Vulnerabilities Archives - Page 9 of 110

Critical vulnerabiliities, Market, News, Recommendations, Vulnerabilities

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient…

IoT, 2 years ago 2 min read

Critical vulnerabiliities, Vulnerabilities

Cisco Releases Security Updates for Identity Services Engine

Cisco has released security updates for vulnerabilities affecting Cisco Identity Services Engine (ISE). A remote attacker could exploit some of these vulnerabilities to bypass authorization and access system files. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Cisco…

IoT, 2 years ago 4 min read

Cyber Security, Market, News, Recommendations, Remediation, Security Patches, Vulnerabilities...

Apple Releases Security Update for Xcode

Apple has released a security update to address vulnerabilities in Xcode. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. About Apple security updates For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an…

IoT, 2 years ago 1 min read

Cyber Security, Market, News, Uncategorized, Vulnerabilities

CISA Releases RedEye: Red Team Campaign Visualization and Reporting Tool

CISA has released RedEye, an interactive open-source analytic tool to visualize and report Red Team command and control activities. RedEye allows an operator to quickly assess complex data, evaluate mitigation strategies, and enable effective decision making. RedEye is an open-source analytic tool developed by CISA…

IoT, 2 years ago 3 min read

Critical vulnerabiliities, Cyber Security, News, Recommendations, Security Patches, Vulnerabilities

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing high and low severity vulnerabilities, see the Cisco Security Advisories page. Reporting or Obtaining Support for a Suspected Security…

IoT, 2 years ago 19 min read

Critical vulnerabiliities, Market, News, Recommendations, Vulnerabilities

Hitachi Energy AFF660/665 Series

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: AFF660/665 Firewall Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could overflow a buffer on the device and fully compromise it. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions…

IoT, 2 years ago 2 min read

Critical vulnerabiliities, Market, News, Recommendations, Uncategorized, Vulnerabilities

Delta Industrial Automation DIAEnergie

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Delta Industrial Automation Equipment: DIAEnergie Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Delta Industrial Automation reports the following versions…

IoT, 2 years ago 2 min read

News, Recommendations, Standards, Uncategorized, Vulnerabilities

AVEVA Edge 2020 R2 SP1 and all prior versions

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: AVEVA Edge 2020 R2 SP1 and all prior versions Vulnerabilities: Insufficient UI Warning of Dangerous Operations, Uncontrolled Search Path Element, Deserialization of Untrusted Data, Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation…

IoT, 3 years ago 4 min read

Critical vulnerabiliities, News, Recommendations, Vulnerabilities

Delta Electronics DOPSoft 2 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DOPSoft 2 Vulnerabilities: Stack-based Buffer Overflow, Out-of-Bounds Write, Heap-based Buffer Overflow 2. UPDATED INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-252-02 Delta Electronics DOPSoft 2 that was published September 9,…

IoT, 3 years ago 3 min read

Critical vulnerabiliities, News, Recommendations, Vulnerabilities

Mitsubishi Electric Multiple Factory Automation Products (Update B)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GOT2000 compatible HMI software, CC-Link IE TSN Industrial Managed Switch, MELSEC iQ-R Series OPC UA Server Module Vulnerabilities: Infinite Loop, OS Command Injection 2. UPDATE INFORMATION This updated advisory is a follow-up to the…

IoT, 3 years ago 3 min read

Stay connected

Trending News

Cisco Application Policy Infrastructure Controller Vulnerabilities

Schneider Electric Communication Modules for Modicon M580 and Quantum Controllers

Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities

Siemens SIPROTEC 5 Devices

Siemens SIMATIC S7-1200 CPU Family

Rockwell Automation 1756-L8zS3 and 1756-L3zS3

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

Cisco Releases Security Updates for Identity Services Engine

Apple Releases Security Update for Xcode

CISA Releases RedEye: Red Team Campaign Visualization and Reporting Tool

Cisco Releases Security Updates for Multiple Products

Hitachi Energy AFF660/665 Series

Delta Industrial Automation DIAEnergie

AVEVA Edge 2020 R2 SP1 and all prior versions

Delta Electronics DOPSoft 2 (Update A)

Mitsubishi Electric Multiple Factory Automation Products (Update B)

Hot Topics

Cisco Application Policy Infrastructure Controller Vulnerabilities

Schneider Electric Communication Modules for Modicon M580 and Quantum Controllers

Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities

Siemens SIPROTEC 5 Devices

Siemens SIMATIC S7-1200 CPU Family

Rockwell Automation 1756-L8zS3 and 1756-L3zS3

Categories

Cisco Application Policy Infrastructure Controller Vulnerabilities

Schneider Electric Communication Modules for Modicon M580 and Quantum Controllers

Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities

Siemens SIPROTEC 5 Devices

Siemens SIMATIC S7-1200 CPU Family

Rockwell Automation 1756-L8zS3 and 1756-L3zS3

Latest

Popular

Cisco Application Policy Infrastructure Controller Vulnerabilities

Schneider Electric Communication Modules for Modicon M580 and Quantum Controllers

Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities

Siemens SIPROTEC 5 Devices

Advantech WebAccess Node

Fazecast jSerialComm

Apache Tomcat RCE by deserialization (CVE-2020-9484) – write-up and exploit0

JexBoss – JBoss Verify and EXploitation Tool