GE Grid Solutions Reason RT Clocks
1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Low skill level to exploit/exploitable remotely Vendor: GE Equipment: Grid Solutions Reason RT Clocks Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow access to sensitive information, execution of arbitrary code, and cause the device…
SWARCO CPU LS4000
EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: SWARCO TRAFFIC SYSTEMS Equipment: CPU LS4000 Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow access to the device and disturb operations with connected devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS…
Apache Tomcat RCE by deserialization (CVE-2020-9484) – write-up and exploit0
A few days ago, a new remote code execution vulnerability was disclosed for Apache Tomcat. Affected versions are: Apache Tomcat 10.x < 10.0.0-M5 Apache Tomcat 9.x < 9.0.35 Apache Tomcat 8.x < 8.5.55 Apache Tomcat 7.x < 7.0.104 In other words, all versions of tomcat…
Inductive Automation Ignition (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Inductive Automation Equipment: Ignition Vulnerabilities: Missing Authentication for Critical Function, Deserialization of Untrusted Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-147-01 Inductive Automation Ignition that was published…
Johnson Controls Kantech EntraPass
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: low skill level to exploit Vendor: Kantech, a subsidiary of Johnson Controls Equipment: EntraPass Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could potentially allow an authorized low-privileged user to gain full system-level privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED…
Chinese Researchers Disrupt Malware Attack That Infected Thousands of PCs
Chinese security firm Qihoo 360 Netlab said it partnered with tech giant Baidu to disrupt a malware botnet infecting over hundreds of thousands of systems. The botnet was traced back to a group it calls ShuangQiang (also called Double Gun), which has been behind several attacks since 2017…
Johnson Controls Software House C-CURE 9000 and American Dynamics victor VMS
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Equipment: Software House C•CURE 9000 and American Dynamics victor Video Management System Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability may…
Schneider Electric EcoStruxure Operator Terminal Expert
1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Low skill level to exploit/public exploits are available Vendor: Schneider Electric Equipment: EcoStruxure Operator Terminal Expert Vulnerabilities: SQL Injection, Path Traversal, Argument Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow unauthorized write access or remote code execution. 3. TECHNICAL…
Rockwell Automation EDS Subsystem
1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable from adjacent network/low skill level to exploit Vendor: Rockwell Automation Equipment: EDS Subsystem Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to a denial-of-service condition….
Emerson OpenEnterprise
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Emerson Equipment: OpenEnterprise SCADA Software Vulnerabilities: Missing Authentication for Critical Function, Improper Ownership Management, Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker access to OpenEnterprise configuration services or…
Stay connected