Mitsubishi Electric MELSEC and MELIPC Series (Update G)
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition. Recovery requires a system reset. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of MELSEC series CPU modules and MELIPC Series Industrial Computers…
Hitachi Energy eSOMS
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information related to eSOMS application configuration. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Hitachi Energy products are affected: 3.2 Vulnerability Overview 3.2.1 GENERATION OF ERROR MESSAGE CONTAINING…
Johnson Controls Quantum HD Unity
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to access debug features that were accidentally exposed. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Johnson Controls Quantum HD Unity products are affected: 3.2 Vulnerability Overview 3.2.1 ACTIVE DEBUG…
Cisco Identity Services Engine Command Injection Vulnerabilities
Summary Affected Products Details Workarounds Fixed Software Source:
48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems
A new set of 48 malicious npm packages have been discovered in the npm repository with capabilities to deploy a reverse shell on compromised systems. “These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate a reverse shell on package install,” software…
Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability
F5 is warning of active abuse of a critical security flaw in BIG-IP less than a week after its public disclosure, resulting in the execution of arbitrary system commands as part of an exploit chain. Tracked as CVE-2023-46747 (CVSS score: 9.8), the vulnerability allows an unauthenticated attacker with network…
Centralite Pearl Thermostat
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial of service on the affected product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions Centralite Pearl Thermostat are affected: 3.2 Vulnerability Overview 3.2.1 ALLOCATION OF RESOURCES…
Dingtian DT-R002
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to bypass authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Dingtian DT-R002, a relay board, are affected: 3.2 Vulnerability Overview 3.2.1 AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294 relay_cgi.cgi on…
Rockwell Automation Stratix 5800 and Stratix 5200
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to take control of the affected system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Stratix products and the contained Cisco IOS software are affected: 3.2 Vulnerability…
Hitachi Energy’s RTU500 Series Product
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to crash the device being accessed or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Hitachi Energy’s RTU500 Series Product, are affected: 3.2 Vulnerability…
Stay connected