Vulnerabilities Archives - Page 98 of 106

Fuji Electric Energy Savings Estimator

1. EXECUTIVE SUMMARY CVSS v3 7.3 Vendor: Fuji Electric Equipment: Fuji Electric Energy Savings Estimator Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to load a malicious DLL and execute code on the affected system with the same privileges…

(I) IoT, 6 years ago 2 min read

Hacks, News, Vulnerabilities

CVE-2018-8453 Zero-Day flaw exploited by FruityArmor APT in attacks aimed at Middle East

A Windows zero-day flaw addressed by Microsoft with its latest Patch Tuesday updates is exploited by an APT group in attacks aimed at entities in the Middle East. The Windows zero-day vulnerability tracked as CVE-2018-8453 is a privilege escalation flaw that was exploited by an APT group in attacks…

(I) IoT, 6 years ago 2 min read

News, Vulnerabilities

Siemens OpenSSL Vulnerability in Industrial Products

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Industrial Products Vulnerability: Cleartext Transmission of Sensitive Information 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-18-226-02 Siemens OpenSSL Vulnerability in Industrial Products (Update A) that was…

(I) IoT, 6 years ago 5 min read

News, Vulnerabilities

Siemens SIMATIC STEP 7 and SIMATIC WinCC (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable locally/low skill level to exploit Vendor: Siemens Equipment: SIMATIC STEP 7 (TIA Portal) and SIMATIC WinCC (TIA Portal) Vulnerabilities: Incorrect Default Permissions 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-226-01 Siemens SIMATIC STEP 7…

(I) IoT, 6 years ago 4 min read

News, Vulnerabilities

Siemens Medium Voltage SINAMICS Products (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Medium Voltage SINAMICS Products Vulnerabilities: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-128-01 Siemens Medium Voltage SINAMICS Products that…

(I) IoT, 6 years ago 4 min read

News, Vulnerabilities

Siemens SIMATIC WinCC OA Operator IOS App (Update A)

1. EXECUTIVE SUMMARY CVSS v3 4.0 Vendor: Siemens Equipment: SIMATIC WinCC OA iOS App Vulnerability: File and Directory Information Exposure. 2 UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-109-01 Siemens SIMATIC WinCC OA Operator iOS App that was published…

(I) IoT, 6 years ago 3 min read

News, Vulnerabilities

Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software (Update C)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the…

(I) IoT, 6 years ago 5 min read

News, Vulnerabilities

Siemens Industrial Products (Update H)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Siemens Equipment: Industrial Products Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-339-01 Siemens Industrial Products (Update G) published September 11,…

(I) IoT, 6 years ago 6 min read

News, Vulnerabilities

Siemens SIMATIC, SINUMERIK, and PROFINET IO (Update A)

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable from an adjacent network Vendor: Siemens Equipment: SIMATIC, SINUMERIK, and PROFINET IO Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-079-02 Siemens SIMATIC, SINUMERIK, and PROFINET IO that was published March…

(I) IoT, 6 years ago 4 min read

News, Vulnerabilities

New Exploit for MikroTik Router WinBox Vulnerability Gives Full Root Access

A known vulnerability in MikroTik routers is potentially far more dangerous than previously thought. A cybersecurity researcher from Tenable Research has released a new proof-of-concept (PoC) RCE attack for an old directory traversal vulnerability that was found and patched within a day of its discovery…

(I) IoT, 6 years ago 3 min read

Stay connected

Trending News

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

Schneider Electric Security Notification Trio™ Licensed and License-free Data RadiosSchneider Electric Security Notification

Schneider Electric Security Notification Easergy Studio Vulnerability

B&R Automation RuntimeFTP uses unsecure encryption mechanismsCVE ID: CVE-2024-0323/2024-02-05

AC500 V3Multiple DoS vulnerabilities – 2024-01-10

Distributed Energy Resources Cybersecurity Outlook:Vulnerabilities, Attacks, Impacts, and Mitigations

Fuji Electric Energy Savings Estimator

CVE-2018-8453 Zero-Day flaw exploited by FruityArmor APT in attacks aimed at Middle East

Siemens OpenSSL Vulnerability in Industrial Products

Siemens SIMATIC STEP 7 and SIMATIC WinCC (Update A)

Siemens Medium Voltage SINAMICS Products (Update A)

Siemens SIMATIC WinCC OA Operator IOS App (Update A)

Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software (Update C)

Siemens Industrial Products (Update H)

Siemens SIMATIC, SINUMERIK, and PROFINET IO (Update A)

New Exploit for MikroTik Router WinBox Vulnerability Gives Full Root Access

Hot Topics

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

Schneider Electric Security Notification Trio™ Licensed and License-free Data RadiosSchneider Electric Security Notification

Schneider Electric Security Notification Easergy Studio Vulnerability

B&R Automation RuntimeFTP uses unsecure encryption mechanismsCVE ID: CVE-2024-0323/2024-02-05

AC500 V3Multiple DoS vulnerabilities – 2024-01-10

Distributed Energy Resources Cybersecurity Outlook:Vulnerabilities, Attacks, Impacts, and Mitigations

Categories

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

Schneider Electric Security Notification Trio™ Licensed and License-free Data RadiosSchneider Electric Security Notification

Schneider Electric Security Notification Easergy Studio Vulnerability

B&R Automation RuntimeFTP uses unsecure encryption mechanismsCVE ID: CVE-2024-0323/2024-02-05

AC500 V3Multiple DoS vulnerabilities – 2024-01-10

Distributed Energy Resources Cybersecurity Outlook:Vulnerabilities, Attacks, Impacts, and Mitigations

Latest

Popular

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

Schneider Electric Security Notification Trio™ Licensed and License-free Data RadiosSchneider Electric Security Notification

Schneider Electric Security Notification Easergy Studio Vulnerability

B&R Automation RuntimeFTP uses unsecure encryption mechanismsCVE ID: CVE-2024-0323/2024-02-05

Advantech WebAccess Node

Fazecast jSerialComm

Apache Tomcat RCE by deserialization (CVE-2020-9484) – write-up and exploit0

JexBoss – JBoss Verify and EXploitation Tool