CVE-2018-8453 Zero-Day flaw exploited by FruityArmor APT in attacks aimed at Middle East
A Windows zero-day flaw addressed by Microsoft with its latest Patch Tuesday updates is exploited by an APT group in attacks aimed at entities in the Middle East. The Windows zero-day vulnerability tracked as CVE-2018-8453 is a privilege escalation flaw that was exploited by an APT group in attacks…
Siemens OpenSSL Vulnerability in Industrial Products
1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Industrial Products Vulnerability: Cleartext Transmission of Sensitive Information 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-18-226-02 Siemens OpenSSL Vulnerability in Industrial Products (Update A) that was…
Siemens SIMATIC STEP 7 and SIMATIC WinCC (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable locally/low skill level to exploit Vendor: Siemens Equipment: SIMATIC STEP 7 (TIA Portal) and SIMATIC WinCC (TIA Portal) Vulnerabilities: Incorrect Default Permissions 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-226-01 Siemens SIMATIC STEP 7…
Siemens Medium Voltage SINAMICS Products (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Medium Voltage SINAMICS Products Vulnerabilities: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-128-01 Siemens Medium Voltage SINAMICS Products that…
Siemens SIMATIC WinCC OA Operator IOS App (Update A)
1. EXECUTIVE SUMMARY CVSS v3 4.0 Vendor: Siemens Equipment: SIMATIC WinCC OA iOS App Vulnerability: File and Directory Information Exposure. 2 UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-109-01 Siemens SIMATIC WinCC OA Operator iOS App that was published…
Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software (Update C)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the…
Siemens Industrial Products (Update H)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Siemens Equipment: Industrial Products Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-339-01 Siemens Industrial Products (Update G) published September 11,…
Siemens SIMATIC, SINUMERIK, and PROFINET IO (Update A)
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable from an adjacent network Vendor: Siemens Equipment: SIMATIC, SINUMERIK, and PROFINET IO Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-079-02 Siemens SIMATIC, SINUMERIK, and PROFINET IO that was published March…
New Exploit for MikroTik Router WinBox Vulnerability Gives Full Root Access
A known vulnerability in MikroTik routers is potentially far more dangerous than previously thought. A cybersecurity researcher from Tenable Research has released a new proof-of-concept (PoC) RCE attack for an old directory traversal vulnerability that was found and patched within a day of its discovery…
Carestream Vue RIS
1. EXECUTIVE SUMMARY CVSS v3 3.7 ATTENTION: Exploitable remotely Vendor: Carestream Equipment: Carestream Vue RIS Vulnerability: Information Exposure Through an Error Message 2. RISK EVALUATION An attacker with access to the network of the affected system can passively read traffic. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions…
Stay connected