1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Schneider Electric Equipment: Software Update (SESU) Vulnerability: DLL hijacking 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-305-02 Schneider Electric Software Update that was published November 1, 2018, on the…

1. EXECUTIVE SUMMARY CVSS v3 6.1 ——— Begin Update A Part 1 of 5 ——– ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available ——— End Update A Part 1 of 5 ——— Vendor: Rockwell Automation Equipment: Allen-Bradley CompactLogix Vulnerability: Cross-site Scripting 2. UPDATE INFORMATION This updated advisory…

1. EXECUTIVE SUMMARY CVSS v3 8.8 ——— Begin Update A Part 1 of 6 ——— ATTENTION: Exploitable remotely/low skill level to exploit ——— End Update A Part 1 of 6 ——— Vendor: Vecna Technologies, Inc. (Vecna) Equipment: VGo Robot ——— Begin Update A Part 2 of 6 ———…

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: PEPPERL+FUCHS Equipment: CT50-Ex Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious third-party application to gain elevated privileges and obtain access to sensitive information. 3. TECHNICAL DETAILS 3.1…

Systemd is affected by a security vulnerability that can be exploited to crash a vulnerable Linux machine, and in the worst case to execute malicious code. An attacker can trigger the vulnerability using maliciously crafted DHCPv6 packets and modifying portions of memory of the vulnerable…

An Indian security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora. Xorg X server is a popular open-source implementation of the X11 system (display server) that offers a graphical…

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GEOVAP Equipment: Reliance 4 SCADA/HMI Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to use HTTP proxy to inject arbitrary Javascript in a specially crafted HTTP request…

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GEOVAP Equipment: Reliance 4 SCADA/HMI Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to use HTTP proxy to inject arbitrary Javascript in a specially crafted HTTP request…

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Low skill level to exploit Vendor: Telecrane Equipment: F25 Series Vulnerability: Authentication Bypass by Capture-Replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized users to view commands, replay commands, control the device, or stop the device from running. 3….

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: GAIN Electronic Co. Ltd Equipment: SAGA1-L series Vulnerabilities: Authentication Bypass by Capture-replay, Improper Access Control, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code execution and potentially…