OSIsoft PI SQL Client
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: OSIsoft LLC Equipment: OSIsoft PI SQL Client Vulnerability: Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote code execution or cause a denial of service, resulting in disclosure, deletion, or modification of information….
Siemens SIMATIC WinCC and PCS7 (Update B)
1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC WinCC and SIMATIC PCS7 Vulnerability: Unrestricted Upload of File with Dangerous Type 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-192-02 Siemens SIMATIC WinCC and PCS7…
Siemens SIMATIC PCS7, WinCC, TIA Portal (Update C)
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC PCS7, WinCC Runtime Professional, WinCC (TIA Portal) Vulnerabilities: SQL Injection, Uncaught Exception, Exposed Dangerous Method 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-134-08 Siemens SIMATIC…
BD Pyxis
1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Becton, Dickinson and Company (BD) Equipment: Pyxis Vulnerability: Session Fixation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow the Active Directory (AD) credentials of a previously authenticated user to gain access to the…
EZAutomation EZ Touch Editor
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: EZAutomation Equipment: EZ Touch Editor Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code under the privileges of the application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS…
NetCAT attack allows hackers to steal sensitive data from Intel CPUs
Experts discovered a flaw dubbed NetCAT (Network Cache ATtack) that affects all Intel server-grade processors and allows to sniff sensitive data over the network. Researchers from VUSec group at Vrije Universiteit Amsterdam have discovered a new vulnerability that can be exploited by a remote attacker to sniff sensitive details by…
Red Lion Controls Crimson
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Red Lion Controls Equipment: Crimson (Windows configuration software) Vulnerabilities: Use After Free, Improper Restriction of Operations within the Bounds of a Memory Buffer, Pointer Issues, Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of…
Rockwell Automation Arena Simulation Software (Update A)
. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Low skill level to exploit Vendor: Rockwell Automation Equipment: Arena Simulation Software ——— Begin Update A Part 1 of 3 ——— Vulnerabilities: Use After Free, Information Exposure, Type Confusion, Insufficient UI Warning of Dangerous Operations ——— End Update…
Rockwell Automation Allen-Bradley PowerMonitor 1000 (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Rockwell Automation Equipment: Allen-Bradley PowerMonitor 1000 Vulnerabilities: Cross-site Scripting and Authentication Bypass 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-050-04 Rockwell Automation Allen-Bradley PowerMonitor 1000…
EZAutomation EZ PLC Editor
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: EZAutomation Equipment: EZ PLC Editor Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code under the privileges of…
Stay connected