Stay connected

Trending News

Siemens PROFINET DCP
ICS, News, Vulnerabilities

Siemens PROFINET DCP (Update S) 

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol (DCP) Vulnerabilities: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory…

Rockwell Automation 1734-AENTR Series B and Series C
ICS, News, Vulnerabilities

Rockwell Automation 1734-AENTR Series B and Series C 

1. EXECUTIVE SUMMARY CVSS v3 7.5 Rockwell Automation 1734-AENTR Series B and Series C ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: 1734-AENTR Series B and Series C Vulnerabilities: Improper Access Control, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to unauthorized…

Schneider Electric EcoStruxure Building Operation (EBO)
ICS, News, Vulnerabilities

Schneider Electric EcoStruxure Building Operation (EBO) 

1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: EcoStruxure Building Operation Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Cross-site Scripting, Improper Restriction of XML External Entity Reference, Improper Access Control, Windows Unquoted Search Path 2. RISK EVALUATION Successful exploitation…

Hitachi ABB Power Grids Ellipse EAM
ICS, News, Vulnerabilities

Hitachi ABB Power Grids Ellipse EAM 

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Hitachi ABB Power Grids Equipment: Ellipse EAM Vulnerabilities: Cross-site Scripting, User Interface Misrepresentation of Critical Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to steal sensitive information, hijack a user’s…

MB connect line mbCONNECT24, mymbCONNECT24
ICS, News, Vulnerabilities

MB connect line mbCONNECT24, mymbCONNECT24 

1. EXECUTIVE SUMMARY MB connect line mbCONNECT24, mymbCONNECT24 CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: MB connect line Equipment: mymbCONNECT24, mbCONNECT24 Vulnerabilities: MB Improper Privilege Management, Server-side Request Forgery (SSRF), Cross-site Scripting, Uncontrolled Resource Consumption, Open Redirect, Insecure Default Initialization of Resource, PHP Remote File…

PerFact OpenVPN-Client
ICS, News, Vulnerabilities

PerFact OpenVPN-Client 

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: PerFact Equipment: OpenVPN-Client Vulnerability: External Control of System or Configuration Setting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow for local privilege escalation or remote code execution through a malicious webpage. 3. TECHNICAL…

Fatek FvDesigner
ICS, News, Vulnerabilities

Fatek FvDesigner 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Fatek Equipment: FvDesigner Vulnerabilities: Use After Free, Access of Uninitialized Pointer, Stack-based Buffer Overflow, Out-of-Bounds Write, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow an attacker to read/modify information, execute arbitrary, and/or…

Rockwell Automation Logix Controllers
ICS, News, Vulnerabilities

Rockwell Automation Logix Controllers (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers Vulnerability: Insufficiently Protected Credentials 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-056-03 Rockwell Automation Logix Controllers that…

ProSoft Technology ICX35
ICS, News, Vulnerabilities

ProSoft Technology ICX35 

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ProSoft Technology Equipment: ICX35-HWC-A and ICX35-HWC-E Vulnerability: Permissions, Privileges, and Access Controls 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to change the current user’s password and alter device configurations. 3….

Advantech BB-ESWGP506-2SFP-T
ICS, News, Vulnerabilities

Advantech BB-ESWGP506-2SFP-T 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: BB-ESWGP506-2SFP-T Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information and execute arbitrary code. 3. TECHNICAL DETAILS 3.1…