Stay connected

Trending News

Wibu-Systems CodeMeter
ICS, News, Vulnerabilities

Wibu-Systems CodeMeter (Update C) 

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Wibu-Systems AG Equipment: CodeMeter Vulnerabilities: Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper Verification of Cryptographic Signature, Improper Resource Shutdown or Release 2. UPDATE INFORMATION This updated…

ENTTEC Lighting Controllers
ICS, News, Vulnerabilities

ENTTEC Lighting Controllers (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: ENTTEC Equipment: Datagate Mk2, Storm 24, Pixelator, E-Streamer Mk2 Vulnerabilities: Use of Hard-coded Cryptographic Key, Cross-site Scripting, Improper Access Control, Incorrect Permission Assignment for Critical Resource 2. UPDATE INFORMATION This updated advisory…

Philips Patient Monitoring Devices
ICS, News, Vulnerabilities

Philips Patient Monitoring Devices 

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: Patient Information Center iX (PICiX); PerformanceBridge Focal Point; IntelliVue Patient Monitors MX100, MX400-MX850, and MP2-MP90; and IntelliVue X2, and X3 Vulnerabilities: Improper Neutralization of Formula Elements in a CSV File, Cross-site Scripting, Improper Authentication,…

https://us-cert.cisa.gov/ics/advisories/icsa-20-254-01
ICS, News, Vulnerabilities

AVEVA Enterprise Data Management Web 

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: AVEVA Equipment: Enterprise Data Management Web Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected device. 3. TECHNICAL DETAILS 3.1…

FATEK Automation PLC WinProladder
ICS, News, Vulnerabilities

FATEK Automation PLC WinProladder 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: FATEK Automation Equipment: PLC WinProladder Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being accessed; a buffer overflow condition may cause a denial-of-service event and remote code execution. …

HMS Networks Ewon Flexy and Cosy
ICS, News, Vulnerabilities

HMS Networks Ewon Flexy and Cosy 

1. EXECUTIVE SUMMARY CVSS v3 2.3 ATTENTION: Low skill level to exploit Vendor: HMS Networks Equipment: Ewon Flexy and Cosy Vulnerability: Permissive Cross-domain Policy with Untrusted Domains 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to retrieve limited confidential information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS…

Siemens SIMATIC RTLS Locating Manager
ICS, News, Vulnerabilities

Siemens SIMATIC RTLS Locating Manager 

1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SIMATIC RTLS Locating Manager Vulnerabilities: Incorrect Default Permissions, Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a privileged local user to escalate privileges. 3. TECHNICAL DETAILS 3.1…

Siemens License Management Utility
ICS, News, Vulnerabilities

Siemens License Management Utility 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: License Management Utility Vulnerability: Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of this vulnerability could allow local users to escalate privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of License…

Siemens Spectrum Power
ICS, News, Vulnerabilities

Siemens Spectrum Power 

1. EXECUTIVE SUMMARY CVSS v3 3.7 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Spectrum Power Vulnerabilities: Cleartext Storage of Sensitive Information, Exposure of Information Through Directory Listing 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthorized attacker to retrieve a list of software users, or in certain…

Siemens Polarion Subversion Webclient
ICS, News, Vulnerabilities

Siemens Polarion Subversion Webclient 

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens  Equipment: Polarion Subversion Webclient Vulnerabilities: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS), Cross-site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities where an attacker injects client-side…