1. EXECUTIVE SUMMARY CVSS v3 4.2 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: IEC 61850 system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to exfiltrate limited data…

Experts at Volexity discovered that a recently patched remote code execution flaw (CVE-2018-15961) affecting the Adobe ColdFusion has been exploited in the wild. Security experts from Volexity reported that attackers in the wild are exploiting a recently patched remote code execution vulnerability affecting the Adobe ColdFusion. The flaw, tracked as CVE-2018-15961,…

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: iSite and IntelliSpace PACS Vulnerability: Weak Password Requirements 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker with local network access to impact confidentiality, integrity, and availability of a component of…

Summary JBoss Verify and EXploitation tool (JexBoss) is an open-source tool used by cybersecurity hunt teams (sometimes referred to as “red teams”) and auditors to conduct authorized security assessments. Threat actors use this tool maliciously to test and exploit vulnerabilities in JBoss Application Server (JBoss…

If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new vulnerability that could compromise your online store. Simon Scannell, a researcher at RIPS Technologies GmbH, discovered an arbitrary file deletion vulnerability in the popular WooCommerce plugin that could allow a malicious or…

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable with adjacent access/low skill level to exploit Vendor: Roche Equipment: Point of Care handheld medical devices Vulnerabilities: Improper Authentication, OS Command Injection, Unrestricted Upload of File with Dangerous Type, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could…

A security researcher has found a serious vulnerability in a building automation product from Sauter AG that could be exploited to steal files from an affected system. Sauter AG CASE Suit is a building automation product used worldwide that is affected by a high severity XML external entity (XXE)…

We all have something to hide, something to protect. But if you are also relying on self-encrypting drives for that, then you should read this news carefully. Security researchers have discovered multiple critical vulnerabilities in some of the popular self-encrypting solid state drives (SSD) that…

Security researchers have unveiled details of two critical vulnerabilities in Bluetooth Low Energy (BLE) chips embedded in millions of access points and networking devices used by enterprises around the world. Dubbed BleedingBit, the set of two vulnerabilities could allow remote attackers to execute arbitrary code and…

1. EXECUTIVE SUMMARY CVSS v3 6.9 ATTENTION: Exploitable remotely/public exploits are available Vendor: Rockwell Automation Equipment: Stratix 5100 Wireless Access Point/Workgroup Bridge Vulnerability: Reusing a Nonce 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled “ICSA-17-299-02 Rockwell Automation Stratix 5100” that was published October…