Stay connected

Trending News

Home

Siemens SICAM A8000 RTUs
ICS, News, Vulnerabilities

Siemens SICAM A8000 RTUs 

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SICAM A8000 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could compromise the confidentiality, integrity, and availability of the web application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of SICAM A8000 RTUs…

SMB Enumeration & Exploitation & Hardening
News, White Papers

SMB Enumeration & Exploitation & Hardening 

IntroductionWhat is SMB?SMB (Server Message Block) is a network protocol for accessing files, printers and other deviceson the network. Server Message Block provides file sharing, network browsing, printing services,and interprocess communication over a network. Most usage of SMB involves computersrunning Microsoft Windows, where it was…

Siemens Opcenter Execution Core
ICS, News, Vulnerabilities

Siemens Opcenter Execution Core (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Opcenter Execution Core Vulnerabilities: Cross-site Scripting, SQL Injection, Improper Access Control 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-196-07 Siemens Opcenter Execution Core that was published…

Siemens UMC Stack
ICS, News, Vulnerabilities

Siemens UMC Stack 

1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: UMC Stack Vulnerabilities: Unquoted Search Path or Element, Uncontrolled Resource Consumption, Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-196-05 Siemens UMC Stack that…

Siemens SCALANCE & SIMATIC
Uncategorized

Siemens SCALANCE & SIMATIC (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE, SIMATIC Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-105-07 Siemens SCALANCE & SIMATIC that was published April 14, 2020 on the ICS…

Cleanly Escaping the Chrome Sandbox
Exploit

Cleanly Escaping the Chrome Sandbox 

This post will explain how we discovered and exploited Issue 1062091, a use-after-free (UAF) in the browser process leading to a sandbox escape in Google Chrome as well as Chromium-based Edge. Background Our goal is to make this post accessible to those unfamiliar with Chrome exploitation,…