Siemens Parasolid
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to leverage the vulnerability to perform remote code execution in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens are affected: 3.2…
VMware Releases Security Advisory for Aria Operations
Security Advisory: VMSA-2024-0001 1. Impacted Products 2. Introduction A Missing Access Control vulnerability in Aria Automation has been privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products. 3. Aria Automation Missing Access Control Vulnerability (CVE-2023-34063) Description: Aria Automation contains…
Mitsubishi Electric MELSEC iQ-R, Q and L Series
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition in the Ethernet port on the CPU module. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports that the following MELSEC programmable controllers are affected: 3.2 Vulnerability Overview 3.2.1 Uncontrolled…
Johnson Controls Metasys and Facility Explorer
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service by sending invalid credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Johnson Controls Metasys and Facility Explorer are affected: 3.2 Vulnerability Overview 3.2.1 UNCONTROLLED…
Siemens SINEC INS
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to create a denial-of-service condition, intercept credentials, or escalate privileges on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: 3.2 Vulnerability Overview 3.2.1 IMPROPER…
Siemens SCALANCE and RUGGEDCOM M-800/S615 Family
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker with administrative privileges to execute arbitrary code on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: 3.2 Vulnerability Overview 3.2.1 ACCEPTANCE OF EXTRANEOUS…
Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d
Executive SummaryCVSS v3 5.4ALERT: Vulnerable to exploitation with adjacent access/low attack complexityManufacturer: Zebra TechnologiesDevices: ZTC Industrial ZT410, ZTC Desktop GK420dIssue: Potential Authentication Bypass via Alternate Path or Channel Risk AssessmentSuccessful exploitation of this vulnerability could permit an unauthorized individual to manipulate credentials by sending specifically…
Siemens SIMATIC PCS neo
SIMATIC PCS neo: Versions before V4.13.2 Vulnerability Overview3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306Affected products’ PUD Manager fails to authenticate users properly within its web service. This allows an unauthenticated attacker from an adjacent network to generate a privileged token and upload additional documents.CVE-2023-46096 has…
Mitsubishi Electric MELSEC and MELIPC Series (Update G)
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition. Recovery requires a system reset. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of MELSEC series CPU modules and MELIPC Series Industrial Computers…
Hitachi Energy eSOMS
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information related to eSOMS application configuration. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Hitachi Energy products are affected: 3.2 Vulnerability Overview 3.2.1 GENERATION OF ERROR MESSAGE CONTAINING…
Stay connected