Stay connected

Trending News

News, Vulnerabilities

LCDS LAquis SCADA LQS File Parsing 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: LCDS—Leão Consultoria e Desenvolvimento de Sistemas LTDA ME Equipment: LAquis SCADA Vulnerabilities: Out-of-bounds Read, Type Confusion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain confidential information or execute remote code….

Market, Vulnerabilities

Prima Systems FlexAir 

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Prima Systems Equipment: FlexAir Vulnerabilities: OS Command Injection, Unrestricted Upload of File with Dangerous Type, Cross-site Request Forgery, Small Space of Random Values, Cross-site Scripting, Exposure of Backup file to Unauthorized Control Sphere, Improper…

News, Vulnerabilities

Wind River VxWorks 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Wind River Equipment: VxWorks Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Race Condition, Argument Condition or Modification, Null Pointer Dereference, Argument Injection…

News, Vulnerabilities

GE Aestiva and Aespire Anesthesia (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: Aestiva and Aespire Anesthesia Vulnerability: Improper Authentication 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSMA-19-190-01 GE Aestiva and Aespire Anesthesia published July 9, 2019, on the…

News, Vulnerabilities

NREL EnergyPlus 

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Low skill level to exploit Vendor: National Renewable Energy Laboratory (NREL) Equipment: EnergyPlus Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1…

News, Vulnerabilities

Mitsubishi Electric FR Configurator2 

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low skill level to exploit Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric FR Configurator2 Vulnerabilities: Improper Restriction of XML External Entity Reference, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of these vulnerabilities may enable arbitrary files to be…

Vulnerabilities

Johnson Controls exacqVision Server 

1. EXECUTIVE SUMMARY CVSS v3 6.7 Vendor: Exacq Technologies, Inc., a subsidiary of Johnson Controls Equipment: exacqVision Server Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated user to elevate their privileges. 3. TECHNICAL DETAILS 3.1…

News, Vulnerabilities

Siemens SIMATIC RF6XXR 

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely/public exploits are available Vendor: Siemens Equipment: SIMATIC RF6XXR Vulnerabilities: Improper Input Validation, Cryptographic Issues 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow access to sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports…

News, Vulnerabilities

Siemens TIA Administrator (TIA Portal) 

1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: TIA Administrator (TIA Portal) Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an execution of some commands without proper authentication. 3. TECHNICAL DETAILS 3.1…

News, Vulnerabilities

Siemens SIMATIC WinCC and PCS7 

1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC WinCC and SIMATIC PCS7 Vulnerability: Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition on the affected service or device. 3….