Cisco Application Policy Infrastructure Controller Vulnerabilities
Summary Multiple vulnerabilities in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated attacker to access sensitive information, execute arbitrary commands, cause a denial of service (DoS) condition, or perform cross-site scripting (XSS) attacks. To exploit these vulnerabilities, the attacker must have valid administrative…
Schneider Electric Communication Modules for Modicon M580 and Quantum Controllers
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a stack overflow attack, which could result in loss of confidentiality, integrity, and denial of service of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following communication…
Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities
Summary Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands and elevate privileges on an affected device. Note: To exploit these vulnerabilities, an attacker must have valid ISE administrative credentials. These vulnerabilities can be exploited using any…
Siemens SIPROTEC 5 Devices
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to retrieve sensitive information of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF DEFAULT CREDENTIALS…
Siemens SIMATIC S7-1200 CPU Family
1. EXECUTIVE SUMMARY 2. RISK EVALUATION The affected devices do not correctly process certain special crafted packets sent to Port 80/tcp and Port 102/tcp, which could allow an attacker to cause a denial of service in the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens…
Rockwell Automation 1756-L8zS3 and 1756-L3zS3
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable fault causing a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rockwell Automation products are affected: 3.2…
Western Telematic Inc NPS Series, DSM Series, CPM Series
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to gain privileged access to files on the device’s filesystem. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Western Telematic Inc products are affected: 3.2 VULNERABILITY OVERVIEW 3.2.1 External Control…
Schneider Electric Easergy Studio
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability may risk unauthorized access to the installation directory for Easergy Studio, which could allow an attacker with access to the file system to elevate privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports…
Hitachi Energy RTU500 Series Product
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to to update the RTU500 with unsigned firmware. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following RTU500 series products are affected: 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPERLY IMPLEMENTED…
mySCADA myPRO Manager
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary commands or disclose sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following mySCADA products are affected: 3.2 VULNERABILITY OVERVIEW 3.2.1 Improper Neutralization of Special Elements used…
Stay connected