Mitsubishi Electric MELSEC-Q Series C Controller Module
1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: MELSEC-Q Series C Controller Module Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition or allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions…
Mitsubishi Electric GOT and Tension Controller (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GOT and Tension Controller Vulnerabilities: Improper Handling of Exceptional Conditions, Improper Input Validation ——— Begin Update A Part 1 of 2 ——— Mitsubishi Electric PSIRT has informed CISA that further research has shown the…
ICS Advisory (ICSA-22-090-01)
1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: SCADAPack Workbench Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result from exfiltration of data from local files to a remote system controlled by an attacker….
Exploit for Apple iOS version 12.1.3
Following our previous blog post “Analysis and Reproduction of iOS/OSX Vulnerability: CVE-2019-7286” we discussed the details of CVE-2019-7286 vulnerability – a double-free vulnerability that was patched in the previous release of iOS and was actively exploited in the wild. There is no public information about…
Flaws in the design of IoT devices prevent them from notifying homeowners about problems
esign flaws in smart home Internet of Things (IoT) devices that allow third parties to prevent devices from sharing information have been identified by researchers at North Carolina State University. On storage constrained IoT devices, the lack of buffering event notifications and content in embedded channels presents…
Several IoT botnet C2s compromised by a threat actor due to weak credentials
Introduction Most IoT botnets including Mirai and QBot count on getting access to the victim using weak/default credentials. However, a lot of times the threat actors themselves have poor opsec, with weak and default passwords in their command and control server. In theory, another black…
Hacking IoT hackers: How to crash Mirai IoT command and control servers
Introduction Just like every piece of software code, malware are not immune to vulnerabilities. In fact, most malware do not go through the process of Quality Control, and have more probability to have a bug. Sometimes these bugs can be (mis)used for various motives. In…
Tens of flaws in Samsung SmartThings Hub expose smart home to attack
Cisco Talos researchers found tens of flaws in Samsung SmartThings Hub controller that potentially expose smart home devices to attack Cisco Talos researchers have discovered 20 vulnerabilities in Samsung SmartThings Hub controller that potentially expose any supported third-party smart home devices to cyber attack. “Cisco Talos…
Sony addresses remotely exploitable flaws in Sony IPELA E Network Cameras
Sony fixed 2 remotely exploitable flaws in Sony IPELA E Series Network Camera products that could be exploited to execute commands or arbitrary code. Sony addressed two remotely exploitable flaws in Sony IPELA E Series Network Camera products that could be exploited to execute commands or arbitrary code…
wolfMQTT Client Library Adds End-to-End Encryption for M2M and IoT
WolfSSL recently released the wolfMQTT client library, a security add-on that provides SSL/TLS encryption for the Message Queuing Telemetry Transport (MQTT) protocol. MQTT is a publisher/subscriber based architecture, in which systems communicate among each other by publishing messages and subscribing to topics through TCP/IP network…
Stay connected