NASA hacked because of unauthorized Raspberry Pi connected to its network
NASA described the hackers as an “advanced persistent threat,” a term generally used for nation-state hacking groups. A report published this week by the NASA Office of Inspector General reveals that in April 2018 hackers breached the agency’s network and stole approximately 500 MB of…
PHOENIX CONTACT Automation Worx Software Suite
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Phoenix Contact Equipment: Automation Worx Software Suite Vulnerabilities: Access of Uninitialized Pointer, Out-of-bounds Read, Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker, with access to an original PC…
A Debugging Primer With CVE-2019-0708
The purpose of this post is to share how one would use a debugger to identify the relevant code path that can trigger the crash. I hope this post will be educational to people that are excited to learning how to use debugger for vulnerability…
Microsoft Operating Systems BlueKeep Vulnerability
Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this Activity Alert to provide information on a vulnerability, known as “BlueKeep,” that exists in the following Microsoft Windows Operating Systems (OSs), including both 32- and 64-bit versions, as well as all Service Pack versions:…
WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: WAGO Equipment: Industrial Managed Switches 852-303, 852-1305, and 852-1505 Vulnerabilities: Use of Hard-coded Credentials, Use of Hard-coded Cryptographic Key, Using Components with Known Vulnerabilities 2. RISK EVALUATION Successful exploitation of these…
Johnson Controls exacqVision Enterprise System Manager
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: (BD) Becton, Dickinson and Company Equipment: Alaris Gateway Workstation Vulnerabilities: Improper Access Control, Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Exploitation of these vulnerabilities could allow unauthorized arbitrary code execution, which could…
BD Alaris Gateway Workstation
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: (BD) Becton, Dickinson and Company Equipment: Alaris Gateway Workstation Vulnerabilities: Improper Access Control, Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Exploitation of these vulnerabilities could allow unauthorized arbitrary code execution, which could…
Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C (Update B)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable from the same local network segment (OSI Layer 2) Vendor: Siemens ——— Begin Update B Part 1 of 3 ——— Equipment: SCALANCE X switches, RUGGEDCOM Win, RFID 181-EIP, and SIMATIC RF182C ——— End Update B Part 1 of 3 ———…
Siemens CP, SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM (Update B)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: CP, SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM Vulnerability: Out-of-bounds Read 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-19-099-06 Siemens CP, SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM…
Siemens LOGO!8 Devices
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: LOGO!8 devices Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Session Fixation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read the communication between…
Stay connected