Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software (Update C)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the…
Siemens Industrial Products (Update H)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Siemens Equipment: Industrial Products Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-339-01 Siemens Industrial Products (Update G) published September 11,…
Siemens SIMATIC, SINUMERIK, and PROFINET IO (Update A)
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable from an adjacent network Vendor: Siemens Equipment: SIMATIC, SINUMERIK, and PROFINET IO Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-079-02 Siemens SIMATIC, SINUMERIK, and PROFINET IO that was published March…
New Exploit for MikroTik Router WinBox Vulnerability Gives Full Root Access
A known vulnerability in MikroTik routers is potentially far more dangerous than previously thought. A cybersecurity researcher from Tenable Research has released a new proof-of-concept (PoC) RCE attack for an old directory traversal vulnerability that was found and patched within a day of its discovery…
Carestream Vue RIS
1. EXECUTIVE SUMMARY CVSS v3 3.7 ATTENTION: Exploitable remotely Vendor: Carestream Equipment: Carestream Vue RIS Vulnerability: Information Exposure Through an Error Message 2. RISK EVALUATION An attacker with access to the network of the affected system can passively read traffic. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions…
Change Healthcare PeerVue Web Server
1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable on an adjacent network/low skill level to exploit Vendor: Change Healthcare Equipment: PeerVue Web Server Vulnerability: Information Exposure Through an Error Message 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain technical information about the PeerVue…
CVE-2018-4251 – Apple did not disable Intel Manufacturing Mode in its laptops
Positive Technologies while analyzing Intel Management Engine (ME) discovered that Apple did not disable Intel Manufacturing Mode in its laptops Experts from security firm Positive Technologies while analyzing Intel Management Engine (ME) discovered that Apple forgot did not lock it in laptops. The Intel Management Engine consists of a…
Chinese Spying Chips Found Hidden On Servers Used By US Companies
A media report today revealed details of a significant supply chain attack which appears to be one of the largest corporate espionage and hardware hacking programs from a nation-state. According to a lengthy report published today by Bloomberg, a tiny surveillance chip, not much bigger than a…
WECON PI Studio
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: WECON Technology Co., Ltd. (WECON) Equipment: PI Studio Vulnerabilities: Stack-based Buffer Overflow, Out-of-Bounds Write, Information Exposure Through XML External Entity Reference, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow remote code…
Delta Electronics ISPSoft
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/Low skill level to exploit Vendor: Delta Electronics Equipment: ISPSoft Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code under the context of the application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS…
Stay connected