Stay connected

Trending News

Johnson Controls Exacq Technologies exacqVision
ICS, News, Vulnerabilities

Johnson Controls Exacq Technologies exacqVision 

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Exacq Technologies, Inc., a subsidiary of Johnson Controls Equipment: exacqVision Vulnerability: Information Exposure 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to view system-level information about the exacqVision Web Service…

Hitachi ABB Power Grids eSOMS Telerik
ICS, News, Vulnerabilities

Hitachi ABB Power Grids eSOMS Telerik 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Hitachi ABB Power Grids Equipment: eSOMS Telerik Vulnerabilities: Path Traversal, Deserialization of Untrusted Data, Improper Input Validation, Inadequate Encryption Strength, Insufficiently Protected Credentials, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow…

Advantech WebAccess/SCADA
ICS, News, Vulnerabilities

Advantech WebAccess/SCADA 

1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess/SCADA Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to steal a user’s cookie/session token or redirect an authorized user to a malicious webpage. 3….

Hitachi ABB Power Grids AFS Series
ICS, News, Vulnerabilities

Hitachi ABB Power Grids AFS Series 

1. EXECUTIVE SUMMARY Hitachi ABB Power Grids AFS Series CVSS v3 6.5 ATTENTION: Low skill level to exploit Vendor: Hitachi ABB Power Grids Equipment: AFS Series Vulnerability: Infinite Loop 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition on one of the ports in a…

BD Alaris 8015 PC Unit
ICS, News, Vulnerabilities

BD Alaris 8015 PC Unit (Update B) 

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: Becton, Dickinson and Company (BD) Equipment: BD Alaris 8015 PC Unit Vulnerabilities: Insufficiently Protected Credentials, Security Features 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSMA-17-017-02 BD Alaris 8015 Insufficiently…

Schneider Electric IGSS SCADA Software
ICS, News, Vulnerabilities

Schneider Electric IGSS SCADA Software 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Schneider Electric Equipment: IGSS (Interactive Graphical SCADA System) Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in remote code execution. 3. TECHNICAL…

Siemens Solid Edge File Parsing
ICS, News, Vulnerabilities

Siemens Solid Edge File Parsing 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: Solid Edge Vulnerabilities: Out-of-bounds Write, Improper Restriction of XML External Entity Reference, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to a denial-of-service condition, and could lead to arbitrary code…

Luxion KeyShot (Update A)
ICS, News, Vulnerabilities

Luxion KeyShot (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Luxion Equipment: KeyShot products Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read, Insufficient UI Warning of Dangerous Operations, Untrusted Pointer Dereference, Path Traversal 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-035-01 Luxion…

TCP/IP Stack Vulnerabilities–AMNESIA:33 in SENTRON PAC / 3VA Devices
ICS, News, Vulnerabilities

TCP/IP Stack Vulnerabilities–AMNESIA:33 in SENTRON PAC / 3VA Devices 

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SENTRON 3VA COM100/800, SENTRON 3VA DSP800, SENTRON PAC2200, SENTRON PAC3200T, SENTRON PAC3200, SENTRON PAC3220, SENTRON PAC4200 Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a denial-of-service…

Siemens TCP Stack of SIMATIC MV400
ICS, News, Vulnerabilities

Siemens TCP Stack of SIMATIC MV400 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC MV400 Vulnerabilities: Improper Validation of Specified Index, Position, or Offset in Input; Use of Insufficiently Random Values 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a denial-of-service condition or affect…