The OSCAT Basic library is one of several libraries developed and provided by OSCAT. OSCAT (oscat.de) stands for "Open Source Community for Automation Technology".
The OSCAT Basic library offers function blocks for various tasks, e.g. for buffer management, list processing, control technology, mathematics, string processing, time and date conversion. By adding the OSCAT Basic library into IEC 61131-3-compliant programming tools, PLC programmers can use all the functions provided by the library in their control programs.
Within the library, the MONTH_TO_STRING function is affected by an out-of-bounds read vulnerability. Exploitation of the vulnerability may lead to limited access to internal data or possibly to a crash of the PLC.
Echo Curve Viewer is an utility used for offline visualization of previously recorded envelope curve data. Envelope curve records are exported from other Endress+Hauser software products like FieldCare as .curves files.
Echo Curve Viewer opens .curves files and displays their contents. The .curves files contain device- specific C# calculation scripts as .cs files, that are needed for the interpretation of certain curve record types.
Echo Curve Viewer loads .curves files and executes the contained C# code.
Confidential data in HTTP query string of user requests. Incomplete sanitation of user input in administrative web interface.
CVE-2024-43392 only affects devices with firmware < 8.9.3.
mGuards use an OpenSSH server for SSH access. This server is vulnerable to a remote code injection.
The pathfinder TCP encapsulation service is vulnerable to a drain of open file descriptors.
Siemens SIMATIC S7-1200 and S7-1500 CPUs contained in various Festo Didactic products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks
The following tools:
create a directory with insufficient permissions, allowing a low-level user the ability to add and modify certain files that hold SYSTEM privileges, which could lead to privilege escalation.
By default, TwinCAT/BSD-based products have a device-specific web interface for web-based management (WBM) enabled, developed by Beckhoff and known as Beckhoff Device Manager UI. It can be accessed remotely or locally. When accessed locally, a user can post specifically crafted input which then lets the process “MDPWebServer” consume a maximum of CPU cycles and Random Access Memory (RAM).