BD FACSLyric (Update A)
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: Becton, Dickinson and Company (BD) Equipment: FACSLyric Vulnerability: Improper Access Control 2. UPDATE INFORMATION This updated medical device advisory is a follow-up to the original advisory titled ICSMA-19-029-02 BD FACSLyric that was published January 29, 2019,…
Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable from the same local network segment (OSI Layer 2) Vendor: Siemens Equipment: SCALANCE X switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C Vulnerability: Permissions, Privileges, and Access Controls 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory…
Omron CX-Supervisor
1. EXECUTIVE SUMMARY CVSS v3 7.0 Vendor: Omron Equipment: CX-Supervisor Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-Of-Bounds Read, Use-After-Free, Incorrect Type Conversion or Cast 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-290-01 Omron CX-Supervisor that…
IDenticard PremiSys
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit/vulnerability details have been publicly disclosed Vendor: IDenticard Equipment: PremiSys Vulnerabilities: Use of Hard-coded Credentials, Use of Hard-coded Password, Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to view sensitive…
Schneider Electric EVLink Parking
EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: EVLink Parking Vulnerabilities: Use of Hard-coded Credentials, Code Injection, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to stop the device and prevent charging, execute arbitrary commands,…
AVEVA Wonderware System Platform
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low skill level to exploit Vendor: AVEVA Equipment: Wonderware System Platform Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION This vulnerability could allow unauthorized access to the credentials for the ArchestrA Network User Account. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions…
Mitsubishi Electric MELSEC-Q Series PLCs
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: MELSEC-Q series PLCs Vulnerability: Resource Exhaustion 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to send specially crafted packets to the device, causing Ethernet communication to stop….
Yokogawa License Manager Service
1. EXECUTIVE SUMMARY CVSS v8.1 ATTENTION: Exploitable remotely Vendor: Yokogawa Equipment: License Manager Service Vulnerability: Unrestricted Upload of Files with Dangerous Type 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to remotely upload files, allowing execution of arbitrary code. 3. TECHNICAL…
BD FACSLyric
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: Becton, Dickinson and Company (BD) Equipment: FACSLyric Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to gain unauthorized access to administrative level privileges on a workstation, which could…
Stryker Medical Beds
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Public exploits are available Vendor: Stryker Equipment: Secure II MedSurg Bed, S3 MedSurg Bed, and InTouch ICU Bed Vulnerability: Reusing a Nonce 2. RISK EVALUATION Successful exploitation of this vulnerability could allow data traffic manipulation, resulting in partial disclosure of encrypted communication…
Stay connected