Stay connected

Trending News

News, Vulnerabilities

ICS Advisory (ICSA-19-190-02) 

Rockwell Automation PanelView 5510 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: PanelView 5510 Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated user to gain root privileges on the device. 3. TECHNICAL DETAILS 3.1 AFFECTED…

News, Vulnerabilities

ICS Advisory (ICSA-19-190-01) 

Emerson DeltaV Distributed Control System 1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Low skill level to exploit Vendor: Emerson Equipment: DeltaV Distributed Control System (DCS) Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain administrative access to DeltaV Smart…

News, Vulnerabilities

ICS Medical Advisory (ICSMA-19-190-01) 

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: Aestiva and Aespire Anesthesia Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker the ability to remotely modify GE Healthcare anesthesia device parameters. This results from the…

News, Vulnerabilities

Siemens Industrial Products with OPC UA (Update C) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC, SINEC-NMS, SINEMA, SINEMURIK Industrial Control Products with OPC UA Vulnerability: Uncaught Exception 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-19-099-03 Siemens Industrial Products with OPC…

News, Vulnerabilities

Siemens CP1604 and CP1616 (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: CP1604 and CP1616 Vulnerabilities: Cleartext Transmission of Sensitive Information, Cross-site Scripting, Cross-site Request Forgery 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-19-043-06…

News, Vulnerabilities

Breaking & Entering with Zipato SmartHubs 

Researcher Contact Information Name Contact Role Charles Dardaman @CharlesDardaman Reverse Engineered API INIT_6 @INIT_3 Discovered Root SSH Key Executive Summary During the 0DAYALLDAY Research Event three vulnerabilities were discovered in the ZipaMicro Z-Wave Controller Model #:  ZM.ZWUS and the Zipabox Z-Wave Controller Model #: 2AAU7-ZBZWUS.  Two vulnerabilities…

News, Vulnerabilities

Quest KACE Systems Management Appliance 

1. EXECUTIVE SUMMARY CVSS v3 2.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Quest Equipment: KACE Systems Management Appliance (SMA) Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an administrative user unintentional access to the underlying operating system…

News, Vulnerabilities

Schneider Electric Modicon Controllers 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Modicon Controllers Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following…

News, Vulnerabilities

ABB CP651 HMI 

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable from adjacent network/low skill level to exploit Vendor: ABB Equipment: CP651 HMI Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to prevent legitimate access to an affected system…