Geutebrück GmbH E2 Series IP Cameras
1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Geutebrück GmbH Equipment: E2 Camera Series Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability may allow a remote attacker to inject OS commands as root. 3. TECHNICAL…
US ballistic missile defense systems (BMDS) open to cyber attacks
U.S. Ballistic Missile Defense Systems Fail Cybersecurity Audit US DoD Inspector General’s report revealed United States’ ballistic missile defense systems (BMDS) fail to implements cyber security requirements. The U.S. Department of Defense Inspector General published a report this week that revealed that lack of adequate…
Critical SQLite Flaw Leaves Millions of Apps Vulnerable to Hackers
Cybersecurity researchers have discovered a critical vulnerability in widely used SQLite database software that exposes billions of deployments to hackers. Dubbed as ‘Magellan‘ by Tencent’s Blade security team, the newly discovered SQLite flaw could allow remote attackers to execute arbitrary or malicious code on affected…
Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays
Legal Notice All information products included in http://ics-cert.us-cert.gov are provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product…
Schneider Electric GUIcon Eurotherm
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Schneider Electric Equipment: Eurotherm by Schneider Electric GUIcon Vulnerabilities: Type Confusion, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow an attacker to execute code with privileges within…
Medtronic 9790, 2090 CareLink, and 29901 Encore Programmers
1. EXECUTIVE SUMMARY CVSS v3 4.6 ATTENTION: Low skill level to exploit Vendor: Medtronic Equipment: 9790 CareLink Programmer, 2090 CareLink Programmer, 29901 Encore Programmer Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION As part of the intended functionality of this device, it may store protected health information (PHI)…
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update N)
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol (DCP) Vulnerabilities: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory…
Siemens Industrial Products (Update J)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Siemens Equipment: Industrial Products Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-339-01 Siemens Industrial Products (Update I) published November 13,…
Philips Alice 6 Vulnerabilities (Update A)
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Philips Equipment: Philips Alice 6 System product Vulnerabilities: Improper Authentication, Missing Encryption of Sensitive Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSMA-18-086-01 Philips Alice…
Siemens SINUMERIK Controllers
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINUMERIK Controllers Vulnerabilities: Heap-based Buffer Overflow, Integer Overflow or Wraparound, Protection Mechanism Failure, Permissions, Privileges, and Access Controls, Stack-based Buffer Overflow, Uncaught Exception 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause denial-of-service…
Stay connected