Stay connected

Trending News

News, Vulnerabilities

BD FACSLyric (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: Becton, Dickinson and Company (BD) Equipment: FACSLyric Vulnerability: Improper Access Control 2. UPDATE INFORMATION This updated medical device advisory is a follow-up to the original advisory titled ICSMA-19-029-02 BD FACSLyric that was published January 29, 2019,…

News, Vulnerabilities

Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable from the same local network segment (OSI Layer 2) Vendor: Siemens Equipment: SCALANCE X switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C Vulnerability: Permissions, Privileges, and Access Controls 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory…

News, Vulnerabilities

Omron CX-Supervisor 

1. EXECUTIVE SUMMARY CVSS v3 7.0 Vendor: Omron Equipment: CX-Supervisor Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-Of-Bounds Read, Use-After-Free, Incorrect Type Conversion or Cast 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-290-01 Omron CX-Supervisor that…

News, Vulnerabilities

IDenticard PremiSys 

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit/vulnerability details have been publicly disclosed Vendor: IDenticard Equipment: PremiSys Vulnerabilities: Use of Hard-coded Credentials, Use of Hard-coded Password, Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to view sensitive…

News, Vulnerabilities

Schneider Electric EVLink Parking 

EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: EVLink Parking Vulnerabilities: Use of Hard-coded Credentials, Code Injection, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to stop the device and prevent charging, execute arbitrary commands,…

News, Vulnerabilities

AVEVA Wonderware System Platform 

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low skill level to exploit Vendor: AVEVA Equipment: Wonderware System Platform Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION This vulnerability could allow unauthorized access to the credentials for the ArchestrA Network User Account. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions…

News, Vulnerabilities

Mitsubishi Electric MELSEC-Q Series PLCs 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: MELSEC-Q series PLCs Vulnerability: Resource Exhaustion 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to send specially crafted packets to the device, causing Ethernet communication to stop….

News, Vulnerabilities

Yokogawa License Manager Service 

1. EXECUTIVE SUMMARY CVSS v8.1 ATTENTION: Exploitable remotely Vendor: Yokogawa Equipment: License Manager Service Vulnerability: Unrestricted Upload of Files with Dangerous Type 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to remotely upload files, allowing execution of arbitrary code. 3. TECHNICAL…

News, Vulnerabilities

BD FACSLyric 

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: Becton, Dickinson and Company (BD) Equipment: FACSLyric Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to gain unauthorized access to administrative level privileges on a workstation, which could…

News, Vulnerabilities

Stryker Medical Beds 

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Public exploits are available Vendor: Stryker Equipment: Secure II MedSurg Bed, S3 MedSurg Bed, and InTouch ICU Bed Vulnerability: Reusing a Nonce 2. RISK EVALUATION Successful exploitation of this vulnerability could allow data traffic manipulation, resulting in partial disclosure of encrypted communication…