Stay connected

Trending News

Author: Maja Djordjevic

Systech NDS-5000 Terminal Server
ICS, News, Vulnerabilities

Systech NDS-5000 Terminal Server 

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Systech Corporation Equipment: NDS-5000 Terminal Server Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow information disclosure, limit system availability, and may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED…

ABB eSOMS
ICS, News, Vulnerabilities

ABB eSOMS 

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: eSOMS Vulnerabilities: Use of Web Browser Cache Containing Sensitive Information, Improper Restriction of Rendered UI Layers or Frames, Improper Neutralization of HTTP Headers for Scripting Syntax, Sensitive Cookie Without ‘HttpOnly’ Flag, Protection Mechanism…

Delta Electronics Industrial Automation CNCSoft ScreenEditor
ICS, News, Uncategorized, Vulnerabilities

Delta Electronics Industrial Automation CNCSoft ScreenEditor 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Delta Electronics Equipment: Delta Industrial Automation CNCSoft ScreenEditor Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause buffer overflow conditions that may allow information disclosure, remote code execution, or…

ABB Asset Suite
ICS, News, Vulnerabilities

ABB Asset Suite 

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: Asset Suite Vulnerability: Authorization Bypass Through User-Controlled Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker access to unauthorized information in the application by direct resource access. 3. TECHNICAL…

Siemens SiNVR 3
ICS, News, Vulnerabilities

Siemens SiNVR 3 

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SiNVR 3 Vulnerabilities: Path Traversal, Cleartext Storage in a File or on Disk, SQL Injection, Cross-site Scripting, Insufficient Logging Improper Input Validation, Weak Cryptography for Passwords 2. RISK EVALUATION Successful exploitation of these…

SIMATIC S7-300 CPUs and SINUMERIK Controller over Profinet
ICS, News, Vulnerabilities

SIMATIC S7-300 CPUs and SINUMERIK Controller over Profinet 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7-300 CPUs and SINUMERIK Controller over Profinet Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the affected device to go into defect mode resulting in a…

Siemens Spectrum Power 5
ICS, News, Vulnerabilities

Siemens Spectrum Power 5 

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Spectrum Power 5 Vulnerability: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) 2. RISK EVALUATION Successful exploitation of this vulnerability could affect the confidentiality or integrity of the data…

Johnson Controls Kantech EntraPass
ICS, News, Vulnerabilities

Johnson Controls Kantech EntraPass 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Kantech, a subsidiary of Johnson Controls Equipment: EntraPass Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow malicious code execution with system-level privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The…

Johnson Controls Metasys
ICS, News, Vulnerabilities

Johnson Controls Metasys 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Johnson Controls Equipment: Metasys Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability can allow a denial-of-service attack or disclosure of sensitive data. 3. TECHNICAL DETAILS 3.1 AFFECTED…