Stay connected

Trending News

Fazecast jSerialComm
ICS, News, Vulnerabilities

Fazecast jSerialComm 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Fazecast Equipment: jSerialComm Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on a targeted system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The…

SAE IT-systems FW-50 Remote Telemetry Unit (RTU)
ICS, News, Vulnerabilities

SAE IT-systems FW-50 Remote Telemetry Unit (RTU) 

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: SAE IT-systems Equipment: FW-50 Remote Telemetry Unit (RTU) Vulnerabilities: Cross-site Scripting, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow an attacker to execute remote code, disclose sensitive information, or cause a…

LCDS LAquis SCADA
ICS, News, Vulnerabilities

LCDS LAquis SCADA 

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Low skill level to exploit Vendor: LCDS—Leão Consultoria e Desenvolvimento de Sistemas LTDA ME Equipment: LAquis SCADA Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could…

Sierra Wireless AirLink ALEOS
ICS, News, Vulnerabilities

Sierra Wireless AirLink ALEOS (Update B) 

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Sierra Wireless Equipment: AirLink ALEOS Vulnerabilities: OS Command Injection, Use of Hard-coded Credentials, Unrestricted Upload of File with Dangerous Type, Cross-site Scripting, Cross-site Request Forgery, Information Exposure, Missing Encryption of Sensitive Data…

Inductive Automation Ignition
ICS, News, Vulnerabilities

Inductive Automation Ignition 

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Inductive Automation Equipment: Ignition 8 Gateway Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to write endless log statements into the database, which could result in a…

Eaton HMiSoft VU3
ICS, News, Vulnerabilities

Eaton HMiSoft VU3 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Eaton Equipment: HMiSoft VU3 (HMIVU3 runtime not impacted) Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed and may allow remote code execution or information…

Triangle MicroWorks DNP3 Outstation Libraries
ICS, News, Vulnerabilities

Triangle MicroWorks DNP3 Outstation Libraries 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Triangle MicroWorks Equipment: DNP3 Outstation Libraries Vulnerability: Stacked-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could possibly allow remote attackers to stop the execution of code on affected equipment. 3. TECHNICAL DETAILS…

Triangle MicroWorks SCADA Data Gateway
ICS, News, Vulnerabilities

Triangle MicroWorks SCADA Data Gateway 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Triangle MicroWorks Equipment: SCADA Data Gateway Vulnerabilities: Stacked-based Buffer Overflow, Out-of-Bounds Read, Type Confusion 2. RISK EVALUATION These vulnerabilities allow remote attackers to execute arbitrary code and disclose on affected installations…

Active Directory DCSync
News, White Papers

Active Directory DCSync 

INTRODUCTIONIn many environments Domain Controller and Active Directory are used to manage the network, users and computers. The organizations often need the existence of more than one Domain Controller for its Active Directory. For keeping an environment with more than one Domain Controller consistent, it…

Siemens climatix
ICS, News, Vulnerabilities

Siemens Climatix 

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Climatix Vulnerability: Cross-site Scripting, Basic XSS 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code to access confidential information without authentication. 3. TECHNICAL DETAILS 3.1…