Stay connected

Trending News

Critical vulnerabiliities, IoT Security, Market, News

Hitachi Energy MSM 

1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain user access credentials of the MSM web interface or cause a denial-of-service condition.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Hitachi Energy products are affected:  3.2 VULNERABILITY…

Critical vulnerabiliities, Exploit, ICS, IoT Security, Market, News

Industrial Control Links ScadaFlex II SCADA Controllers 

1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to overwrite, delete, or create files.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Industrial Control Links ScadaFlex II SCADA Controllers are affected:  3.2 VULNERABILITY OVERVIEW 3.2.1 EXTERNAL…

Cyber Security, IoT Security, Market, Security Patches

Security content of iOS 15.7.4 and iPadOS 15.7.4 

About Apple security updates For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference vulnerabilities by CVE-ID when possible. For more information…

ICS, Industrial IoT (IIoT), IoT Security

Mitsubishi Electric MELSOFT iQ AppPortal 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Mitsubishi Electric  Equipment: MELSOFT iQ AppPortal  Vulnerabilities: HTTP Request Smuggling, Insufficient Verification of Data Authenticity  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a malicious attacker to make unidentified impacts such as authentication bypass, information…

ICS, Industrial IoT (IIoT), IoT Security, News

Johnson Controls System Configuration Tool (SCT) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely  Vendor: Johnson Controls  Equipment:  System Configuration Tool  Vulnerabilities: Sensitive Cookie Without ‘HttpOnly’ Flag, Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access cookies and take over the…

Critical vulnerabiliities, IoT Security, Market, News, Recommendations

Mitsubishi Electric MELSEC iQ-R Series 

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Mitsubishi Electric  Equipment: MELSEC iQ-R Series  Vulnerability: Improper Input Validation  2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to cause a denial-of-service condition on a target product by sending specially crafted…

Critical vulnerabiliities, Industrial IoT (IIoT), IoT Security, Market, News

Cradlepoint IBR600 

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low attack complexity  Vendor: Cradlepoint Equipment: IBR600 Vulnerabilities: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code and native system commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Cradlepoint IBR600 are…

Critical vulnerabiliities, Industrial IoT (IIoT), IoT Security, Market, News, Recommendations

Siemens SINEC INS 

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/Low attack complexity  Vendor: Siemens Equipment: SINEC INS Vulnerabilities: Improper Input Validation, Integer Overflow or Wraparound, Uncontrolled Resource Consumption, Command Injection, Inadequate Encryption Strength, Missing Encryption of Sensitive Data, Improper Restriction of Operations Within the Bounds of a Memory Buffer, Exposure…