The 750-8xx controller are susceptible to a Denial-of-Service attack due to a flood of network packets.

Please consult the original paper for details (link at the bottom of this advisory).

Update 16.01.2025: new CVE

The processing program of the IEC 61131 program can be slowed down or stopped completely by creating a large amount of network traffic that needs to be handled by the ILC.

An unauthenticated user can exploit a vulnerability (CVE-2018-12981) to inject code in the WBM via reflected cross-site scripting (XSS), if he is able trick a user to open a special crafted web site. This could allow an attacker to execute code in the context of the user and execute arbitrary commands with restriction to the permissions of the user. Authenticated users can use a vulnerability to inject code in the WBM via persistent cross-site scripting (XSS) via special crafted requests which will be rendered and/or executed in the browser. Authenticated WBM users can transfer arbitrary files to different file system locations (CVE- 2018-12980) to which the web server has the required permissions and partially allowing replacing existing files due weak file permissions (CVE-2018-12979) which can result in an authentication bypass.

Critical vulnerabilities within several CPUs have been identified by security researchers. These hardware vulnerabilities allow programs to learn about the contents of a system's memory, using side-channel attacks. Potential attack vectors against these vulnerabilities have been published and dubbed Meltdown and Spectre. While programs are typically not permitted to read data from the OS kernel or from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in kernel memory or the memory of other programs executed on the same CPU. As a consequence, an exploit could allow attackers to get access to any sensitive data, including passwords or cryptographic keys.

A remote code execution vulnerability in the Microsoft's Credential Security Support Provider protocol (CredSSP) was identified by security researchers. If exploited successfully, it is possible to relay user credentials for arbitrary code execution on the target system.

See details on Microsoft Advisory CVE-2018-0866 (https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0886)

An attacker may exploit a “long cookie” related vulnerability to cause a buffer overflow that allows unauthorized access to the switches operating system files. The attacker can then insert executable code into the OS.

An attacker may insert a carefully crafted cookie into a GET menu_pxc.cgi or GET index.cgi request to cause a buffer overflow that can initiate a Denial of Service attack and execute arbitrary code.

Web interface CGI applications may copy the contents of the running configuration file to a commonly accessed file. Clever manipulation of a web login request can expose the contents of this file through to the web browser. A successful web interface login attempt is not required to read the configuration file contents.