Siemens SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM (Update G)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM Vulnerability: Out-of-bounds Read 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-19-099-06 Siemens SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM (Update F)…
Siemens S7-300/400 PLC Vulnerabilities (Update E)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7-300 and SIMATIC S7-400 Vulnerabilities: Information Exposure, Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-16-348-05 SIEMENS S7-300/400 PLC Vulnerabilities (Update D) that…
BLUE TEAM VS RED TEAM: HOW TO RUN YOUR ENCRYPTED ELF BINARY IN MEMORY AND GO UNDETECTED
Imagine finding yourself in a “hostile” environment, one where you can’t run exploits, tools and applications without worrying about prying eyes spying on you, be they a legitimate system administrator, a colleague sharing an access with you or a software solution that scans the machine…
Emerson ValveLink
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Emerson Equipment: ValveLink Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ValveLink digital valve controller software are…
PHOENIX CONTACT Emalytics Controller ILC
1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Phoenix Contact Equipment: Emalytics Controller ILC 2050 BI(L) Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to change the device configuration and start or…
Omron PLC CJ Series
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Omron Equipment: PLC CJ Series Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions…
Moxa AWK-3131A Series Industrial AP/Bridge/Client
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low skill level is needed to exploit/public exploits are available Vendor: Moxa Equipment: Moxa AWK-3131A Vulnerabilities: Improper Access Control, Use of Hard-coded Cryptographic Key, OS Command Injection, Use of Hard-coded Credentials, Classic Buffer Overflow, Out-of-bounds Read, Stack-based Buffer Overflow, Improper Access…
Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility Vulnerabilities: Cleartext Storage of Sensitive Information, Cleartext Transmission of Sensitive Information, Incorrectly Specified Destination in a Communication Channel 2. RISK EVALUATION Successful exploitation…
Moxa PT-7528 and PT-7828 Series Ethernet Switches
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: PT-7528 Series and PT-7828 Series Vulnerabilities: Stack-based Buffer Overflow, Use of a Broken or Risky Cryptographic Algorithm, Use of Hard-coded Cryptographic Key, Use of Hard-coded Credentials, Weak Password Requirements, Information Exposure 2. RISK…
Moxa EDS-G516E and EDS-510E Series Ethernet Switches
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: EDS-G516E series, and EDS-510E series Vulnerabilities: Stack-based Buffer Overflow, Use of a Broken or Risky Cryptographic Algorithm, Use of Hard-coded Cryptographic Key, Use of Hard-coded Credentials, Classic Buffer Overflow, Cleartext Transmission of Sensitive Information,…
Stay connected