Siemens TIM 1531 IRC Modules
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: TIM 1531 IRC Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform arbitrary administrative operations. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The…
3S-Smart Software Solutions GmbH CODESYS V3 Products
1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: 3S-Smart Software Solutions GmbH Equipment: CODESYS V3 products Vulnerabilities: Use of Insufficiently Random Values, Improper Restriction of Communication Channel to Intended Endpoints 2. RISK EVALUATION Successful exploitation of these vulnerabilities could…
3S-Smart Software Solutions GmbH CODESYS Control V3 Products
Legal Notice All information products included in http://ics-cert.us-cert.gov are provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product…
Advantech WebAccess/SCADA
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess/SCADA Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a stack buffer overflow condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of WebAccess/SCADA, a SCADA…
ABB GATE-E2
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: GATE-E2 Vulnerabilities: Missing Authentication for Critical Function, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow unrestricted access to the administrative telnet/web interface of the device, enabling attackers to compromise…
Quasar Open-Source Remote Administration Tool
Summary Quasar, a legitimate open-source remote administration tool (RAT), has been observed being used maliciously by Advanced Persistent Threat (APT) actors to facilitate network exploitation. This Analysis Report provides information on Quasar’s functions and features, along with recommendations for preventing and mitigating Quasar activity. …
Philips Alice 6 Vulnerabilities (Update B)
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Philips Equipment: Philips Alice 6 System product Vulnerabilities: Improper Authentication, Missing Encryption of Sensitive Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSMA-18-086-01 Philips Alice…
GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e
1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Low skill level to exploit Vendor: GE Equipment: Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access system data, which could result in escalation of privilege and unauthorized…
Geutebrück GmbH E2 Series IP Cameras
1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Geutebrück GmbH Equipment: E2 Camera Series Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability may allow a remote attacker to inject OS commands as root. 3. TECHNICAL…
US ballistic missile defense systems (BMDS) open to cyber attacks
U.S. Ballistic Missile Defense Systems Fail Cybersecurity Audit US DoD Inspector General’s report revealed United States’ ballistic missile defense systems (BMDS) fail to implements cyber security requirements. The U.S. Department of Defense Inspector General published a report this week that revealed that lack of adequate…
Stay connected