Stay connected

Trending News

News, Vulnerabilities

Siemens ROX II 

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: ROX II Vulnerabilities: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow valid users to escalate their privileges and execute arbitrary commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens…

News, Vulnerabilities

Siemens SIMATIC S7-1200 CPU Family Version 4 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC S7-1200 CPU Family Version 4 Vulnerability: Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a CSRF attack if an unsuspecting user is tricked into accessing a malicious link. 3. TECHNICAL…

News, Vulnerabilities

Siemens SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP Open Controller 

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP Open Controller Vulnerability: Denial of Service from improper input validation 2. RISK EVALUATION An attacker with network access to the PLC may be…

News, Vulnerabilities

Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server 

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit/information related to these vulnerabilities is publicly available Vendor: Hangzhou Xiongmai Technology Co., Ltd Equipment: XMeye P2P Cloud Server Vulnerabilities: Predictable From Observable State, Hidden Functionality, Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of…

News, Vulnerabilities

Fuji Electric Energy Savings Estimator 

1. EXECUTIVE SUMMARY CVSS v3 7.3 Vendor: Fuji Electric Equipment: Fuji Electric Energy Savings Estimator Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to load a malicious DLL and execute code on the affected system with the same privileges…

News, Vulnerabilities

Siemens SIMATIC STEP 7 and SIMATIC WinCC (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable locally/low skill level to exploit Vendor: Siemens Equipment: SIMATIC STEP 7 (TIA Portal) and SIMATIC WinCC (TIA Portal) Vulnerabilities: Incorrect Default Permissions 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-226-01 Siemens SIMATIC STEP 7…