ZOLL Defibrillator Dashboard
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: ZOLL Equipment: Defibrillator Dashboard Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Use of Hard-coded Cryptographic Key, Cleartext Storage of Sensitive Information, Cross-site Scripting, Storing Passwords in a Recoverable Format, Improper Privilege Management 2. RISK EVALUATION Successful…
Rockwell Automation FactoryTalk Services Platform
1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: FactoryTalk Services Platform Vulnerability: Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote, authenticated users to bypass FactoryTalk Security policies that are based on a computer name. 3. TECHNICAL DETAILS 3.1…
AGG Software Web Server Plugin
1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: AGG Software Equipment: Web Server Vulnerabilities: Path Traversal, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code execution and exposure of arbitrary system files. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following…
Advantech iView
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: iView Vulnerabilities: Missing Authentication for Critical Function, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information and perform remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS…
Hillrom Medical Device Management
1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Hillrom Equipment: Welch Allyn medical device management tools Vulnerabilities: Out-of-Bounds Write, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption and remotely execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED…
Siemens SIMATIC S7-1200 and S7-1500 CPU Families
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC S7-1200 and S7-1500 CPU Families Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer\ 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to write arbitrary data and code to…
Siemens JT2Go and Teamcenter Visualization (Update B)
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: JT2Go and Teamcenter Visualization Vulnerabilities: Type Confusion, Improper Restriction of XML External Entity Reference, Out-of-bounds Write, Heap-based Buffer Overflow, Stack-based Buffer Overflow, Untrusted Pointer Dereference, Out-of-bounds Read 2. UPDATE INFORMATION This updated advisory is…
Mitsubishi Electric Factory Automation Engineering Products (Update C)
1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric, Factory Automation Engineering products Vulnerability: Unquoted Search Path or Element 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update B)…
Mitsubishi Electric MELFA (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELFA FR Series, MELFA CR Series, MELFA ASSISTA Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-021-04 Mitsubishi Electric MELFA that was published January…
Johnson Controls Sensormatic Tyco AI
1. EXECUTIVE SUMMARY CVSS v3 7.0 Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Equipment: Tyco AI Vulnerability: Off-by-one Error 2. RISK EVALUATION Under specific circumstances, a local attacker could use this vulnerability to obtain super-user access to the underlying openSUSE Linux operating system. 3. TECHNICAL DETAILS…
Stay connected