Stay connected

Trending News

Home

Siemens RUGGEDCOM, SCALANCE, SIMATIC, SINEMA
ICS, News, Vulnerabilities

Siemens RUGGEDCOM, SCALANCE, SIMATIC, SINEMA (Update B) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: RUGGEDCOM, SCALANCE, SIMATIC, SINEMA Vulnerabilities: Uncontrolled Resource Consumption, Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-105-05 Siemens IE/PB-Link, RUGGEDCOM, SCALANCE, SIMATIC, SINEMA…

Siemens SCALANCE & SIMATIC
ICS, News, Vulnerabilities

Siemens SCALANCE & SIMATIC (Update B) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE, SIMATIC Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-105-07 Siemens SCALANCE & SIMATIC (Update A) that was published August 11, 2020, to…

Siemens PROFINET Devices
ICS, News, Vulnerabilities

Siemens PROFINET Devices (Update H) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: PROFINET Devices Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-283-02 Siemens PROFINET Devices (Update G) that was published August 11, 2020, to…

Advantech iView
ICS, News, Vulnerabilities

Advantech iView 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: iView Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read/modify information, execute arbitrary code, limit system availability, and/or crash the application. 3. TECHNICAL DETAILS 3.1…

Emerson OpenEnterprise
ICS, News, Vulnerabilities

Emerson OpenEnterprise 

1. EXECUTIVE SUMMARY CVSS v3 3,8 ATTENTION: Low skill level to exploit Vendor: Emerson Equipment: OpenEnterprise SCADA Software Vulnerability: Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker access to credentials held by OpenEnterprise used for accessing field devices and external systems. 3….

Philips SureSigns VS4
ICS, News, Vulnerabilities

Philips SureSigns VS4 

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely Vendor: Philips Equipment: SureSigns VS4 Vulnerabilities: Improper Input Validation, Improper Access Control, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker access to administrative controls and system configurations, which could allow…

Treck TCP/IP Stack
ICS, News, Vulnerabilities

Treck TCP/IP Stack (Update G) 

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely Vendor: Treck Inc. Equipment: TCP/IP Vulnerabilities: Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound, Improper Null Termination, Improper Access Control CISA is aware of a public report, known as “Ripple20” that…

Abusing COM & DCOM objects
News, White Papers

Abusing COM & DCOM objects 

IntroductionNowadays organization’s security members became familiar with most of popular lateral movements techniques, which makes red teaming more difficult, therefor applying the latest techniques of initial access and lateral movements is a crucial for a successful attack, in this paper we will cover some aspects…