Stay connected

Trending News

Critical vulnerabiliities, ICS, Market, News, Recommendations

Mitsubishi Electric GT SoftGOT2000 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: GT SoftGOT2000 Vulnerability: Operating System (OS) Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious OS commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric…

ICS, Market, News, Recommendations, Remediation, Uncategorized

Nokia ASIK AirScale System Module 

1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low attack complexity  Vendor: Nokia  Equipment: ASIK AirScale 5G Common System Module Vulnerabilities: Improper Access Control for Volatile Memory Containing Boot Code, Assumed-Immutable Data is Stored in Writable Memory 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in the execution…

ICS, IoT Security, News, Uncategorized

Siemens Linux-based Products (Update J) 

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Linux based products Vulnerability: Use of Insufficiently Random Values 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-21-131-03 Siemens Linux-based Products (Update I) that was published August 11, 2022, to the…

Critical vulnerabiliities, ICS, News, Recommendations, Security Patches, Vulnerabilities

VMware Vulnerabilities 

Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control. The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination….

Critical vulnerabiliities, Cyber Security, ICS, IoT Security, News, Recommendations, Vulnerabilities...

Hitachi Energy MicroSCADA Pro/X SYS600 

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MicroSCADA Pro/X SYS600 Vulnerabilities: Observable Discrepancy, HTTP Request Smuggling, Classic Buffer Overflow, Improper Certificate Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, Exposure of Sensitive Information to an Unauthorized Actor…

Critical vulnerabiliities, Cyber Security, Data breach, Exploit, Hacks, ICS, Industrial IoT (IIoT), ...

Mitsubishi Electric GOT and Tension Controller (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GOT and Tension Controller Vulnerabilities: Improper Handling of Exceptional Conditions, Improper Input Validation ——— Begin Update A Part 1 of 2 ——— Mitsubishi Electric PSIRT has informed CISA that further research has shown the…

Critical vulnerabiliities, Cyber Security, ICS, Industrial IoT (IIoT), Vulnerabilities

Siemens RUGGEDCOM Devices Vulnerability 

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM Devices Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authorized threat actor to obtain privileges to access passwords. 3. TECHNICAL DETAILS…

Advantech ADAM-3600
ICS, News, Vulnerabilities

Advantech ADAM-3600 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: ADAM-3600 Vulnerability: Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized access to intercept traffic using the hardcoded key. This could allow an attacker to achieve Web Server…

Fresenius Kabi Agilia Connect Infusion System
ICS, News, Vulnerabilities

Fresenius Kabi Agilia Connect Infusion System 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Fresenius Kabi Equipment: Agilia Connect Infusion System Vulnerabilities: Uncontrolled Resource Consumption, Use of a Broken or Risky Cryptographic Algorithm, Insufficiently Protected Credentials, Improper Access Control, Plaintext Storage of a Password, Files or Directories Accessible to External Parties,…

Mitsubishi Electric MELSEC and MELIPC Series
ICS, News, Vulnerabilities

Mitsubishi Electric MELSEC and MELIPC Series (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC and MELIPC Series Vulnerabilities: Uncontrolled Resource Consumption, Improper Handling of Length Parameter Inconsistency, Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow up to the original advisory titled ICSA-21-334-02 Mitsubishi…