Stay connected

Trending News

Ypsomed mylife
ICS, News, Vulnerabilities

Ypsomed mylife 

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Ypsomed Equipment: mylife Cloud, mylife Mobile Application Vulnerabilities: Insufficiently Protected Credentials, Not Using an Unpredictable IV with CBC Mode, Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain…

Schneider Electric C-Bus Toolkit
ICS, News, Vulnerabilities

Schneider Electric C-Bus Toolkit 

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: C-Bus Toolkit Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to enable remote access to the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The…

Siemens RWG Universal Controllers
ICS, News, Vulnerabilities

Siemens RWG Universal Controllers 

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: RWG Universal Controllers Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1…

Siemens Linux-based Products
ICS, News, Vulnerabilities

Siemens Linux-based Products (Update D) 

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Linux based products Vulnerability: Use of Insufficiently Random Values 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-21-131-03 Siemens Linux-based Products (Update B) that was published July 13, 2021, to the…

Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module
ICS, News, Vulnerabilities

Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module (Update D) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet module Vulnerabilities: Missing Authentication for Critical Function, Inadequate Encryption Strength 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory…

Rockwell Automation MicroLogix 1100
ICS, News, Vulnerabilities

Rockwell Automation MicroLogix 1100 

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: MicroLogix 1100 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to create a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell…

MDT AutoSave
ICS, News, Vulnerabilities

MDT AutoSave 

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: MDT Software Equipment: MDT AutoSave Vulnerabilities: Inadequate Encryption Strength, SQL Injection, Relative Path Traversal, Command Injection, Uncontrolled Search Path Element, Generation of Error Message Containing Sensitive Information, Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION…

VISAM Automation Base (VBASE)
ICS, News, Vulnerabilities

VISAM Automation Base (VBASE) (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: VISAM Equipment: VBASE Vulnerabilities: Relative Path Traversal, Incorrect Default Permissions, Inadequate Encryption Strength, Insecure Storage of Sensitive Information, Stack-based Buffer Overflow 2.UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-084-01…

Philips Vue PACS
ICS, News, Vulnerabilities

Philips Vue PACS 

1. EXECUTIVE SUMMARY https://iotsecuritynews.com/philips-clinical-collaboration-platform/CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Philips Equipment: Vue PACS Vulnerabilities: Cleartext Transmission of Sensitive Information, Improper Restriction of Operations within the Bounds of a Memory Buffer, Improper Input Validation, Improper Authentication, Improper Initialization, Use of a Broken or Risky Cryptographic Algorithm, Protection…