Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities
Summary Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands and elevate privileges on an affected device. Note: To exploit these vulnerabilities, an attacker must have valid ISE administrative credentials. These vulnerabilities can be exploited using any…
Siemens SIPROTEC 5 Devices
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to retrieve sensitive information of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF DEFAULT CREDENTIALS…
Siemens SIMATIC S7-1200 CPU Family
1. EXECUTIVE SUMMARY 2. RISK EVALUATION The affected devices do not correctly process certain special crafted packets sent to Port 80/tcp and Port 102/tcp, which could allow an attacker to cause a denial of service in the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens…
Rockwell Automation 1756-L8zS3 and 1756-L3zS3
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable fault causing a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rockwell Automation products are affected: 3.2…
Western Telematic Inc NPS Series, DSM Series, CPM Series
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to gain privileged access to files on the device’s filesystem. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Western Telematic Inc products are affected: 3.2 VULNERABILITY OVERVIEW 3.2.1 External Control…
Schneider Electric Easergy Studio
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability may risk unauthorized access to the installation directory for Easergy Studio, which could allow an attacker with access to the file system to elevate privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports…
Hitachi Energy RTU500 Series Product
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to to update the RTU500 with unsigned firmware. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following RTU500 series products are affected: 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPERLY IMPLEMENTED…
mySCADA myPRO Manager
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary commands or disclose sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following mySCADA products are affected: 3.2 VULNERABILITY OVERVIEW 3.2.1 Improper Neutralization of Special Elements used…
ZF Roll Stability Support Plus (RSSPlus)
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely (proximal/adjacent with RF equipment) call diagnostic functions which could impact both the availability and integrity. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of RSSPlus are…
Siemens SIMATIC S7-1200 CPUs
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to change the CPU mode by tricking a legitimate and authenticated user with sufficient permissions on the target CPU to click on a malicious link. 3. TECHNICAL DETAILS 3.1…
Stay connected