Stay connected

Trending News

ABB System 800xA Information Manager
ICS, News, Vulnerabilities

ABB System 800xA Information Manager 

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: System 800xA Information Manager Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject and execute arbitrary code on the information manager server. 3. TECHNICAL DETAILS…

Delta Industrial Automation DOPSoft
ICS, News, Vulnerabilities

Delta Industrial Automation DOPSoft 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Delta Electronics Equipment: Delta Industrial Automation DOPSoft Vulnerabilities: Out-of-bounds Read, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. 3….

Mitsubishi Electric Factory Automation Engineering Software Products
ICS, News, Vulnerabilities

Mitsubishi Electric Factory Automation Engineering Software Products 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: Factory Automation Engineering Software Products Vulnerabilities: Improper Restriction of XML External Entity Reference and Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a local attacker to send…

Grundfos CIM 500
ICS, News, Vulnerabilities

Grundfos CIM 500 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Grundfos Pumps Corporation Equipment: CIM 500 Vulnerabilities: Missing Authentication for Critical Function, Unprotected Storage of Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow access to cleartext credential data. 3. TECHNICAL DETAILS 3.1…

Rockwell FactoryTalk Services Platform XXE
ICS, News, Vulnerabilities

Rockwell FactoryTalk Services Platform XXE 

1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk Services Platform Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to a denial-of-service condition and to the arbitrary reading of any local…

Inductive Automation Ignition
ICS, News, Vulnerabilities

Inductive Automation Ignition (Update B) 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Inductive Automation Equipment: Ignition Vulnerabilities: Missing Authentication for Critical Function, Deserialization of Untrusted Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-147-01 Inductive Automation Ignition (Update A) that…

Treck TCP/IP Stack
ICS, News, Vulnerabilities

Treck TCP/IP Stack (Update C) 

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely Vendor: Treck Inc. Equipment: TCP/IP Vulnerabilities: Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound, Improper Null Termination, Improper Access Control CISA is aware of a public report, known as “Ripple20” that…

Rockwell FactoryTalk View SE
ICS, News, Vulnerabilities

Rockwell FactoryTalk View SE 

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk View SE Vulnerabilities: Cleartext Storage of Sensitive Information, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to unauthorized access to server data. 3. TECHNICAL DETAILS 3.1…

Honeywell ControlEdge PLC and RTU
ICS, News, Vulnerabilities

Honeywell ControlEdge PLC and RTU 

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Honeywell Equipment: ControlEdge PLC and RTU Vulnerabilities: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain passwords and session tokens. 3. TECHNICAL DETAILS 3.1 AFFECTED…

ABB Device Library Wizard
ICS, News, Vulnerabilities

ABB Device Library Wizard 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: ABB Equipment: Device Library Wizard Vulnerability: Insecure Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a low-level user to escalate privileges and fully compromise the device. 3. TECHNICAL DETAILS 3.1…