Schneider Electric Software Update (SESU)
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Schneider Electric Equipment: Software Update (SESU) Vulnerability: DLL hijacking 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-305-02 Schneider Electric Software Update that was published November 1, 2018, on the…
Unpatched MS Word Flaw Could Allow Hackers to Infect Your Computer
Cybersecurity researchers have revealed an unpatched logical flaw in Microsoft Office 2016 and older versions that could allow an attacker to embed malicious code inside a document file, tricking users into running malware onto their computers. Discovered by researchers at Cymulate, the bug abuses the…
Rockwell Automation Allen-Bradley CompactLogix Reflective Cross-Site Scripting Vulnerability (Update A)
1. EXECUTIVE SUMMARY CVSS v3 6.1 ——— Begin Update A Part 1 of 5 ——– ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available ——— End Update A Part 1 of 5 ——— Vendor: Rockwell Automation Equipment: Allen-Bradley CompactLogix Vulnerability: Cross-site Scripting 2. UPDATE INFORMATION This updated advisory…
Vecna VGo Robot (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.8 ——— Begin Update A Part 1 of 6 ——— ATTENTION: Exploitable remotely/low skill level to exploit ——— End Update A Part 1 of 6 ——— Vendor: Vecna Technologies, Inc. (Vecna) Equipment: VGo Robot ——— Begin Update A Part 2 of 6 ———…
PEPPERL+FUCHS CT50-Ex
1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: PEPPERL+FUCHS Equipment: CT50-Ex Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious third-party application to gain elevated privileges and obtain access to sensitive information. 3. TECHNICAL DETAILS 3.1…
Systemd flaw could cause the crash or hijack of vulnerable Linux machines
Systemd is affected by a security vulnerability that can be exploited to crash a vulnerable Linux machine, and in the worst case to execute malicious code. An attacker can trigger the vulnerability using maliciously crafted DHCPv6 packets and modifying portions of memory of the vulnerable…
New Privilege Escalation Flaw Affects Most Linux Distributions
An Indian security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora. Xorg X server is a popular open-source implementation of the X11 system (display server) that offers a graphical…
Improper Access Control
1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GEOVAP Equipment: Reliance 4 SCADA/HMI Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to use HTTP proxy to inject arbitrary Javascript in a specially crafted HTTP request…
GEOVAP Reliance 4 SCADA/HMI
1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GEOVAP Equipment: Reliance 4 SCADA/HMI Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to use HTTP proxy to inject arbitrary Javascript in a specially crafted HTTP request…
Telecrane F25 Series
1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Low skill level to exploit Vendor: Telecrane Equipment: F25 Series Vulnerability: Authentication Bypass by Capture-Replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized users to view commands, replay commands, control the device, or stop the device from running. 3….
Stay connected