IDenticard PremiSys (Update A)
Legal Notice All information products included in http://ics-cert.us-cert.gov are provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product…
Kunbus PR100088 Modbus Gateway (Update B)
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Kunbus Equipment: PR100088 Modbus gateway Vulnerabilities: Improper Authentication, Information Exposure Through Query Strings in GET Request, Missing Authentication for Critical Function, Improper Input Validation, Cleartext Storage of Sensitive Information 2. UPDATE INFORMATION This updated advisory…
PSI GridConnect Telecontrol
1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: PSI GridConnect GmbH (formerly known as PSI Nentec GmbH) Equipment: Telecontrol Gateway and Smart Telecontrol Unit family, IEC104 Security Proxy Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker…
Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild
Threat actors in the wild are exploiting the recently patched CVE-2019-6340 flaw in the Drupal CMS to deliver cryptocurrency miners and other payloads. Just three days after the CVE-2019-6340 flaw in Drupal was addressed, threat actors in the wild started exploiting the issue to deliver cryptocurrency miners and other…
Moxa IKS, EDS
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: IKS, EDS Vulnerabilities: Classic Buffer Overflow, Cross-site Request Forgery, Cross-site Scripting, Improper Access Controls, Improper Restriction of Excessive Authentication Attempts, Missing Encryption of Sensitive Data, Out-of-bounds Read, Unprotected Storage of Credentials, Predictable…
CVE-2019-9019 affects British Airways Entertainment System on Boeing 777-36N(ER)
The British Airways Entertainment System, as installed on Boeing 777-36N(ER) and possibly other aircraft, is affected by a privilege escalation issue tracked as CVE-2019-9019. Experts discovered a critical vulnerability in the British Airways Entertainment System. The flaw is a privilege escalation issue that resides in…
Wind River VxWorks SSH and Web Server and General Electric D20MX (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Wind River, General Electric Equipment: VxWorks, D20MX ——— Begin Update A Part 1 of 4 ——— Vulnerabilities: Improper Input Validation ——— End Update A Part 1 of 4 ——— 2. UPDATE INFORMATION This updated advisory is a follow-up…
CVE-2019-6340 Critical flaw in Drupal allows Remote Code Execution
Security expert found a “highly critical” vulnerability (CVE-2019-6340) in the popular Drupal CMS that could be exploited for remote code execution. Drupal released security updates that addresses a “highly critical” vulnerability in the popular Drupal CMS, tracked as CVE-2019-6340, that could be exploited for remote code execution….
Rockwell Automation Allen-Bradley PowerMonitor 1000
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Rockwell Automation Equipment: Allen-Bradley PowerMonitor 1000 Vulnerabilities: Cross-site Scripting and Authentication Bypass 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to affect the confidentiality, integrity, and availability…
Horner Automation Cscape
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Horner Automation Equipment: Cscape Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being accessed, which may allow the attacker to read confidential information and remotely execute arbitrary code….
Stay connected