Siemens Industrial Products
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Integer Overflow or Wraparound, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the vulnerabilities affect…
Siemens IE-WSN-PA Link WirelessHART Gateway
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: IE/WSN-PA Link WirelessHART Gateway Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow information disclosure, code execution, or denial-of-service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS All versions of IE/WSN-PA Link WirelessHART Gateway are…
Siemens SIMATIC TDC CP51M1
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC TDC CP51M1 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could create a denial-of-service condition within UDP communication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of…
OSIsoft PI SQL Client
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: OSIsoft LLC Equipment: OSIsoft PI SQL Client Vulnerability: Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote code execution or cause a denial of service, resulting in disclosure, deletion, or modification of information….
Siemens SIMATIC WinCC and PCS7 (Update B)
1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC WinCC and SIMATIC PCS7 Vulnerability: Unrestricted Upload of File with Dangerous Type 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-192-02 Siemens SIMATIC WinCC and PCS7…
Siemens SIMATIC PCS7, WinCC, TIA Portal (Update C)
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC PCS7, WinCC Runtime Professional, WinCC (TIA Portal) Vulnerabilities: SQL Injection, Uncaught Exception, Exposed Dangerous Method 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-134-08 Siemens SIMATIC…
BD Pyxis
1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Becton, Dickinson and Company (BD) Equipment: Pyxis Vulnerability: Session Fixation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow the Active Directory (AD) credentials of a previously authenticated user to gain access to the…
EZAutomation EZ Touch Editor
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: EZAutomation Equipment: EZ Touch Editor Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code under the privileges of the application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS…
NetCAT attack allows hackers to steal sensitive data from Intel CPUs
Experts discovered a flaw dubbed NetCAT (Network Cache ATtack) that affects all Intel server-grade processors and allows to sniff sensitive data over the network. Researchers from VUSec group at Vrije Universiteit Amsterdam have discovered a new vulnerability that can be exploited by a remote attacker to sniff sensitive details by…
Red Lion Controls Crimson
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Red Lion Controls Equipment: Crimson (Windows configuration software) Vulnerabilities: Use After Free, Improper Restriction of Operations within the Bounds of a Memory Buffer, Pointer Issues, Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of…
Stay connected