Honeywell WIN-PAK
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Honeywell Equipment: WIN-PAK Vulnerabilities: Cross-site Request Forgery, Improper Neutralization of HTTP Headers for Scripting Syntax, Use of Obsolete Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities allows an attacker to perform remote code execution. 3. TECHNICAL DETAILS 3.1…
B&R Industrial Automation Studio and Automation Runtime
1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: B&R Industrial Automation GmbH Equipment: Automation Studio and Automation Runtime Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability may allow a remote attacker to modify the configuration of affected devices. 3. TECHNICAL…
Rockwell Automation FactoryTalk Diagnostics
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk Diagnostics Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to execute arbitrary code with SYSTEM level privileges. 3. TECHNICAL DETAILS…
Rockwell Automation FactoryTalk Diagnostics
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk Diagnostics Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to execute arbitrary code with SYSTEM level privileges. 3. TECHNICAL DETAILS…
Spacelabs Xhibit Telemetry Receiver (XTR)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low skill level to exploit/Public exploits known Vendor: Spacelabs Equipment: Xhibit Telemetry Receiver Vulnerability: Improper Input Validation 2. RISK EVALUATION A remote code execution vulnerability called BlueKeep (CVE-2019-0708) exists within the Remote Desktop Protocol (RDP) used by…
GE Ultrasound products
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: GE Equipment: Ultrasound Products Vulnerability: Protection Mechanism Failure 2. RISK EVALUATION The affected GE Healthcare ultrasound devices utilize a method of software application implementation called “Kiosk Mode.” This Kiosk Mode is vulnerable to local breakouts, which…
Honeywell INNCOM INNControl 3
1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Honeywell Equipment: INNCOM INNControl 3 Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate user privileges within the INNControl application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The…
Emerson OpenEnterprise
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Emerson Equipment: OpenEnterprise SCADA Server Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code on an OpenEnterprise SCADA Server. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of…
Unexplored Warfare of 21 Century
1. Introduction In the 21st century, it is almost impossible to even imagine life without technology. Everything from mobile phones to cars everything has embedded systems and computers installed in it which allows the devices to function smartly and fast. These computers are often misunderstood…
Interpeak IPnet TCP/IP Stack (Update C)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendors: ENEA, Green Hills Software, ITRON, IP Infusion, Wind River Equipment: OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, ZebOS by IP Infusion, and VxWorks by Wind River Vulnerabilities: Stack-based Buffer…
Stay connected