Stay connected

Trending News

26 Jul 2021

Category: Vulnerabilities

News, Vulnerabilities

Omron CX-One CX-Protocol 

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Omron Equipment: CX-Protocol within CX-One Vulnerabilities: Type Confusion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code under the privileges of the application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS CX-One…

News, Vulnerabilities

Emerson DeltaV 

Legal Notice All information products included in http://ics-cert.us-cert.gov are provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product…

News, Vulnerabilities

Schneider Electric U.motion Builder (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Schneider Electric Equipment: U.motion Builder ——— Begin Update A Part 1 of 5 ——– Vulnerabilities: SQL Injection, Path Traversal, Improper Authentication, Use of Hard-Coded Password, Improper Access Control, Denial of Service,…

News, Vulnerabilities

Schneider Electric IIoT Monitor 

 EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: IIoT Monitor Vulnerabilities: Path Traversal, Unrestricted Upload of File with Dangerous Type, XXE 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to access files available to system users, arbitrarily…

News, Vulnerabilities

Schneider Electric Zelio Soft 2 

. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Schneider Electric Equipment: Zelio Soft 2 Vulnerability: Use After Free 2. RISK EVALUATION Successful exploitation of this vulnerability could allow for remote code execution when opening a specially crafted project file. 3. TECHNICAL DETAILS 3.1 AFFECTED…

News, Vulnerabilities

Schneider Electric Pro-face GP-Pro EX 

 EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Pro-face GP-Pro EX Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to modify code to launch an arbitrary executable upon launch of the program. 3….

News, Vulnerabilities

Yokogawa Vnet/IP Open Communication Driver 

1. EXECUTIVE SUMMARY CVSS v7.5 ATTENTION: Exploitable remotely/Low skill level to exploit Vendor: Yokogawa Equipment: Vnet/IP Open Communication Driver Vulnerability: Resource Management Error 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause Vnet/IP network communications to controlled devices to become unavailable. 3. TECHNICAL DETAILS…

News, Vulnerabilities

Hetronic Nova-M 

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Low skill level to exploit Vendor: Hetronic Equipment: Nova-M Vulnerability: Authentication Bypass by Capture-Replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized users to view commands, replay commands, control the device, or stop the device from running. 3. TECHNICAL…