Industrial Control System

A vulnerability in ABB's IEC 61850 communication stack allows a remote attacker with access to the IEC 61850 network to cause a denial-of-service condition by sending a specially crafted packet, leading to device faults or communication driver crashes.

A path traversal vulnerability in ABB PCM600 versions 1.5 to 2.13 (CVE-2018-1002208) allows a local attacker with low privileges to execute arbitrary code by sending a specially crafted message to the system node.

Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic.

CVE-2026-33892 allows an unauthenticated remote attacker to bypass authentication and impersonate a legitimate user in affected Industrial Edge Management Pro and Virtual versions by exploiting improper enforcement of user authentication on remote connections to devices, potentially enabling unauthorized access and control.

A low-privileged remote attacker can exploit CVE-2026-4436 by sending Modbus packets to manipulate register values controlling odorant injection in gas lines, potentially leading to hazardous conditions.

CVE-2025-13926 describes a vulnerability in Contemporary Controls BASC 20T that allows an attacker to sniff network traffic and forge packets to make arbitrary requests, potentially leading to unauthorized actions.

Team82 disclosed vulnerabilities in Schneider Electric Modicon Controllers M241, M251, and M262 PLC lines, which can allow an attacker to cause a denial-of-service condition and affect controller availability.