Skip to main content
Research

Software issues found by Dragos

Dragos Intel conducts hands-on research and testing for ICS/OT software, devices, and protocols to discover and address security vulnerabilities.

View Vulnerabilities Policy
This list of advisories provides insight into the specific vulnerabilities reported. It is updated recently as we discover vulnerabilities.
Sort By
Most Recent
Oldest

Threat Level

Name

CVE ID

Vulnerability Type

Affects

Limited Threat

Unitronics Vision Standard

CVE-2024-1480
 
 

Unauthenticated Password Retrieval

Vision 230, Vision 280, Vision 290, Vision 530, Vision 120: All versions

Limited Threat

Mitsubishi Electric’s MELSEC iQ-R Safety CPU and SIL2 Process CPU Module

CVE-2023-6815
 
 

Incorrect Privilege Assignment

MELSEC iQ-R Series Safety CPU (R08/16/32/120SFCPU): all versions., MELSEC iQ-R Series SIL2 Process CPU (R08/16/32/120PSFCPU): all versions.

Immediate Action

Phoenix Contact: Classic line industrial controllers

CVE-2023-46143
 
 

Integrity check fails to identify out-of-band logic changes

Automation Worx Software Suite: All versions, AXC 1050 (2700988): All versions, AXC 1050 XC (2701295): All versions, AXC 3050 (2700989): All versions, Config+: All versions, FC 350 PCI ETH (2730844): All versions , ILC1x0: All versions, ILC1x1: All versions, ILC 3xx: All versions, PC Worx: All versions, PC Worx Express: All versions, PC WORX RT BASIC (2700291): All versions, PC WORX SRT (2701680): All versions, RFC 430 ETH-IB (2730190): All versions, RFC 450 ETH-IB (2730200): All versions, RFC 460R PN 3TX (2700784): All versions, RFC 470S PN 3TX (2916794): All versions, RFC 480S PN 4TX (2404577): All versions

Limited Threat

Phoenix Contact: PLCnext

CVE-2023-46142
 
 

Incorrect Permission Assignment for Critical Resource

AXC F 1152 (1151412): v2024.0 and prior. , AXC F 2152 (2404267): v2024.0 and prior. , AXC F 3152 (1069208): v2024.0 and prior. , BPC 9102S (1246285): v2024.0 and prior. , EPC 1502 (1185416): v2024.0 and prior. , EPC 1522 (1185423): v2024.0 and prior. , PLCnext Engineer (1046008): v2024.0 and prior. , RFC 4072R (1136419): v2024.0 and prior. , RFC 4072S (1051328): v2024.0 and prior.

Limited Threat

Phoenix Contact: Automation Worx and classic line controllers

CVE-2023-46141
 
 

Incorrect Permission Assignment for Critical Resource

Automation Worx Software Suite: All versions, AXC 1050 (2700988): All versions, AXC 1050 XC (2701295): All versions, AXC 3050 (2700989): All versions, Config+: all versions, FC 350 PCI ETH (2730844): All versions, ILC1x0: All versions, ILC1x1: All versions, ILC 3xx: All versions, PC Worx: All versions, PC Worx Express: All versions, PC WORX RT BASIC (2700291): All versions, PC WORX SRT (2701680): All versions, RFC 430 ETH-IB (2730190): All versions, RFC 450 ETH-IB: (2730200): All versions, RFC 460R PN 3TX (2700784): All versions, RFC 470S PN 3TX (2916794): All versions, RFC 480S PN 4TX (2404577): All versions

Limited Threat

Phoenix Contact: MULTIPROG Engineering tool and ProConOS eCLR SDK

CVE-2023-0757
 
 

CVE-2023-5592
 
 

Incorrect Permission Assignment for Critical Resource

Integrity check fails to identify out-of-band logic changes

MULTIPROG: All versions, ProConOS eCLR (SDK): All versions

Possible Threat

Siemens Spectrum Power 7 Local Privilege Escalation

CVE-2023-38557
 
 

Local M2:M36 Privilege Escalation

Spectrum Power 7 version V23Q3 and earlier.

Limited Threat

SEL acSELerator RTAC Software Vulnerabilities

CVE-2023-31167
 
 

CVE-2023-34391
 
 

Directory Traversal

Insecure Filesystem Permissions

SEL-5033 version 1.35.151.20000 and earlier, SEL-5036 version 1.0.49152.777 and earlier

Limited Threat

OPTO 22 SNAP PAC S1 Vulnerabilities

CVE-2023-40706
 
 

CVE-2023-40708
 
 

CVE-2023-40709
 
 

CVE-2023-40710
 
 

Improper Restriction of Excessive Authentication Attempts

Improper Authorization

Denial of Service (DoS)

Denial of Service (DoS)

OPTO 22 SNAP PAC S1: Firmware version R10.3b

Limited Threat

Siemens Software Center DLL Hijacking Issues

CVE-2021-41544
 
 

CVE-2022-25634
 
 

Uncontrolled Search Path Element

Uncontrolled Search Path Element

Siemens Software Center versions prior to v3.0.

Possible Threat

PTC’s KEPServerEX Vulnerabilities

CVE-2023-29444
 
 

CVE-2023-29445
 
 

CVE-2023-29446
 
 

CVE-2023-29447
 
 

DLL Hijacking

DLL Hijacking

UNC Path Injection

Insufficiently Protected Credentials

PTC’s KEPServerEx, v6.13.250.0 and prior

Limited Threat

Omron PLC and Engineering Software Network and File Format Access

CVE-2022-45790
 
 

CVE-2019-18269
 
 

CVE-2022-45792
 
 

CVE-2022-45793
 
 

CVE-2022-45794
 
 

CVE-2022-34151
 
 

CVE-2022-33971
 
 

CVE-2023-0811
 
 

Memory protection is vulnerable to brute force.

Memory protection may be set to non-ASCII characters

File formats vulnerable to Zip-Slip

Binaries are writable by low-privileged users

File transfer lacks authentication

Backdoor account with administrative privileges

Arbitrary code execution to an authenticated attacker

Unauthenticated user to set arbitrary passwords

Omron PLC CJ series, All versions, Omron PLC CS series, All versions, Omron PLC CP series, All versions, Omron PLC NX series, All versions, Omron Safety Controllers (SL3300): All versions

Limited Threat

Digi TransPort Gateway Vulnerability

CVE-2022-4046
 
 

CVE-2022-4224
 
 

CVE-2023-29446
 
 

Insufficient Read and Write Protection to Logic and Runtime Data

Access to Sensitive System Files

CODESYS Control for BeagleBone SL: All Versions, CODESYS Control for emPC-A/iMX6 SL: All Versions, CODESYS Control for IOT2000 SL: All Versions, CODESYS Control for Linux SL: All Versions, CODESYS Control for PFC100 SL: All Versions, CODESYS Control for PFC200 SL: All Versions, CODESYS Control for PLCnext SL: All Versions, CODESYS Control for Raspberry Pi SL: All Versions, CODESYS Control for WAGO Touch Panels 600 SL: All Versions, CODESYS Control RTE (for Beckhoff CX) SL: All Versions, CODESYS Control RTE (SL): All Versions, CODESYS Control Runtime System Toolkit: All Versions, CODESYS Control Win (SL): All Versions, CODESYS HMI (SL): All Versions, CODESYS Control RTE (SL): Prior to v3.5.19.0, CODESYS Control RTE (for Beckhoff CX) SL: Prior to v3.5.19.0, CODESYS Control Win (SL): Prior to v3.5.19.0, CODESYS Runtime Toolkit: Prior to v3.5.19.0, CODESYS Safety SIL2 Runtime Toolkit: Prior to v3.5.19.0, CODESYS Safety SIL2 PSP: Prior to v3.5.19.0, CODESYS HMI (SL): Prior to v3.5.19.0, CODESYS Development System V3: Prior to v3.5.19.0, CODESYS Control for BeagleBone SL: Prior to V4.8.0.0, CODESYS Control for emPC-A/iMX6 SL: Prior to V4.8.0.0, CODESYS Control for IOT2000 SL: Prior to V4.8.0.0, CODESYS Control for Linux SL: Prior to V4.8.0.0, CODESYS Control for PFC100 SL: Prior to V4.8.0.0 , CODESYS Control for PFC200 SL: Prior to V4.8.0.0, CODESYS Control for PLCnext SL: Prior to V4.8.0.0 , CODESYS Control for Raspberry Pi SL: Prior to V4.8.0.0, CODESYS Control for WAGO Touch Panels 600 SL: Prior to V4.8.0.0

Limited Threat

CODESYS V2 and V3 Logic Integrity and Permissions Issues

CVE-2023-28355
 
 

Integrity check fails to identify out-of-band logic changes

CODESYS Control V3 (All Versions)

Limited Threat

Moxa NPort 6000 and RealCOM Encryption Weakness and Missing Authentication

CVE-2022-43993
 
 

CVE-2022-43994
 
 

PITM and Traffic Intercept

No Client Authentication

NPort 6000 Series: v2.2 and prior, Windows Driver Manager Series (Windows 7 to 10 and Windows Server 2008 R2 to 2019, WHQL certified): v3.4 and prior, Windows Driver Manager Series (Windows 11 and Server 2022 and later, WHQL certified): v4.0 and prior

No Additional Advisories Found

Report Security Issues to Dragos

Report Vulnerabilities in the Dragos Platform, Hardware, Services, and Threat Intelligence solutions

Learn More