Stay connected

Trending News

19 Jun 2021

Category: News

Medtronic Conexus Radio Frequency Telemetry Protocol
ICS, News, Vulnerabilities

Medtronic Conexus Radio Frequency Telemetry Protocol (Update C) 

1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Exploitable with adjacent access/low attack complexity Vendor: Medtronic Equipment: MyCareLink Monitor, CareLink Monitor, CareLink 2090 Programmer, specific Medtronic implanted cardiac devices listed below Vulnerabilities: Improper Access Control, Cleartext Transmission of Sensitive Information 2. UPDATE INFORMATION This updated advisory is a follow-up to…

Rockwell Automation FactoryTalk AssetCentre
ICS, News, Vulnerabilities

Rockwell Automation FactoryTalk AssetCentre 

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk AssetCentre Vulnerabilities: OS Command Injection, Deserialization of Untrusted Data, SQL Injection, Improperly Restricted Functions 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow unauthenticated attackers to perform arbitrary command execution, SQL injection,…

Philips Gemini PET/CT Family
ICS, News, Vulnerabilities

Philips Gemini PET/CT Family 

1. EXECUTIVE SUMMARY CVSS v3 2.4 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: Gemini PET/CT Family Vulnerability: Storage of Sensitive Data in a Mechanism Without Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability involving removable media could allow access to sensitive information (including patient information)….

Weintek EasyWeb cMT
ICS, News, Vulnerabilities

Weintek EasyWeb cMT 

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Weintek Equipment: cMT Vulnerabilities: Code Injection, Improper Access Control, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to access sensitive information and execute arbitrary code to gain…

GE MU320E
ICS, News, Vulnerabilities

GE MU320E 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: MU320E Vulnerabilities: Use of Hard-coded Password, Execution with Unnecessary Privileges, Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate unnecessary privileges and use hard-coded credentials…

GE Reason DR60
ICS, News, Vulnerabilities

GE Reason DR60 

1. EXECUTIVE SUMMARY CVSS v3 9.8 GE Reason DR60 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: Reason DR60 Vulnerabilities: Hard-coded Password, Code Injection, Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to take full control of the digital…

Ovarro TBox
ICS, News, Vulnerabilities

Ovarro TBox 

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Ovarro Equipment: TBoxLT2 (All models), TBox MS-CPU32, TBox MS-CPU32-S2, TBox RM2 (All models), TBox TG2 (All models) Vulnerabilities: Code Injection, Incorrect Permission Assignment for Critical Resource, Uncontrolled Resource Consumption, Insufficiently Protected Credentials, Use of Hard-coded…

Johnson Controls Exacq Technologies exacqVision
ICS, News, Vulnerabilities

Johnson Controls Exacq Technologies exacqVision 

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Exacq Technologies, Inc., a subsidiary of Johnson Controls Equipment: exacqVision Vulnerability: Information Exposure 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to view system-level information about the exacqVision Web Service…