Stay connected

Trending News

Critical vulnerabiliities, ICS, News, Recommendations, Security Patches, Vulnerabilities

VMware Vulnerabilities 

Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control. The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination….

Critical vulnerabiliities, Industrial IoT (IIoT), IoT Security, News, Recommendations, Security Patches, Vulnerabilities...

Siemens SIMATIC WinCC 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC PCS, WinCC Vulnerability: Insecure Default Initialization of Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow authenticated attackers to escape the kiosk mode. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products…

Critical vulnerabiliities, IoT Security, News, Recommendations, Security Patches, Vulnerabilities

Johnson Controls Metasys 

1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Metasys ADS/ADX/OAS Servers Vulnerability: Unverified Password Change 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to lock other users out of the system and take over their accounts….

Cyber Security, Industrial IoT (IIoT), IoT Security, Remediation, Security Patches, Uncategorized, Vulnerabilities...

ICS Advisory (ICSA-22-090-01) 

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: SCADAPack Workbench Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result from exfiltration of data from local files to a remote system controlled by an attacker….

News, Security Patches, Vulnerabilities

Security expert discovered Kernel Level Privilege Escalation vulnerability in the Availability Suite Service component of Oracle Solaris 10 and 11.3 

Security researchers from Trustwave have discovered a new high severity vulnerability, tracked as CVE-2018-2892, that affected the Availability Suite Service component in Oracle Solaris 10 and 11.3. The flaw could be exploited by a remote authenticated attacker to execute code with elevated privileges. “A local…