Stay connected

Trending News

Critical vulnerabiliities, ICS, Industrial IoT (IIoT), Market, News, Recommendations

Siemens SIMATIC Industrial Products 

1. EXECUTIVE SUMMARY CVSS v3 7.9 ATTENTION: Low attack complexity  Vendor: Siemens  Equipment: SIMATIC industrial products  Vulnerability: Time-of-check Time-of-use (TOCTOU) Race Condition  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a privileged user to potentially enable escalation of privilege via local access.  3. TECHNICAL DETAILS 3.1 AFFECTED…

Critical vulnerabiliities, Cyber Security, ICS, News

Siemens SCALANCE X200 IRT 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Siemens  Equipment: SCALANCE X200 IRT Products  Vulnerability: Improper Input Validation  2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to cause a denial-of-service condition.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products…

ICS, Industrial IoT (IIoT), IoT Security, News

Johnson Controls System Configuration Tool (SCT) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely  Vendor: Johnson Controls  Equipment:  System Configuration Tool  Vulnerabilities: Sensitive Cookie Without ‘HttpOnly’ Flag, Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access cookies and take over the…

ICS, Market, News

Delta Electronics CNCSoft ScreenEditor 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity  Vendor: Delta Electronics  Equipment: CNCSoft   Vulnerability: Stack-based Buffer Overflow  2. RISK EVALUATION Successful exploitation of this vulnerability could cause a buffer overflow condition, which could allow remote code execution.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions…

ICS, News, Recommendations

CISA Releases Eight Industrial Control Systems Advisories 

CISA released eight Industrial Control Systems (ICS) advisories on January 26, 2023.These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-026-01 Delta Electronics CNCSoft…

ICS, Market, News, Recommendations

Hitachi Energy MicroSCADA Pro/X SYS600 Products 

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity   Vendor: Hitachi Energy  Equipment: MicroSCADA X SYS600, MicroSCADA Pro  Vulnerability: Improper Input Validation  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to execute administrator level scripts.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The…

Critical vulnerabiliities, Cyber Security, Industrial IoT (IIoT), Market, News, Reports, Security Patches...

Fortinet Releases Security Updates for FortiOS 

Fortinet has released security updates to address a heap-based buffer overflow vulnerability (CVE-2022-42475) in FortiOS. An attacker could exploit this vulnerability to take control of an affected system. FortiOS – heap-based buffer overflow in sslvpnd Summary A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may…