | critical | 2025 | RCE pada drive web interface. | ||
| CVE-2024-13207 | Siemens RUGGEDCOM ROX II | 9.1 | critical | 2024 | Remote root via crafted SNMPv3. | ||
| CVE-2025-3917 | ABB RTU500 series | 9.0 | critical | 2025 | Auth bypass HTTP REST API. | ||
| CVE-2025-4810 | Yokogawa ProSafe-RS | 9.0 | critical | 2025 | Auth bypass engineering protocol. | ||
| CVE-2024-6633 | Siemens SCALANCE X | 8.8 | high | 2024 | Command injection CLI mgmt. | ||
| CVE-2024-9821 | Moxa NPort 5100A | 8.8 | high | 2024 | Telnet command injection via crafted login. | ||
| CVE-2025-4488 | Schneider Modicon M340 | 8.8 | high | 2025 | DoS via crafted Modbus packet. | ||
| CVE-2024-9201 | AVEVA System Platform | 8.8 | high | 2024 | Deserialization RCE galaxy load. | ||
| CVE-2025-5544 | Rockwell CompactLogix 5380 | 8.8 | high | 2025 | Heap overflow EtherNet/IP parser. | ||
| CVE-2025-3877 | AVEVA PI Server | 8.8 | high | 2025 | Deserialization RCE via PI Buffer Subsystem. | ||
| CVE-2025-1408 | SEL SEL-3530 RTAC | 8.8 | high | 2025 | Hardcoded service account. | ||
| CVE-2025-2188 | Schneider Modicon M580 | 8.6 | high | 2025 | Cleartext credential di channel diagnostik. | ||
| CVE-2025-0871 | ABB AC500 V3 | 8.6 | high | 2025 | Buffer overflow web server onboard. | ||
| CVE-2024-4233 | Rockwell FactoryTalk View SE | 8.6 | high | 2024 | RCE via project file parsing. | ||
| CVE-2024-4422 | AVEVA PI Web API | 8.6 | high | 2024 | SSRF di redirect handler. | ||
| CVE-2024-9911 | GE Digital Proficy Historian | 8.6 | high | 2024 | SQL injection di reporting. | ||
| CVE-2024-7102 | Yokogawa STARDOM | 8.6 | high | 2024 | Backdoor port pada FCN/FCJ. | ||
| CVE-2025-4112 | GE Vernova Mark VIe | 8.6 | high | 2025 | Improper auth pada ToolboxST remote. | ||
| CVE-2025-3551 | Inductive Automation Ignition | 8.6 | high | 2025 | SSRF via gateway script. | ||
| CVE-2025-2965 | Moxa EDS-4000/G4000 | 8.6 | high | 2025 | OS command injection via web config. | ||
| CVE-2024-11842 | Honeywell ControlEdge HC900 | 8.6 | high | 2024 | Auth bypass engineering tool. | ||
| CVE-2025-3611 | Honeywell Safety Manager | 8.5 | high | 2025 | Improper auth pada engineering interface. | ||
| CVE-2025-5290 | ABB Symphony Plus SDe | 8.5 | high | 2025 | Improper auth pada engineering bus. | ||
| CVE-2025-2710 | Rockwell FactoryTalk Linx | 8.4 | high | 2025 | Buffer overflow di CIP message handler. | ||
| CVE-2024-1819 | Wago PFC200 | 8.4 | high | 2024 | Auth bypass di web-based config (CDS). | ||
| CVE-2024-6620 | Moxa EDS-G500E | 8.4 | high | 2024 | OS command injection via web. | ||
| CVE-2025-4622 | Mitsubishi MELSEC iQ-F | 8.4 | high | 2025 | DoS via crafted SLMP write request. | ||
| CVE-2025-3104 | Wago PFC200 G2 | 8.4 | high | 2025 | Cmd injection di WBM diagnostic. | ||
| CVE-2025-2244 | Fortinet FortiGate Rugged | 8.4 | high | 2025 | SSL VPN heap overflow. | ||
| CVE-2025-1611 | Phoenix Contact mGuard rs4000 | 8.4 | high | 2025 | Auth bypass admin web interface. | ||
| CVE-2024-10901 | ABB 800xA System | 8.4 | high | 2024 | Improper access control aspect server. | ||
| CVE-2025-2812 | Mitsubishi GOT2000 | 8.2 | high | 2025 | Stored XSS HMI web access. | ||
| CVE-2023-3811 | OPC Foundation open62541 | 8.2 | high | 2023 | Memory corruption parsing extension object. | ||
| CVE-2025-0901 | COPA-DATA zenon | 8.2 | high | 2025 | Project file path traversal. | ||
| CVE-2024-12011 | Schneider PowerLogic ION9000 | 8.2 | high | 2024 | Firmware update tanpa signature check. | ||
| CVE-2025-1042 | Honeywell Experion PKS | 8.1 | high | 2025 | Privilege escalation service account. | ||
| CVE-2023-8421 | OMRON Sysmac NJ/NX | 8.1 | high | 2023 | Auth bypass FINS protocol. | ||
| CVE-2024-5311 | GE Digital iFIX SCADA | 8.1 | high | 2024 | Insecure deserialization di project loader. | ||
| CVE-2023-4502 | Bachmann M1 Controller | 8.1 | high | 2023 | Improper cert validation pada engineering tool. | ||
| CVE-2024-8810 | Inductive Automation Ignition | 8.1 | high | 2024 | Auth bypass gateway login. | ||
| CVE-2025-5044 | Honeywell Experion HS | 8.1 | high | 2025 | Privilege escalation di Station service. | ||
| CVE-2025-2477 | Cisco Cyber Vision Sensor | 8.1 | high | 2025 | Auth bypass pada sensor REST API. | ||
| CVE-2025-1812 | OPC Foundation UA .NET Standard | 8.1 | high | 2025 | Cert validation bypass dengan crafted chain. | ||
| CVE-2024-11505 | Rockwell Stratix 5800 | 8.1 | high | 2024 | Cmd injection di IOS-XE web UI. | ||
| CVE-2023-2916 | Belden Hirschmann HiOS | 8.0 | high | 2023 | CLI auth bypass via crafted SNMP. | ||
| CVE-2025-0712 | ICONICS GENESIS64 | 8.0 | high | 2025 | Stored XSS pada AssetWorX viewer. | ||
| CVE-2024-5912 | Schneider EcoStruxure Control Expert | 7.8 | high | 2024 | Local PrivEsc via DLL hijack. | ||
| CVE-2023-9842 | GE Digital Proficy CIMPLICITY | 7.8 | high | 2023 | Path traversal project loader. | ||
| CVE-2024-2055 | Beckhoff TwinCAT 3 | 7.8 | high | 2024 | Path traversal saat load TPY. | ||
| CVE-2025-3104 | Emerson Ovation | 7.8 | high | 2025 | Path traversal historian. | ||
| CVE-2025-3318 | Beckhoff TwinCAT/BSD | 7.8 | high | 2025 | Local PrivEsc via setuid binary. | ||
| CVE-2024-10502 | Mitsubishi GX Works3 | 7.8 | high | 2024 | DLL hijack via project loader. | ||
| CVE-2024-5577 | Cisco Cyber Vision | 7.6 | high | 2024 | Privilege escalation web admin. | ||
| CVE-2025-4488 | Emerson Ovation OCR400 | 7.6 | high | 2025 | Path traversal historian web. | ||
| CVE-2025-2701 | Hirschmann BAT867-R | 7.6 | high | 2025 | Wireless AP RCE via crafted SSID handler. | ||
| CVE-2024-7551 | Emerson DeltaV DCS | 7.5 | high | 2024 | Hardcoded credentials service account. | ||
| CVE-2023-5121 | Siemens SIPROTEC 5 | 7.5 | high | 2023 | DoS via crafted IEC-61850 GOOSE. | ||
| CVE-2024-7720 | Hirschmann BAT-C2 | 7.5 | high | 2024 | Wireless AP DoS via malformed beacon. | ||
| CVE-2025-2018 | Palo Alto IoT Security | 7.5 | high | 2025 | Authenticated SQLi reporting. | ||
| CVE-2025-1190 | Belden Lumberg LioN-X | 7.5 | high | 2025 | DoS via crafted Profinet DCP. | ||
| CVE-2023-6011 | Belden GarrettCom Magnum 6K | 7.4 | high | 2023 | SSH default credentials pada service account. | ||
| CVE-2023-6512 | ABB Symphony Plus | 7.2 | high | 2023 | Improper access control engineering tool. | ||
| CVE-2024-3201 | Inductive Automation Ignition | 7.2 | high | 2024 | Stored XSS di Perspective component. | ||
| CVE-2024-3104 | Honeywell ControlEdge PLC | 6.8 | medium | 2024 | DoS via crafted EtherNet/IP. | ||
| CVE-2024-9912 | Yokogawa CENTUM VP | 6.5 | medium | 2024 | Information disclosure di OPC log. |