Stay connected

Trending News

OPC UA Products Built with the .NET Framework 4.5, 4.0, and 3.5
ICS, News, Vulnerabilities

OPC UA Products Built with the .NET Framework 4.5, 4.0, and 3.5 

1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Unified Automation GmbH Equipment: .NET applications Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to read any file on the file system. 3….

Siemens SCALANCE W1750D
ICS, News, Vulnerabilities

Siemens SCALANCE W1750D 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE W1750D Vulnerabilities: Improper Authentication, Classic Buffer Overflow, Command Injection, Improper Input Validation, Race Condition, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code as a…

Siemens SIMATIC S7-1500
ICS, News, Vulnerabilities

Siemens SIMATIC S7-1500 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1500 CPU 1518F-4 Vulnerabilities: Improper Initialization, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these Intel product vulnerabilities could allow unauthorized privilege escalation. 3. TECHNICAL DETAILS…

Siemens TCP/IP Stack Vulnerabilities–AMNESIA:33 in SENTRON PAC / 3VA Devices
ICS, News, Vulnerabilities

Siemens TCP/IP Stack Vulnerabilities–AMNESIA:33 in SENTRON PAC / 3VA Devices (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SENTRON 3VA COM100/800, SENTRON 3VA DSP800, SENTRON PAC2200, SENTRON PAC3200T, SENTRON PAC3200, SENTRON PAC3220, SENTRON PAC4200 Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write 2. UPDATE INFORMATION This updated advisory is a follow-up to the original…

Siemens SIMARIS Configuration
ICS, News, Vulnerabilities

Siemens SIMARIS Configuration (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 4.4 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SIMARIS configuration Vulnerability: Incorrect Default Permissions 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-040-08 Siemens SIMARIS configuration that was published February 9, 2021, on the ICS webpage…

Mitsubishi Electric GOT and Tension Controller
ICS, News, Vulnerabilities

Mitsubishi Electric GOT and Tension Controller (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Corporation Equipment: GOT and Tension Controller Vulnerability: Out-of-bounds Read 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-343-02 Mitsubishi Electric GOT and Tension Controller that was published…

Siemens Products using TightVNC
ICS, News, Vulnerabilities

Siemens Products using TightVNC 

1. EXECUTIVE SUMMARY This advisory was previously released with a set of Siemens products considered to be affected. Following further investigation by the Siemens’ team, it was determined all products previously advised are not affected by any vulnerability listed in this advisory or Siemens Security…

Open Design Alliance Drawings SDK
ICS, News, Vulnerabilities

Open Design Alliance Drawings SDK (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Open Design Alliance Equipment: Drawings SDK ——— Begin Update A Part 1 of 3 ——— Vulnerabilities: Stack-based Buffer Overflow, Type Confusion, Untrusted Pointer Dereference, Incorrect Type Conversion or Cast, Memory Allocation with Excessive Size Value, Out of Bounds…

Advantech WISE-PaaS RMM
ICS, News, Vulnerabilities

Advantech WISE-PaaS RMM 

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WISE-PaaS/RMM Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Advantech products are affected: WISE-PaaS/RMM…

Texas Instruments SimpleLink
ICS, News, Vulnerabilities

Texas Instruments SimpleLink 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Texas Instruments Equipment: SimpleLink Wi-Fi, MSP432, CC13XX, CC26XX, CC32XX, CC3100 Vulnerabilities: Stack-based Buffer Overflow, Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in memory corruption, allowing remote code execution and causing…