An insufficiently protected credentials vulnerability exists that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file.
An authentication bypass by spoofing vulnerability exists that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller.
M&M Software fdtCONTAINER component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
An insufficiently protected credentials vulnerability exists that could cause unauthorized access to a project file protected by a password when this file is shared with untrusted sources. An attacker may bypass password protection and be able to view and modify a project file.
An insufficiently protected credentials vulnerability exists that could cause a leak of SMTP credentials used for mailbox authentication when an attacker can access a project file.
Missing encryption of sensitive data vulnerability exists that could cause an information leak allowing disclosure of network and process information, credentials, or intellectual property when an attacker can access a project file.
An improper authentication issue exists and could allow an attacker to use a crafted webpage that can enable remote access to the system.
Visit the website for more information on the affected products, patches, and updates. https://us-cert.cisa.gov/ics/advisories