Siemens Spectrum Power 7
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to inject arbitrary code to the update script and escalate privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: 3.2 Vulnerability Overview 3.2.1 Incorrect Permission…
ISC Releases Security Advisories for Multiple Versions of BIND 9
The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions. CISA encourages users and administrators to review the following…
Siemens SCALANCE W1750D
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information or steal the unsuspecting user’s session. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20…
Dataprobe iBoot-PDU (Update A)
1. EXECUTIVE SUMMARY 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-22-263-03 Dataprobe iBoot-PDU that was published September 20, 2022, on the ICS webpage on cisa.gov/ICS. 3. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to…
Siemens SIMATIC Industrial Products
1. EXECUTIVE SUMMARY CVSS v3 7.9 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC industrial products Vulnerability: Time-of-check Time-of-use (TOCTOU) Race Condition 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a privileged user to potentially enable escalation of privilege via local access. 3. TECHNICAL DETAILS 3.1 AFFECTED…
CISA Releases Eight Industrial Control Systems Advisories
CISA released eight Industrial Control Systems (ICS) advisories on January 26, 2023.These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-026-01 Delta Electronics CNCSoft…
Hitachi Energy MicroSCADA Pro/X SYS600 Products
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: MicroSCADA X SYS600, MicroSCADA Pro Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to execute administrator level scripts. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The…
VMware Releases Security Updates for Multiple products
VVMware has released security updates to address multiple vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. VMSA-2022-0031 1. Impacted Products VMware vRealize Network Insight (vRNI) 2. Introduction Multiple vulnerabilities in VMware vRealize Network Insight…
Cisco Releases Security Advisory for IP Phone 7800 and 8800 Series
Summary A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device.This vulnerability is due to insufficient input validation of received Cisco Discovery…
Horner Automation Remote Compact Controller
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Horner Automation Equipment: Remote Compact Controller (RCC) 972 Vulnerabilities: Inadequate Encryption Strength, Use of Hard-coded Cryptographic Key, Excessive Reliance on Global Variables 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain credentials…
Stay connected