Honeywell equIP and Performance Series IP Cameras and Recorders
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Honeywell Equipment: equIP series and Performance series IP cameras and recorders Vulnerability: Authentication Bypass by Capture-Replay 2. RISK EVALUATION Successful exploitation of this vulnerability could result in unauthenticated access. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Honeywell reports the vulnerability…
Honeywell equIP and Performance Series IP Cameras
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Honeywell Equipment: equIP series and Performance series IP cameras Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could result in unauthenticated access. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Honeywell…
Honeywell equIP Series IP Cameras
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Honeywell Equipment: equIP series IP cameras Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could result in denial-of-service conditions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Honeywell reports the vulnerability affects the…
Advantech WISE-PaaS/RMM
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WISE-PaaS/RMM Vulnerabilities: Path Traversal, Missing Authorization, Improper Restriction of XML External Entity Reference, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow information disclosure, remote code execution, and compromise system…
Malware Analysis Report (AR19-304A) MAR-10135536-8 – North Korean Trojan: HOPLIGHT
Summary Description This Malware Analysis Report (MAR) is the result of analytic efforts between Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD). Working with U.S. Government partners, DHS, FBI, and DoD identified Trojan malware variants used…
PHOENIX CONTACT Automation Worx Software Suite
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Phoenix Contact Equipment: Automation Worx Software Suite Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could compromise the availability, integrity, or confidentiality of an application programming workstation. Automated systems programmed using one…
Moxa IKS, EDS (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: IKS, EDS Vulnerabilities: Classic Buffer Overflow, Cross-site Request Forgery, Cross-site Scripting, Improper Access Controls, Improper Restriction of Excessive Authentication Attempts, Missing Encryption of Sensitive Data, Out-of-bounds Read, Unprotected Storage of Credentials, Predictable…
Honeywell IP-AK2
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Honeywell Equipment: IP-AK2 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to download configuration files directly through a URL without authentication, exposing configuration and authorized…
Rittal Chiller SK 3232-Series
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rittal Equipment: Rittal Chiller SK 3232-Series Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could disrupt the primary operations of the affected component, shut down…
Philips IntelliSpace Perinatal
1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: IntelliSpace Perinatal Vulnerability: Exposure of Resource to Wrong Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker unauthorized access to system resources, including access to execute software or to view/update…
Stay connected