ICS Archives - Page 7 of 51 - (I)IoT Security News

Siemens Linux-based Products (Update J)

1. EXECUTIVE SUMMARY 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-21-131-03 Siemens Linux-based Products (Update I) that was published August 11, 2022, to the ICS webpage at www.cisa.gov/ics. 3. RISK EVALUATION Successful exploitation of this vulnerability could compromise…

IoT, 2 years ago 5 min read

Critical vulnerabiliities, ICS, News, Recommendations, Security Patches, Vulnerabilities

VMware Vulnerabilities

Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control. The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination….

IoT, 2 years ago 4 min read

Critical vulnerabiliities, Cyber Security, ICS, IoT Security, News, Recommendations, Vulnerabilities...

Hitachi Energy MicroSCADA Pro/X SYS600

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MicroSCADA Pro/X SYS600 Vulnerabilities: Observable Discrepancy, HTTP Request Smuggling, Classic Buffer Overflow, Improper Certificate Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, Exposure of Sensitive Information to an Unauthorized Actor…

(I)IoT, 3 years ago 6 min read

Critical vulnerabiliities, Cyber Security, Data breach, Exploit, Hacks, ICS, Industrial IoT (IIoT), ...

Mitsubishi Electric GOT and Tension Controller (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GOT and Tension Controller Vulnerabilities: Improper Handling of Exceptional Conditions, Improper Input Validation ——— Begin Update A Part 1 of 2 ——— Mitsubishi Electric PSIRT has informed CISA that further research has shown the…

IoT, 3 years ago 3 min read

Critical vulnerabiliities, Cyber Security, ICS, Industrial IoT (IIoT), Vulnerabilities

Siemens RUGGEDCOM Devices Vulnerability

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM Devices Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authorized threat actor to obtain privileges to access passwords. 3. TECHNICAL DETAILS…

IoT, 3 years ago 3 min read

ICS, News, Vulnerabilities

Advantech ADAM-3600

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: ADAM-3600 Vulnerability: Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized access to intercept traffic using the hardcoded key. This could allow an attacker to achieve Web Server…

(I) IoT, 3 years ago 2 min read

ICS, News, Vulnerabilities

Fresenius Kabi Agilia Connect Infusion System

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Fresenius Kabi Equipment: Agilia Connect Infusion System Vulnerabilities: Uncontrolled Resource Consumption, Use of a Broken or Risky Cryptographic Algorithm, Insufficiently Protected Credentials, Improper Access Control, Plaintext Storage of a Password, Files or Directories Accessible to External Parties,…

(I) IoT, 3 years ago 8 min read

ICS, News, Vulnerabilities

Mitsubishi Electric MELSEC and MELIPC Series (Update A)

1. EXECUTIVE SUMMARY 2. UPDATE INFORMATION This updated advisory is a follow up to the original advisory titled ICSA-21-334-02 Mitsubishi Electric MELSEC and MELIPC Series that was published on November 30, 2021, to the ICS webpage on www.cisa.gov/uscert. 3. RISK EVALUATION Successful exploitation of these…

(I) IoT, 3 years ago 5 min read

ICS, News, Vulnerabilities

GE Gas Power ToolBoxST

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: GE Gas Power Equipment: ToolBoxST Vulnerabilities: Improper Restriction of XML External Entity Reference, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in data exfiltration or arbitrary write, overwrite, and execution. 3. TECHNICAL DETAILS…

(I) IoT, 3 years ago 4 min read

ICS, Vulnerabilities

Geutebrück G-Cam E2 and G-Code

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Geutebrück Equipment: G-Cam E2 and G-Code Vulnerabilities: Missing Authentication for Critical Function, Command Injection, Stack-based Buffer Overflow 2. RISK EVALUATION UDP Technology supplies multiple OEMs such as Geutebrück with firmware for IP cameras. Successful…

(I) IoT, 3 years ago 5 min read

Stay connected

Trending News

Bosch Rexroth IndraDrive

Delta Electronics DIAScreen

LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites

Delta Electronics InfraSuite Device Master

iniNet Solutions SpiderControl SCADA PC HMI Editor

VIMESA VHF/FM Transmitter Blue Plus

Siemens Linux-based Products (Update J)

VMware Vulnerabilities

Hitachi Energy MicroSCADA Pro/X SYS600

Mitsubishi Electric GOT and Tension Controller (Update A)

Siemens RUGGEDCOM Devices Vulnerability

Advantech ADAM-3600

Fresenius Kabi Agilia Connect Infusion System

Mitsubishi Electric MELSEC and MELIPC Series (Update A)

GE Gas Power ToolBoxST

Geutebrück G-Cam E2 and G-Code

Hot Topics

Bosch Rexroth IndraDrive

Delta Electronics DIAScreen

LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites

Delta Electronics InfraSuite Device Master

iniNet Solutions SpiderControl SCADA PC HMI Editor

VIMESA VHF/FM Transmitter Blue Plus

Categories

Bosch Rexroth IndraDrive

Delta Electronics DIAScreen

LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites

Delta Electronics InfraSuite Device Master

iniNet Solutions SpiderControl SCADA PC HMI Editor

VIMESA VHF/FM Transmitter Blue Plus

Latest

Popular

Bosch Rexroth IndraDrive

Delta Electronics DIAScreen

LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites

Delta Electronics InfraSuite Device Master

Advantech WebAccess Node

Fazecast jSerialComm

Apache Tomcat RCE by deserialization (CVE-2020-9484) – write-up and exploit0

JexBoss – JBoss Verify and EXploitation Tool