Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote attacker to disclose or tamper with a file in which password hash is saved in cleartext.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by replaying an eavesdropped password hash.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by replay attack.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

A vulnerability has been identified in SIMATIC CFU DIQ (All versions), SIMATIC CFU PA (All versions), SIMATIC S7-1500 CPU family (incl.
related ET200 CPUs and SIPLUS variants) (All versions < V2.0.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX (All versions), SIMIT Simulation Platform (All versions). The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP- Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files.
   This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application's directory, which could lead to remote code execution.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose or tamper with the information in the product by using an eavesdropped password hash.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user's product by using previously eavesdropped cleartext information and to counterfeit a legitimate user's system. 

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

A vulnerability has been identified in SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions < V10.1), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a Denial-of-Service condition. A restart is needed to restore normal operations.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user.   This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files.

  - A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050     (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain     files. This could allow unauthenticated attackers to download these files. (CVE-2022-27480)

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00.   This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

  - The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from     the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to     R6.08.0, Exaopc versions from R3.72.00 to R3.79.00. (CVE-2022-21194)

The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings.
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface.   This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00   This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

  - The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP     versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00     to R3.79.00 (CVE-2022-23402)

This plugin disables scanning localhost for Tenable.OT scans. Only a limited number of plugins that do not require scan targets are allowed to be executed.

  This plugin only works with Tenable.ot.
  Please visit https://www.tenable.com/products/tenable-ot for more information.

Due to usernames/passwords being stored in plaintext in Random Access Memory (RAM), a local, authenticated attacker could gain access to certain credentials, including Windows Logon credentials.   This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user's operating system and certain components of FactoryTalk View SE.   This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-level services.   This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

  - A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured     XML files to access local or remote content. A successful exploit could potentially cause a denial-of-     service condition and allow the attacker to arbitrarily read any local file via system-level services.
    (CVE-2020-14478)

A CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service on ports 80 (HTTP) and 502 (Modbus), when sending a large number of TCP RST or FIN packets to any open TCP port of the PLC. Affected Product: Modicon M340 CPUs: BMXP34 (All Versions)   This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code.   This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition.   This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

A vulnerability has been identified in SICAM TOOLBOX II (All versions). Affected applications use a circumventable access control within a database service. This could allow an attacker to access the database.   This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0 SP1), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations.   This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0 SP1), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packet over port 102/tcp. A restart of the affected device is needed to restore normal operations.   This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.   This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

  - 'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe     with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions     from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from     R3.72.00 to R3.79.00. (CVE-2022-22148)

'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.   This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

  - 'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates     some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM     VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc     versions from R3.72.00 to R3.79.00. (CVE-2022-22141)

CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.   This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

  - CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to     uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions     from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from     R3.72.00 to R3.79.00. (CVE-2022-22145)

CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets.
The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.   This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

  - CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the     receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions     from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and     from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. (CVE-2022-22729)

The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.   This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

  - The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from     R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from     R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. (CVE-2022-23401)

CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs:
CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.   This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

  - CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize     log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to     R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to     R3.79.00. (CVE-2022-22151)

There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.   This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

  - There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa     Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to     R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to     R3.79.00. (CVE-2022-21177)

Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.   This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

  - Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric     products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00,     from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
    (CVE-2022-21808)

Siemens SIMATIC CP 1543-1 before 2.0.28, when SNMPv3 write access or SNMPv1 is enabled, allows remote authenticated users to cause a denial of service by modifying SNMP variables.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a crafted packet is sent to the controller over network port 1105/TCP. Affected Product: Modicon M218 Logic Controller (V5.1.0.6 and prior) This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

  - A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a     crafted packet is sent to the controller over network port 1105/TCP. Affected Product: Modicon M218 Logic     Controller (V5.1.0.6 and prior) (CVE-2021-22800)

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier, GX Works2 Ver. 1.586L and earlier, GX Works3 Ver. 1.058L and earlier, M_CommDTM-HART Ver. 1.00A, M_CommDTM-IO-Link Ver. 1.02C and earlier, MELFA-Works Ver.
4.3 and earlier, MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool Ver.1.004E and earlier, MELSOFT FieldDeviceConfigurator Ver. 1.03D and earlier, MELSOFT iQ AppPortal Ver. 1.11M and earlier, MELSOFT Navigator Ver.
2.58L and earlier, MI Configurator Ver. 1.003D and earlier, Motion Control Setting Ver. 1.005F and earlier, MR Configurator2 Ver. 1.72A and earlier, MT Works2 Ver. 1.156N and earlier, RT ToolBox2 Ver. 3.72A and earlier, and RT ToolBox3 Ver. 1.50C and earlier) allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors.  

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)  

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function Module(R12CCPU-V Ethernet port (CH1, CH2): First 2 digits of serial number 11 or before, and RD55UP06-V Ethernet port: First 2 digits of serial number 08 or before), and MELIPC Series MI5000(MI5122-VW Ethernet port (CH1): First 2 digits of serial number 03 or before, or the firmware version 03 or before) allow remote attackers to cause a denial of service and/or malware being executed via unspecified vectors.
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxure Control Expert, including all Unity Pro versions (former name of EcoStruxure Control Expert, all versions), PLC Simulator for EcoStruxure Process Expert including all HDCS versions (former name of EcoStruxure Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).  

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

ID	Name	Severity
500648	Rockwell (CVE-2020-25182)	medium
500647	Schneider (CVE-2020-25180)	medium
500646	Rockwell (CVE-2020-25180)	medium
500645	Mitsubishi (CVE-2022-25158)	critical
500644	Mitsubishi (CVE-2022-25155)	high
500643	Mitsubishi (CVE-2022-25156)	high
500642	Mitsubishi (CVE-2022-25159)	high
500641	Siemens (CVE-2022-25622)	high
500640	Rockwell (CVE-2020-25178)	high
500639	Schneider (CVE-2020-25178)	high
500638	Schneider (CVE-2020-25176)	critical
500637	Rockwell (CVE-2020-25176)	critical
500636	Rockwell (CVE-2020-25184)	medium
500635	Schneider (CVE-2020-25184)	medium
500634	Mitsubishi (CVE-2022-25157)	critical
500633	Mitsubishi (CVE-2022-25160)	medium
500632	Siemens (CVE-2021-40368)	high
500631	Rockwell (CVE-2022-1159)	high
500630	Rockwell (CVE-2022-1161)	critical
500629	Siemens (CVE-2022-27480)	high
500628	Yokogawa (CVE-2022-21194)	critical
500627	Rockwell (CVE-2020-14504)	medium
500626	Rockwell (CVE-2020-14502)	medium
500625	Yokogawa (CVE-2022-23402)	critical
500624	Do not scan localhost for Tenable.OT scans.	info
500623	Rockwell (CVE-2020-14480)	medium
500622	Rockwell (CVE-2020-14481)	high
500621	Rockwell (CVE-2020-14478)	high
500620	Schneider (CVE-2022-22724)	high
500619	Mitsubishi (CVE-2020-14523)	critical
500618	Mitsubishi (CVE-2020-14521)	critical
500617	Siemens (CVE-2021-45106)	medium
500616	Siemens (CVE-2021-37205)	high
500615	Siemens (CVE-2021-37185)	high
500614	Siemens (CVE-2021-37204)	high
500613	Yokogawa (CVE-2022-22148)	high
500612	Yokogawa (CVE-2022-22141)	high
500611	Yokogawa (CVE-2022-22145)	high
500610	Yokogawa (CVE-2022-22729)	high
500609	Yokogawa (CVE-2022-23401)	high
500608	Yokogawa (CVE-2022-22151)	high
500607	Yokogawa (CVE-2022-21177)	high
500606	Yokogawa (CVE-2022-21808)	high
500605	Siemens (CVE-2016-8562)	medium
500604	Schneider (CVE-2021-22800)	high
500603	Schneider (CVE-2020-7537)	high
500602	Mitsubishi (CVE-2020-5602)	high
500601	Siemens (CVE-2021-31344)	medium
500600	Mitsubishi (CVE-2020-5531)	critical
500599	Schneider (CVE-2021-22790)	medium

Tenable.ot Family for Tenable.ot

medium

medium

medium

critical

high

high

high

high

high

high

critical

critical

medium

medium

critical

medium

high

high

critical

high

critical

medium

medium

critical

info

medium

high

high

high

critical

critical

medium

high

high

high

high

high

high

high

high

high

high

high

medium

high

high

high

medium

critical

medium