Stay connected

Trending News

Critical vulnerabiliities, Industrial IoT (IIoT), IoT Security, Market, News, Recommendations

Siemens SINEC INS 

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/Low attack complexity  Vendor: Siemens Equipment: SINEC INS Vulnerabilities: Improper Input Validation, Integer Overflow or Wraparound, Uncontrolled Resource Consumption, Command Injection, Inadequate Encryption Strength, Missing Encryption of Sensitive Data, Improper Restriction of Operations Within the Bounds of a Memory Buffer, Exposure…

Industrial IoT (IIoT), News, Recommendations, Reports

Siemens EN100 Ethernet Module 

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: EN100 Ethernet Module Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer. 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to crash the affected application leading to a…

Critical vulnerabiliities, Industrial IoT (IIoT), IoT Security, News, Recommendations

Siemens EN100 Ethernet Module 

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: EN100 Ethernet Module Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the product crashing or the creation of a denial-of-service…

Critical vulnerabiliities, Industrial IoT (IIoT), IoT Security, News, Recommendations, Security Patches, Vulnerabilities...

Siemens SIMATIC WinCC 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC PCS, WinCC Vulnerability: Insecure Default Initialization of Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow authenticated attackers to escape the kiosk mode. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products…

Critical vulnerabiliities, Cyber Security, Industrial IoT (IIoT), IoT Security, Recommendations, Uncategorized, Vulnerabilities...

Mitsubishi Electric MELSEC-Q Series C Controller Module 

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: MELSEC-Q Series C Controller Module Vulnerability: Heap-based Buffer Overflow  2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition or allow remote code execution.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions…

Critical vulnerabiliities, Cyber Security, Data breach, Exploit, Hacks, ICS, Industrial IoT (IIoT), ...

Mitsubishi Electric GOT and Tension Controller (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GOT and Tension Controller Vulnerabilities: Improper Handling of Exceptional Conditions, Improper Input Validation ——— Begin Update A Part 1 of 2 ——— Mitsubishi Electric PSIRT has informed CISA that further research has shown the…

Cyber Security, Industrial IoT (IIoT), IoT Security, Remediation, Security Patches, Uncategorized, Vulnerabilities...

ICS Advisory (ICSA-22-090-01) 

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: SCADAPack Workbench Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result from exfiltration of data from local files to a remote system controlled by an attacker….

Critical vulnerabiliities, Cyber Security, ICS, Industrial IoT (IIoT), Vulnerabilities

Siemens RUGGEDCOM Devices Vulnerability 

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM Devices Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authorized threat actor to obtain privileges to access passwords. 3. TECHNICAL DETAILS…

Industrial IoT (IIoT), News, Vulnerabilities

Security bug in Swann IoT Camera allowed to access video feeds 

Security experts have discovered a security glitch in Swann IoT camera that could be exploited by attackers to access video feeds. Security experts from Pen Test Partners (Andrew Tierney, Chris Wade and Ken Munro) along with security researchers Alan Woodward, Scott Helme and Vangelis Stykas have discovered a security glitch in Swann IoT camera that…

Industrial IoT (IIoT), News

GDPR – PyRoMineIoT spreads via EternalRomance exploit and targets targets IoT devices in Iran and Saudi Arabia. 

Fortinet discovered PyRoMineIoT, a new strain of crypto-currency miner that exploits the NSA-linked EternalRomance exploit to spread. PyRoMineIoT is a new strain of crypto-currency miner that exploits the NSA-linked EternalRomance remote code execution exploit to spread, the malware also abuses infected machines to scan for vulnerable Internet of Things (IoT) devices….