Stay connected

Trending News

Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques-Part II 
2 weeks ago 61 min read  
Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques 
2 weeks ago 31 min read  
IOSIX IO-1020 Micro ELD 
2 weeks ago 3 min read  
Cisco Access Point Software Secure Boot Bypass Vulnerability 
3 weeks ago 4 min read  
Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability 
1 month ago 6 min read  
GhostRace: Exploiting and Mitigating Speculative Race Conditions 
1 month ago 45 min read  
Critical vulnerabiliities, Cyber Security, News, Recommendations, Security Patches, Vulnerabilities

Cisco Releases Security Updates for Multiple Products 

Cisco has released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing high and low severity vulnerabilities, see the Cisco Security Advisories page. Reporting or Obtaining Support for a Suspected Security…

IoT, 2 years ago 19 min read  
Critical vulnerabiliities, Cyber Security, ICS, IoT Security, News, Recommendations, Vulnerabilities...

Hitachi Energy MicroSCADA Pro/X SYS600 

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MicroSCADA Pro/X SYS600 Vulnerabilities: Observable Discrepancy, HTTP Request Smuggling, Classic Buffer Overflow, Improper Certificate Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, Exposure of Sensitive Information to an Unauthorized Actor…

(I)IoT, 2 years ago 6 min read  
Critical vulnerabiliities, Cyber Security, Industrial IoT (IIoT), IoT Security, Recommendations, Uncategorized, Vulnerabilities...

Mitsubishi Electric MELSEC-Q Series C Controller Module 

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: MELSEC-Q Series C Controller Module Vulnerability: Heap-based Buffer Overflow  2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition or allow remote code execution.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions…

IoT, 2 years ago 2 min read  
Critical vulnerabiliities, Cyber Security, Data breach, Exploit, Hacks, ICS, Industrial IoT (IIoT), ...

Mitsubishi Electric GOT and Tension Controller (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GOT and Tension Controller Vulnerabilities: Improper Handling of Exceptional Conditions, Improper Input Validation ——— Begin Update A Part 1 of 2 ——— Mitsubishi Electric PSIRT has informed CISA that further research has shown the…

IoT, 2 years ago 3 min read  
Cyber Security, Industrial IoT (IIoT), IoT Security, Remediation, Security Patches, Uncategorized, Vulnerabilities...

ICS Advisory (ICSA-22-090-01) 

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: SCADAPack Workbench Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result from exfiltration of data from local files to a remote system controlled by an attacker….

IoT, 2 years ago 3 min read  
Critical vulnerabiliities, Cyber Security, ICS, Industrial IoT (IIoT), Vulnerabilities

Siemens RUGGEDCOM Devices Vulnerability 

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM Devices Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authorized threat actor to obtain privileges to access passwords. 3. TECHNICAL DETAILS…

IoT, 2 years ago 3 min read  
Cyber Security, Vulnerabilities

Orpak SiteOmat 

 EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits available Vendor: Orpak (acquired by Gilbarco Veeder-Root) Equipment: SiteOmat Vulnerabilities: Use of Hard-coded Credentials, Cross-site Scripting, SQL Injection, Missing Encryption of Sensitive Data, Code Injection, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities…

(I) IoT, 5 years ago 4 min read