Stay connected

Trending News

Category: Vulnerabilities

News, Vulnerabilities

Philips e-Alert Unit 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/exploitable from within the same local subnet Vendor: Philips Equipment: Philips e-Alert Unit (non-medical device) Vulnerabilities: Improper Input Validation, Cross-site Scripting, Information Exposure, Incorrect Default Permissions, Cleartext Transmission of Sensitive Information, Cross-site Request Forgery, Session Fixation, Resource…

News, Vulnerabilities

Martem TELEM-GW6/GWM (Update B) 

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Martem Equipment: TELEM-GW6/GWM ——— Begin Update B Part 1 of 5 ——– Vulnerabilities: Missing Authentication for Critical Function, Incorrect Default Permissions, Resource Exhaustion, Cross-Site Scripting ——— End Update B Part 1…

News, Vulnerabilities

ABB eSOMS 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: eSOMS Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability requires an attacker to discover a valid user account, which could be used to gain access to the application without authentication….

News, Vulnerabilities

Schneider Electric PowerLogic PM5560 

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: PowerLogic PM5560 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow user input to be manipulated, allowing for remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The…

News, Vulnerabilities

Schneider Electric Modicon M221 

. EXECUTIVE SUMMARY CVSS v3 4.8 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Modicon M221 Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to remotely reboot the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following…

News, Vulnerabilities

Qualcomm Life Capsule 

    1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Qualcomm Life Equipment: Capsule Datacaptor Terminal Server (DTS) Vulnerability: Code Weakness 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute unauthorized code to obtain administrator-level privileges on the…

News, Vulnerabilities

Philips cardiovascular software found to contain privilege escalation, code execution bugs 

Multiple versions of cardiovascular imaging and information management software from Philips have been found to contain vulnerabilities that could lead to escalated privileges and arbitrary code execution. The first vulnerability, CVE-2018-14787, is a high-severity flaw (CVSS score of 7.3) found in versions 2.x or prior of Philips’ IntelliSpace…