1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7 Vulnerability: Resource Exhaustion 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition that could result in a loss of availability of the affected device. 3. TECHNICAL…

1. EXECUTIVE SUMMARY CVSS v3 4.7 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SCALANCE S Vulnerability: Cross-site Scripting 2. RISK EVALUATION If an attacker tricks a user into clicking a malicious link, the device could allow arbitrary script injection (XSS). 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the following…

1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC Panels and SIMATIC WinCC (TIA Portal) Vulnerability: Code Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with network access to the web server to perform a HTTP…

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: S7-400 CPUs Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed which may require a manual reboot or firmware re-image to bring the system…

1. EXECUTIVE SUMMARY CVSS v3 4.2 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: IEC 61850 system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to exfiltrate limited data…

Experts at Volexity discovered that a recently patched remote code execution flaw (CVE-2018-15961) affecting the Adobe ColdFusion has been exploited in the wild. Security experts from Volexity reported that attackers in the wild are exploiting a recently patched remote code execution vulnerability affecting the Adobe ColdFusion. The flaw, tracked as CVE-2018-15961,…

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: iSite and IntelliSpace PACS Vulnerability: Weak Password Requirements 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker with local network access to impact confidentiality, integrity, and availability of a component of…

Summary JBoss Verify and EXploitation tool (JexBoss) is an open-source tool used by cybersecurity hunt teams (sometimes referred to as “red teams”) and auditors to conduct authorized security assessments. Threat actors use this tool maliciously to test and exploit vulnerabilities in JBoss Application Server (JBoss…

If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new vulnerability that could compromise your online store. Simon Scannell, a researcher at RIPS Technologies GmbH, discovered an arbitrary file deletion vulnerability in the popular WooCommerce plugin that could allow a malicious or…

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable with adjacent access/low skill level to exploit Vendor: Roche Equipment: Point of Care handheld medical devices Vulnerabilities: Improper Authentication, OS Command Injection, Unrestricted Upload of File with Dangerous Type, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could…