Stay connected

Trending News

Cisco Smart Software Manager On-Prem Password Change Vulnerability 
5 days ago 3 min read  
Cisco Secure Email Gateway Arbitrary File Write Vulnerability 
5 days ago 5 min read  
Siemens RUGGEDCOM APE 1808 
2 weeks ago 3 min read  
Siemens SIMATIC WinCC 
2 weeks ago 3 min read  
Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series (Update D) 
2 weeks ago 5 min read  
Siemens SCALANCE XM-400, XR-500 
1 month ago 11 min read  
Critical vulnerabiliities, News, Recommendations, Uncategorized, Vulnerabilities

Siemens PADS Standard/Plus Viewer 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: PADS Standard/Plus Viewer Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitations of these vulnerabilities could allow an attacker to trick a user into…

IoT, 2 years ago 8 min read  
Critical vulnerabiliities, Industrial IoT (IIoT), IoT Security, News, Recommendations

Siemens EN100 Ethernet Module 

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: EN100 Ethernet Module Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the product crashing or the creation of a denial-of-service…

[email protected], 2 years ago 3 min read  
Critical vulnerabiliities, IoT Security, News, Recommendations, Vulnerabilities

Siemens SCALANCE LPE9403 Third-Party Vulnerabilities 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely, low attack complexity Vendor: Siemens Equipment: SCALANCE LPE9403 Vulnerabilities: Multiple 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause crashes and unrestricted file access, impacting the product’s confidentiality, integrity, and availability. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following…

[email protected], 2 years ago 5 min read  
Critical vulnerabiliities, ICS, News, Recommendations, Security Patches, Vulnerabilities

VMware Vulnerabilities 

Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control. The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination….

IoT, 2 years ago 4 min read  
Critical vulnerabiliities, Industrial IoT (IIoT), IoT Security, News, Recommendations, Security Patches, Vulnerabilities...

Siemens SIMATIC WinCC 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC PCS, WinCC Vulnerability: Insecure Default Initialization of Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow authenticated attackers to escape the kiosk mode. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products…

IoT, 2 years ago 3 min read  
Critical vulnerabiliities, IoT Security, News, Recommendations, Security Patches, Vulnerabilities

Johnson Controls Metasys 

1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Metasys ADS/ADX/OAS Servers Vulnerability: Unverified Password Change 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to lock other users out of the system and take over their accounts….

IoT, 2 years ago 2 min read  
Critical vulnerabiliities, Cyber Security, ICS, IoT Security, News, Recommendations, Vulnerabilities...

Hitachi Energy MicroSCADA Pro/X SYS600 

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MicroSCADA Pro/X SYS600 Vulnerabilities: Observable Discrepancy, HTTP Request Smuggling, Classic Buffer Overflow, Improper Certificate Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, Exposure of Sensitive Information to an Unauthorized Actor…

(I)IoT, 2 years ago 6 min read  
Critical vulnerabiliities, Cyber Security, Industrial IoT (IIoT), IoT Security, Recommendations, Uncategorized, Vulnerabilities...

Mitsubishi Electric MELSEC-Q Series C Controller Module 

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: MELSEC-Q Series C Controller Module Vulnerability: Heap-based Buffer Overflow  2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition or allow remote code execution.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions…

IoT, 2 years ago 2 min read  
Critical vulnerabiliities, Recommendations

BD Alaris Plus 

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Becton, Dickinson and Company (BD) Equipment: Alaris GS, Alaris GH, Alaris CC, Alaris TIVA Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability may allow a remote attacker to gain unauthorized access to…

(I) IoT, 6 years ago 3 min read  
News, Recommendations

Philips IntelliVue Information Center iX 

1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: Philips IntelliVue Information Center iX Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSMA-18-233-01 Philips IntelliVue Information Center iX (Update A) that was published August…

(I) IoT, 6 years ago 3 min read