Stay connected

Trending News

24 Oct 2021

Category: Vulnerabilities

Hillrom Medical Device Management
ICS, News, Vulnerabilities

Hillrom Medical Device Management 

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Hillrom Equipment: Welch Allyn medical device management tools Vulnerabilities: Out-of-Bounds Write, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption and remotely execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED…

Siemens JT2Go and Teamcenter Visualization
ICS, News, Vulnerabilities

Siemens JT2Go and Teamcenter Visualization (Update B) 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: JT2Go and Teamcenter Visualization Vulnerabilities: Type Confusion, Improper Restriction of XML External Entity Reference, Out-of-bounds Write, Heap-based Buffer Overflow, Stack-based Buffer Overflow, Untrusted Pointer Dereference, Out-of-bounds Read 2. UPDATE INFORMATION This updated advisory is…

Mitsubishi Electric Factory Automation Engineering Products
ICS, News, Vulnerabilities

Mitsubishi Electric Factory Automation Engineering Products (Update C) 

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric, Factory Automation Engineering products Vulnerability: Unquoted Search Path or Element 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update B)…

Mitsubishi Electric MELFA
ICS, News, Vulnerabilities

Mitsubishi Electric MELFA (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELFA FR Series, MELFA CR Series, MELFA ASSISTA Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-021-04 Mitsubishi Electric MELFA that was published January…

Johnson Controls Sensormatic Tyco AI
ICS, News, Vulnerabilities

Johnson Controls Sensormatic Tyco AI 

1. EXECUTIVE SUMMARY CVSS v3 7.0 Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Equipment: Tyco AI Vulnerability: Off-by-one Error 2. RISK EVALUATION Under specific circumstances, a local attacker could use this vulnerability to obtain super-user access to the underlying openSUSE Linux operating system. 3. TECHNICAL DETAILS…

OPC UA Products Built with the .NET Framework 4.5, 4.0, and 3.5
ICS, News, Vulnerabilities

OPC UA Products Built with the .NET Framework 4.5, 4.0, and 3.5 

1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Unified Automation GmbH Equipment: .NET applications Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to read any file on the file system. 3….

Siemens SCALANCE W1750D
ICS, News, Vulnerabilities

Siemens SCALANCE W1750D 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE W1750D Vulnerabilities: Improper Authentication, Classic Buffer Overflow, Command Injection, Improper Input Validation, Race Condition, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code as a…

Siemens SIMATIC S7-1500
ICS, News, Vulnerabilities

Siemens SIMATIC S7-1500 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1500 CPU 1518F-4 Vulnerabilities: Improper Initialization, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these Intel product vulnerabilities could allow unauthorized privilege escalation. 3. TECHNICAL DETAILS…

Siemens TCP/IP Stack Vulnerabilities–AMNESIA:33 in SENTRON PAC / 3VA Devices
ICS, News, Vulnerabilities

Siemens TCP/IP Stack Vulnerabilities–AMNESIA:33 in SENTRON PAC / 3VA Devices (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SENTRON 3VA COM100/800, SENTRON 3VA DSP800, SENTRON PAC2200, SENTRON PAC3200T, SENTRON PAC3200, SENTRON PAC3220, SENTRON PAC4200 Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write 2. UPDATE INFORMATION This updated advisory is a follow-up to the original…