Rockwell Automation Allen-Bradley PowerMonitor 1000 (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Rockwell Automation Equipment: Allen-Bradley PowerMonitor 1000 Vulnerabilities: Cross-site Scripting and Authentication Bypass 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-050-04 Rockwell Automation Allen-Bradley PowerMonitor 1000…
EZAutomation EZ PLC Editor
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: EZAutomation Equipment: EZ PLC Editor Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code under the privileges of…
Project Zero
A very deep dive into iOS Exploit chains found in the wild Project Zero’s mission is to make 0-day hard. We often work with other companies to find and report security vulnerabilities, with the ultimate goal of advocating for structural security improvements in popular systems…
Philips HDI 4000 Ultrasound
1. EXECUTIVE SUMMARY CVSS v3 3.0 ATTENTION: Public exploits are available/exploitable from within the same local subnet Vendor: Philips Equipment: HDI 4000 Ultrasound Systems Vulnerability: Use of Obsolete Function 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to exposure of ultrasound images (breaches of confidentiality) and compromised…
Change Healthcare McKesson and Horizon Cardiology
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Change Healthcare Equipment: Change Healthcare Cardiology, Horizon Cardiology, McKesson Cardiology Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a locally authenticated user to insert specially crafted files that could result…
Datalogic AV7000 Linear Barcode Scanner
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Datalogic Equipment: AV7000 Linear Barcode Scanner Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to bypass authentication through issues in the…
Delta Controls enteliBUS Controllers
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Delta Controls Equipment: enteliBUS Controllers Vulnerability: Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker on the same network to gain complete control of the device’s operating system and allow…
Sierra Wireless AirLink ALEOS (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Sierra Wireless Equipment: AirLink ALEOS Vulnerabilities: OS Command Injection, Use of Hard-coded Credentials, Unrestricted Upload of File with Dangerous Type, Cross-site Scripting, Cross-site Request Forgery, Information Exposure, Missing Encryption of Sensitive Data…
Zebra Industrial Printers
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low skill level to exploit Vendor: Zebra Equipment: Industrial Printers Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to send specially crafted packets to a port on the printer, resulting in the retrieval…
Siemens SCALANCE Products
1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE Products Vulnerabilities: Improper Adherence to Coding Standards 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to a denial of service or could allow an authenticated local user with physical access to…
Stay connected