Stay connected

Trending News

03 Dec 2021

Home

Delta Electronics DOPSoft
ICS, News, Vulnerabilities

Delta Electronics DOPSoft (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DOPSoft Vulnerabilities: Out-of-bounds Read 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-182-03 Delta Electronics DOPSoft that was published July 1, 2021, on the ICS webpage on us-cert.cisa.gov. 3….

Mitsubishi Electric GOT
ICS, News, Vulnerabilities

Mitsubishi Electric GOT (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: GOT Vulnerability: Improper Authentication 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-112-02 Mitsubishi Electric GOT that was published April 22, 2021, on the ICS webpage on us-cert.cisa.gov. 3. RISK EVALUATION…

Mitsubishi Electric Factory Automation Engineering Products
ICS, News, Vulnerabilities

Mitsubishi Electric Factory Automation Engineering Products (Update D) 

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric, Factory Automation Engineering products Vulnerability: Unquoted Search Path or Element 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update C) that…

Mitsubishi Electric MELSEC-F Series
ICS, News, Vulnerabilities

Mitsubishi Electric MELSEC-F Series 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC-F Series Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability may cause a denial-of-service condition in communication with the product. System reset may be required for recovery. 3. TECHNICAL DETAILS…

Ypsomed mylife
ICS, News, Vulnerabilities

Ypsomed mylife 

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Ypsomed Equipment: mylife Cloud, mylife Mobile Application Vulnerabilities: Insufficiently Protected Credentials, Not Using an Unpredictable IV with CBC Mode, Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain…

Schneider Electric C-Bus Toolkit
ICS, News, Vulnerabilities

Schneider Electric C-Bus Toolkit 

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: C-Bus Toolkit Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to enable remote access to the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The…

Siemens RWG Universal Controllers
ICS, News, Vulnerabilities

Siemens RWG Universal Controllers 

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: RWG Universal Controllers Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1…

Siemens Linux-based Products
ICS, News, Vulnerabilities

Siemens Linux-based Products (Update D) 

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Linux based products Vulnerability: Use of Insufficiently Random Values 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-21-131-03 Siemens Linux-based Products (Update B) that was published July 13, 2021, to the…

Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module
ICS, News, Vulnerabilities

Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module (Update D) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet module Vulnerabilities: Missing Authentication for Critical Function, Inadequate Encryption Strength 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory…