PhoenixContact Programmable Logic Controllers are built upon a variant of ProConOS. Communicating using a proprietary protocol over ports TCP/1962 and TCP/41100 or TCP/20547. It allows a remote user to read out the PLC Type, Firmware and Build number on port TCP/1962. And also to read out the CPU State (Running or Stopped) AND start or stop the CPU on port TCP/41100 (confirmed ILC 15x and 17x series) or on port TCP/20547 (confirmed ILC 39x series).
121da6ea0c1ed5792460a8fc75979c956e19cb91d2f862453bd1833c0c4711f2
Microsoft Windows IPv6 vulnerability checking proof of concept python script that causes a denial of service. Windows 10 and 11 versions under 10.0.26100.1457 and Server 2016-2019-2022 versions under 10.0.17763.6189 are affected.
04c38d06a082513de8abf2875e18f1ebec41c245eac05cf7f60cc0cff919185a
ForgeRock Access Manager/OpenAM version 14.6.3 unauthenticated remote code execution exploit.
7ded60e2fee61f85ac83d872fdce902efaac80f0e0a44bbbf62f99b5b122d9e6
VMware vCenter Server version 7.0 unauthenticated arbitrary file upload exploit.
799c1c46954c9683e557c8e1a417d133206fb6622b8109abd3fd919820dc39a2
Oracle WebLogic Server version 14.1.1.0 authenticated remote code execution exploit.
5de2e01ef80f612e9e69dbbead3b803428556dfb968be312ac48a6f5baf5b1e3
VMware vCenter Server version 6.7 authentication bypass exploit.
61416120dc1c2ebd56567136a1cab0725f5a29c9d0e7f8c6365f8c2fda18ab2d
Pi-hole version 4.4.0 suffers from a remote code execution vulnerability.
c7a92f42c54992e326709bf0e3e1ed94ba5f65503d1d8babc2253d1fecbc3a84
vBulletin version 5.6.1 suffers from a remote SQL injection vulnerability.
e9bdd1a9c7ac4c698df1254cb099a495abfb2879f7affcf386aead86ed8ab655
Microsoft Exchange 2019 version 15.2.221.12 suffers from an authenticated remote code execution vulnerability.
2209d610405eecbd97899d9712efd45c455cffc7e713903504d884634ddf470f
eWON Flexy with firmware version 13.0 suffers from an authentication bypass vulnerability.
76bf027bea193d108094970bd462dd2ebb200858467fc02d58f0a91a682501e5
This proof of concept exploit allows any attack to reboot any CX9020 PLC and add random (Web) users to be configured.
e9c12da930af4ff1905dfad1e33339cdaf3ba7a5fbb4f3b0eb58ec445d1ad02b
This proof of concept exploit will print out the current status of the PLC, continuously every 0.1 second, after 3 seconds it reverts (start becomes stop, stop becomes cold start), and stops after 5 seconds.
d7a36880de68cd531f525c06ef1c9527b8f6b3bd56c288af391f675d397be3aa