Stay connected

Trending News

OpenClinic GA
ICS, News, Vulnerabilities

OpenClinic GA (Update B) 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: OpenClinic GA is a product of open-source collaboration on Source Forge Equipment: OpenClinic GA Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Improper Restriction of Excessive Authentication Attempts, Improper Authentication, Missing…

ZOLL Defibrillator Dashboard
ICS, News, Vulnerabilities

ZOLL Defibrillator Dashboard 

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: ZOLL Equipment: Defibrillator Dashboard Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Use of Hard-coded Cryptographic Key, Cleartext Storage of Sensitive Information, Cross-site Scripting, Storing Passwords in a Recoverable Format, Improper Privilege Management 2. RISK EVALUATION Successful…

Rockwell Automation FactoryTalk Services Platform
ICS, News, Vulnerabilities

Rockwell Automation FactoryTalk Services Platform 

1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: FactoryTalk Services Platform Vulnerability: Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote, authenticated users to bypass FactoryTalk Security policies that are based on a computer name. 3. TECHNICAL DETAILS 3.1…

AGG Software Web Server Plugin
ICS, News, Vulnerabilities

AGG Software Web Server Plugin 

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: AGG Software Equipment: Web Server Vulnerabilities: Path Traversal, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code execution and exposure of arbitrary system files. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following…

Advantech iView
ICS, News, Vulnerabilities

Advantech iView 

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: iView Vulnerabilities: Missing Authentication for Critical Function, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information and perform remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS…

Hillrom Medical Device Management
ICS, News, Vulnerabilities

Hillrom Medical Device Management 

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Hillrom Equipment: Welch Allyn medical device management tools Vulnerabilities: Out-of-Bounds Write, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption and remotely execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED…

Siemens SIMATIC S7-1200 and S7-1500 CPU Families
ICS, News, Vulnerabilities

Siemens SIMATIC S7-1200 and S7-1500 CPU Families 

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC S7-1200 and S7-1500 CPU Families Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer\ 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to write arbitrary data and code to…

Siemens JT2Go and Teamcenter Visualization
ICS, News, Vulnerabilities

Siemens JT2Go and Teamcenter Visualization (Update B) 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: JT2Go and Teamcenter Visualization Vulnerabilities: Type Confusion, Improper Restriction of XML External Entity Reference, Out-of-bounds Write, Heap-based Buffer Overflow, Stack-based Buffer Overflow, Untrusted Pointer Dereference, Out-of-bounds Read 2. UPDATE INFORMATION This updated advisory is…

Mitsubishi Electric Factory Automation Engineering Products
ICS, News, Vulnerabilities

Mitsubishi Electric Factory Automation Engineering Products (Update C) 

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric, Factory Automation Engineering products Vulnerability: Unquoted Search Path or Element 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update B)…

Mitsubishi Electric MELFA
ICS, News, Vulnerabilities

Mitsubishi Electric MELFA (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELFA FR Series, MELFA CR Series, MELFA ASSISTA Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-021-04 Mitsubishi Electric MELFA that was published January…