1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: RUGGEDCOM ROX II Vulnerabilities: Double Free, Out-of-bounds Read, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in remote code execution and/or a denial-of-service condition. 3. TECHNICAL DETAILS 3.1…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: CP, SIAMTIC, SIMOCODE, SINAMICS, SITOP, and TIM Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition leading to a restart of the webserver. 3. TECHNICAL…

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits available Vendor: WIBU-SYSTEMS AG Equipment: WibuKey Digital Rights Management (DRM) Vulnerabilities: Information Exposure, Out-of-bounds Write, Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-043-03 Siemens Licensing…

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Omron Equipment: CX-Programmer within CX-One Vulnerability: Use After Free 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code under the privileges of the application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS…

1. EXECUTIVE SUMMARY ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Stratix 5400/5410/5700, ArmorStratix 5700 Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to cause a memory leak on an affected device, which may cause the…

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Stratix 5400/5410/5700/8000/8300, ArmorStratix 5700 Vulnerabilities: Resource Management Errors, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in a denial-of-service condition or time synchronization issues across the network…

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Stratix 5950 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause an affected device to reload. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS…

The privilege escalation vulnerability (CVE-2019-0211) affecting the Apache HTTP server could be exploited by users with the right to write and run scripts to gain root on Unix systems An important privilege escalation vulnerability (CVE-2019-0211) affecting the Apache HTTP server could be exploited by users…