Rockwell Automation Stratix 5100 (Update A)
1. EXECUTIVE SUMMARY CVSS v3 6.9 ATTENTION: Exploitable remotely/public exploits are available Vendor: Rockwell Automation Equipment: Stratix 5100 Wireless Access Point/Workgroup Bridge Vulnerability: Reusing a Nonce 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled “ICSA-17-299-02 Rockwell Automation Stratix 5100” that was published October…
Fr. Sauter AG CASE Suite
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Fr. Sauter AG Equipment: CASE Suite Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to remotely retrieve unauthorized files from the system. 3….
Circontrol CirCarLife
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Circontrol Equipment: CirCarLife Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to retrieve credentials stored in clear text…
AVEVA InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: AVEVA Software, LLC. (AVEVA) Equipment: InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition) Vulnerabilities: Stack-based Buffer Overflow, Empty Password in Configuration File 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow…
Schneider Electric Software Update (SESU)
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Schneider Electric Equipment: Software Update (SESU) Vulnerability: DLL hijacking 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-305-02 Schneider Electric Software Update that was published November 1, 2018, on the…
Unpatched MS Word Flaw Could Allow Hackers to Infect Your Computer
Cybersecurity researchers have revealed an unpatched logical flaw in Microsoft Office 2016 and older versions that could allow an attacker to embed malicious code inside a document file, tricking users into running malware onto their computers. Discovered by researchers at Cymulate, the bug abuses the…
Rockwell Automation Allen-Bradley CompactLogix Reflective Cross-Site Scripting Vulnerability (Update A)
1. EXECUTIVE SUMMARY CVSS v3 6.1 ——— Begin Update A Part 1 of 5 ——– ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available ——— End Update A Part 1 of 5 ——— Vendor: Rockwell Automation Equipment: Allen-Bradley CompactLogix Vulnerability: Cross-site Scripting 2. UPDATE INFORMATION This updated advisory…
Vecna VGo Robot (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.8 ——— Begin Update A Part 1 of 6 ——— ATTENTION: Exploitable remotely/low skill level to exploit ——— End Update A Part 1 of 6 ——— Vendor: Vecna Technologies, Inc. (Vecna) Equipment: VGo Robot ——— Begin Update A Part 2 of 6 ———…
PEPPERL+FUCHS CT50-Ex
1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: PEPPERL+FUCHS Equipment: CT50-Ex Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious third-party application to gain elevated privileges and obtain access to sensitive information. 3. TECHNICAL DETAILS 3.1…
Systemd flaw could cause the crash or hijack of vulnerable Linux machines
Systemd is affected by a security vulnerability that can be exploited to crash a vulnerable Linux machine, and in the worst case to execute malicious code. An attacker can trigger the vulnerability using maliciously crafted DHCPv6 packets and modifying portions of memory of the vulnerable…
Stay connected