Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility Vulnerabilities: Cleartext Storage of Sensitive Information, Cleartext Transmission of Sensitive Information, Incorrectly Specified Destination in a Communication Channel 2. RISK EVALUATION Successful exploitation…
Moxa PT-7528 and PT-7828 Series Ethernet Switches
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: PT-7528 Series and PT-7828 Series Vulnerabilities: Stack-based Buffer Overflow, Use of a Broken or Risky Cryptographic Algorithm, Use of Hard-coded Cryptographic Key, Use of Hard-coded Credentials, Weak Password Requirements, Information Exposure 2. RISK…
Moxa EDS-G516E and EDS-510E Series Ethernet Switches
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: EDS-G516E series, and EDS-510E series Vulnerabilities: Stack-based Buffer Overflow, Use of a Broken or Risky Cryptographic Algorithm, Use of Hard-coded Cryptographic Key, Use of Hard-coded Credentials, Classic Buffer Overflow, Cleartext Transmission of Sensitive Information,…
Honeywell WIN-PAK
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Honeywell Equipment: WIN-PAK Vulnerabilities: Cross-site Request Forgery, Improper Neutralization of HTTP Headers for Scripting Syntax, Use of Obsolete Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities allows an attacker to perform remote code execution. 3. TECHNICAL DETAILS 3.1…
B&R Industrial Automation Studio and Automation Runtime
1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: B&R Industrial Automation GmbH Equipment: Automation Studio and Automation Runtime Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability may allow a remote attacker to modify the configuration of affected devices. 3. TECHNICAL…
Rockwell Automation FactoryTalk Diagnostics
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk Diagnostics Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to execute arbitrary code with SYSTEM level privileges. 3. TECHNICAL DETAILS…
Rockwell Automation FactoryTalk Diagnostics
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk Diagnostics Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to execute arbitrary code with SYSTEM level privileges. 3. TECHNICAL DETAILS…
Spacelabs Xhibit Telemetry Receiver (XTR)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low skill level to exploit/Public exploits known Vendor: Spacelabs Equipment: Xhibit Telemetry Receiver Vulnerability: Improper Input Validation 2. RISK EVALUATION A remote code execution vulnerability called BlueKeep (CVE-2019-0708) exists within the Remote Desktop Protocol (RDP) used by…
GE Ultrasound products
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: GE Equipment: Ultrasound Products Vulnerability: Protection Mechanism Failure 2. RISK EVALUATION The affected GE Healthcare ultrasound devices utilize a method of software application implementation called “Kiosk Mode.” This Kiosk Mode is vulnerable to local breakouts, which…
Honeywell INNCOM INNControl 3
1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Honeywell Equipment: INNCOM INNControl 3 Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate user privileges within the INNControl application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The…
Stay connected