Stay connected

Trending News

News, Vulnerabilities

Interpeak IPnet TCP/IP Stack (Update B) 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendors: ENEA, Green Hills Software, ITRON, IP Infusion, Wind River Equipment: OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, ZebOS by IP Infusion, and VxWorks by Wind River Vulnerabilities: Stack-based Buffer…

News, Vulnerabilities

Siemens Industrial Products (Update C) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Integer Overflow or Wraparound, Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-19-253-03 Siemens Industrial Products (Update B) that was published…

Exploit, News, Vulnerabilities

Vulnerability – Siemens SINAMICS 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINAMICS Image alt attributes: Images on this page do not have alt attributes that reflect the topic of your text. Add your keyphrase or synonyms to the alt tags of relevant images! Keyphrase…

News, Vulnerabilities

Siemens SIMATIC CP 343-1CP 443-1 Modules and SIMATIC S7-300S7-400 CPUs (Update B) 

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely; low skill level is needed to exploit. Vendor: Siemens Equipment: SIMATIC Vulnerabilities: Insufficient Verification of Data Authenticity, Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-16-327-02…

News, Vulnerabilities

Dridex Malware 

Summary This Alert is the result of recent collaboration between the Department of the Treasury Financial Sector Cyber Information Group (CIG) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) to identify and share information with the financial services sector. Treasury and the…

News, Vulnerabilities

Weidmueller Industrial Ethernet Switches 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Weidmueller Equipment: Industrial Ethernet Switches Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Uncontrolled Resource Consumption, Missing Encryption of Sensitive Data, Unprotected Storage of Credentials, and Predictable from Observable State 2. RISK EVALUATION Successful exploitation of…

News, Vulnerabilities

Moxa AWK-3121 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits available Vendor: Moxa Equipment: AWK-3121 Vulnerabilities: Cleartext Transmission of Sensitive Information, Improper Access Control, Sensitive Cookie without ‘HTTPONLY’ Flag, Improper Restriction of Operations within the Bounds of a Memory Buffer, CSRF, Command Injection, Cross-site Scripting…

(I)IoT Security News
News, Vulnerabilities

Reliable Controls LicenseManager 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Reliable Controls Equipment: LicenseManager Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to crash the system, view sensitive data, or execute arbitrary commands. 3. TECHNICAL DETAILS…