1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Martem Equipment: TELEM-GW6/GWM ——— Begin Update B Part 1 of 5 ——– Vulnerabilities: Missing Authentication for Critical Function, Incorrect Default Permissions, Resource Exhaustion, Cross-Site Scripting ——— End Update B Part 1…

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: eSOMS Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability requires an attacker to discover a valid user account, which could be used to gain access to the application without authentication….

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: PowerLogic PM5560 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow user input to be manipulated, allowing for remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The…

. EXECUTIVE SUMMARY CVSS v3 4.8 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Modicon M221 Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to remotely reboot the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following…

    1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Qualcomm Life Equipment: Capsule Datacaptor Terminal Server (DTS) Vulnerability: Code Weakness 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute unauthorized code to obtain administrator-level privileges on the…

Multiple versions of cardiovascular imaging and information management software from Philips have been found to contain vulnerabilities that could lead to escalated privileges and arbitrary code execution. The first vulnerability, CVE-2018-14787, is a high-severity flaw (CVSS score of 7.3) found in versions 2.x or prior of Philips’ IntelliSpace…

A security researcher has publicly disclosed the details of a previously unknown zero-day vulnerability in the Microsoft’s Windows operating system that could help a local user or malicious program obtain system privileges on the targeted machine. And guess what? The zero-day flaw has been confirmed…

This is similar to taking a room key for a building and turning it into a skeleton key that works on every door in the building. A vulnerability in Microsoft’s Active Directory Federation Services (ADFS) has been uncovered that would allow malicious actors to bypass…

Maintainers of the Apache Struts 2 open source development framework has released security updates to address a critical remote code execution vulnerability. Security updates released this week for the Apache Struts 2 open source development framework addressed a critical RCE tracked as CVE-2018-11776. The vulnerability affects Struts…