Stay connected

Trending News

Critical vulnerabiliities, Cyber Security, ICS, Industrial IoT (IIoT), Vulnerabilities

Siemens RUGGEDCOM Devices Vulnerability 

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM Devices Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authorized threat actor to obtain privileges to access passwords. 3. TECHNICAL DETAILS…

Advantech ADAM-3600
ICS, News, Vulnerabilities

Advantech ADAM-3600 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: ADAM-3600 Vulnerability: Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized access to intercept traffic using the hardcoded key. This could allow an attacker to achieve Web Server…

Fresenius Kabi Agilia Connect Infusion System
ICS, News, Vulnerabilities

Fresenius Kabi Agilia Connect Infusion System 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Fresenius Kabi Equipment: Agilia Connect Infusion System Vulnerabilities: Uncontrolled Resource Consumption, Use of a Broken or Risky Cryptographic Algorithm, Insufficiently Protected Credentials, Improper Access Control, Plaintext Storage of a Password, Files or Directories Accessible to External Parties,…

Mitsubishi Electric MELSEC and MELIPC Series
ICS, News, Vulnerabilities

Mitsubishi Electric MELSEC and MELIPC Series (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC and MELIPC Series Vulnerabilities: Uncontrolled Resource Consumption, Improper Handling of Length Parameter Inconsistency, Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow up to the original advisory titled ICSA-21-334-02 Mitsubishi…

GE Gas Power ToolBoxST
ICS, News, Vulnerabilities

GE Gas Power ToolBoxST 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: GE Gas Power Equipment: ToolBoxST Vulnerabilities: Improper Restriction of XML External Entity Reference, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in data exfiltration or arbitrary write, overwrite, and execution. 3. TECHNICAL DETAILS…

Geutebrück G-Cam E2 and G-Code
ICS, Vulnerabilities

Geutebrück G-Cam E2 and G-Code 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Geutebrück Equipment: G-Cam E2 and G-Code Vulnerabilities: Missing Authentication for Critical Function, Command Injection, Stack-based Buffer Overflow 2. RISK EVALUATION UDP Technology supplies multiple OEMs such as Geutebrück with firmware for IP cameras. Successful…

LCDS LAquis SCADA
ICS, Vulnerabilities

LCDS LAquis SCADA 

1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: LCDS—Leão Consultoria e Desenvolvimento de Sistemas Ltda ME Equipment: LAquis SCADA Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an unauthenticated remote attacker to access sensitive information or execute arbitrary code. 3….

Delta Electronics DIAScreen
ICS, Vulnerabilities

Delta Electronics DIAScreen 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DIAScreen Vulnerabilities: Type Confusion, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed and may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions…

Delta Electronics DOPSoft
ICS, News, Vulnerabilities

Delta Electronics DOPSoft (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DOPSoft Vulnerabilities: Out-of-bounds Read 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-182-03 Delta Electronics DOPSoft that was published July 1, 2021, on the ICS webpage on us-cert.cisa.gov. 3….

Mitsubishi Electric GOT
ICS, News, Vulnerabilities

Mitsubishi Electric GOT (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: GOT Vulnerability: Improper Authentication 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-112-02 Mitsubishi Electric GOT that was published April 22, 2021, on the ICS webpage on us-cert.cisa.gov. 3. RISK EVALUATION…