Multiple Vulnerabilities in Rapid SCADA Pose Serious Threats, Urgent Mitigations Recommended
Executive Summary: Rapid Software LLC’s industrial automation platform, Rapid SCADA, has been found susceptible to multiple critical vulnerabilities, posing significant risks of remote code execution, unauthorized access, and privilege escalation. The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory detailing the potential exploits and…
Mitsubishi Electric MELSEC iQ-R, Q and L Series
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition in the Ethernet port on the CPU module. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports that the following MELSEC programmable controllers are affected: 3.2 Vulnerability Overview 3.2.1 Uncontrolled…
Johnson Controls Metasys and Facility Explorer
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service by sending invalid credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Johnson Controls Metasys and Facility Explorer are affected: 3.2 Vulnerability Overview 3.2.1 UNCONTROLLED…
Siemens SINEC INS
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to create a denial-of-service condition, intercept credentials, or escalate privileges on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: 3.2 Vulnerability Overview 3.2.1 IMPROPER…
Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d
Executive SummaryCVSS v3 5.4ALERT: Vulnerable to exploitation with adjacent access/low attack complexityManufacturer: Zebra TechnologiesDevices: ZTC Industrial ZT410, ZTC Desktop GK420dIssue: Potential Authentication Bypass via Alternate Path or Channel Risk AssessmentSuccessful exploitation of this vulnerability could permit an unauthorized individual to manipulate credentials by sending specifically…
Siemens SIMATIC PCS neo
SIMATIC PCS neo: Versions before V4.13.2 Vulnerability Overview3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306Affected products’ PUD Manager fails to authenticate users properly within its web service. This allows an unauthenticated attacker from an adjacent network to generate a privileged token and upload additional documents.CVE-2023-46096 has…
Ubuntu Security Notice USN-6502-1
Packages Details Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleemdiscovered that the InfiniBand RDMA driver in the Linux kernel did notproperly check for zero-length STAG or MR registration. A remote attackercould possibly use this to execute arbitrary code. (CVE-2023-25775) Yu Hao discovered that…
Cisco Firepower Management Center Software Log API Denial of Service Vulnerability
Summary Affected Products Workarounds Fixed Software Source:
Cisco Firepower Threat Defense Software for Cisco Firepower 2100 Series Firewalls Inspection Rules Denial of Service Vulnerability
Summary Affected Products Indicators of Compromise Workarounds Fixed Software Source:
Cisco Identity Services Engine Command Injection Vulnerabilities
Summary Affected Products Details Workarounds Fixed Software Source:
Stay connected