Stay connected

Trending News

Home

Emerson WirelessHART Gateway
ICS, News, Vulnerabilities

Emerson WirelessHART Gateway 

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Emerson Equipment: Emerson WirelessHART Gateways (1410, 1420 and 1552WU) Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could disable the internal gateway firewall. Once the gateway’s firewall is disabled, a malicious…

3S-Smart Software Solutions GmbH CODESYS V3 Library Manager
ICS, News, Vulnerabilities

3S-Smart Software Solutions GmbH CODESYS V3 Library Manager (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Low skill level to exploit Vendor: 3S-Smart Software Solutions GmbH Equipment: CODESYS V3 Library Manager Vulnerability: Cross-site Scripting 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-255-02 3S-Smart Software Solutions GmbH CODESYS V3 Library Manager that…

Siemens SINAMICS
ICS, News, Vulnerabilities

Siemens SINAMICS (Update C) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINAMICS Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update ICSA-19-227-04 Siemens SINAMICS (Update B) that was published December 10, 2019, to the ICS webpage…

Advantech WebAccess Node
ICS, News, Vulnerabilities

Advantech WebAccess Node 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess Node Vulnerabilities: Improper Validation of Array Index, Relative Path Traversal, SQL Injection, Stack-based Buffer Overflow, Heap-based Buffer Overflow, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow information disclosure,…

Fazecast jSerialComm
ICS, News, Vulnerabilities

Fazecast jSerialComm 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Fazecast Equipment: jSerialComm Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on a targeted system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The…

SAE IT-systems FW-50 Remote Telemetry Unit (RTU)
ICS, News, Vulnerabilities

SAE IT-systems FW-50 Remote Telemetry Unit (RTU) 

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: SAE IT-systems Equipment: FW-50 Remote Telemetry Unit (RTU) Vulnerabilities: Cross-site Scripting, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow an attacker to execute remote code, disclose sensitive information, or cause a…

LCDS LAquis SCADA
ICS, News, Vulnerabilities

LCDS LAquis SCADA 

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Low skill level to exploit Vendor: LCDS—Leão Consultoria e Desenvolvimento de Sistemas LTDA ME Equipment: LAquis SCADA Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could…

Sierra Wireless AirLink ALEOS
ICS, News, Vulnerabilities

Sierra Wireless AirLink ALEOS (Update B) 

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Sierra Wireless Equipment: AirLink ALEOS Vulnerabilities: OS Command Injection, Use of Hard-coded Credentials, Unrestricted Upload of File with Dangerous Type, Cross-site Scripting, Cross-site Request Forgery, Information Exposure, Missing Encryption of Sensitive Data…

Inductive Automation Ignition
ICS, News, Vulnerabilities

Inductive Automation Ignition 

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Inductive Automation Equipment: Ignition 8 Gateway Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to write endless log statements into the database, which could result in a…