Stay connected

Trending News

26 Jul 2021

Category: Vulnerabilities

ThroughTek P2P SDK
ICS, News, Vulnerabilities

ThroughTek P2P SDK 

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: ThroughTek Equipment: P2P SDK Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION ThroughTek supplies multiple original equipment manufacturers of IP cameras with P2P connections as part of its cloud platform. Successful exploitation of this vulnerability could…

Automation Direct CLICK PLC CPU Modules
ICS, News, Vulnerabilities

Automation Direct CLICK PLC CPU Modules 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Automation Direct Equipment: CLICK PLC CPU modules Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Cleartext Transmission of Sensitive Information, Unprotected Storage of Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker…

OpenClinic GA
ICS, News, Vulnerabilities

OpenClinic GA (Update B) 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: OpenClinic GA is a product of open-source collaboration on Source Forge Equipment: OpenClinic GA Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Improper Restriction of Excessive Authentication Attempts, Improper Authentication, Missing…

ZOLL Defibrillator Dashboard
ICS, News, Vulnerabilities

ZOLL Defibrillator Dashboard 

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: ZOLL Equipment: Defibrillator Dashboard Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Use of Hard-coded Cryptographic Key, Cleartext Storage of Sensitive Information, Cross-site Scripting, Storing Passwords in a Recoverable Format, Improper Privilege Management 2. RISK EVALUATION Successful…

Rockwell Automation FactoryTalk Services Platform
ICS, News, Vulnerabilities

Rockwell Automation FactoryTalk Services Platform 

1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: FactoryTalk Services Platform Vulnerability: Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote, authenticated users to bypass FactoryTalk Security policies that are based on a computer name. 3. TECHNICAL DETAILS 3.1…

AGG Software Web Server Plugin
ICS, News, Vulnerabilities

AGG Software Web Server Plugin 

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: AGG Software Equipment: Web Server Vulnerabilities: Path Traversal, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code execution and exposure of arbitrary system files. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following…

Advantech iView
ICS, News, Vulnerabilities

Advantech iView 

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: iView Vulnerabilities: Missing Authentication for Critical Function, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information and perform remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS…

Hillrom Medical Device Management
ICS, News, Vulnerabilities

Hillrom Medical Device Management 

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Hillrom Equipment: Welch Allyn medical device management tools Vulnerabilities: Out-of-Bounds Write, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption and remotely execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED…

Siemens JT2Go and Teamcenter Visualization
ICS, News, Vulnerabilities

Siemens JT2Go and Teamcenter Visualization (Update B) 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: JT2Go and Teamcenter Visualization Vulnerabilities: Type Confusion, Improper Restriction of XML External Entity Reference, Out-of-bounds Write, Heap-based Buffer Overflow, Stack-based Buffer Overflow, Untrusted Pointer Dereference, Out-of-bounds Read 2. UPDATE INFORMATION This updated advisory is…