Stay connected

Trending News

26 Jul 2021

Home

Open Design Alliance Drawings SDK
ICS, News, Vulnerabilities

Open Design Alliance Drawings SDK (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Open Design Alliance Equipment: Drawings SDK ——— Begin Update A Part 1 of 3 ——— Vulnerabilities: Stack-based Buffer Overflow, Type Confusion, Untrusted Pointer Dereference, Incorrect Type Conversion or Cast, Memory Allocation with Excessive Size Value, Out of Bounds…

Advantech WISE-PaaS RMM
ICS, News, Vulnerabilities

Advantech WISE-PaaS RMM 

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WISE-PaaS/RMM Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Advantech products are affected: WISE-PaaS/RMM…

Texas Instruments SimpleLink
ICS, News, Vulnerabilities

Texas Instruments SimpleLink 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Texas Instruments Equipment: SimpleLink Wi-Fi, MSP432, CC13XX, CC26XX, CC32XX, CC3100 Vulnerabilities: Stack-based Buffer Overflow, Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in memory corruption, allowing remote code execution and causing…

Cassia Networks Access Controller
ICS, News, Vulnerabilities

Cassia Networks Access Controller 

1. EXECUTIVE SUMMARY CVSS v3 6.2 ATTENTION: Low attack complexity Vendor: Cassia Networks Equipment: Access Controller Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read any file from the Access Controller server. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions…

Multiple RTOS
ICS, News, Vulnerabilities

Multiple RTOS (Update B) 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendors: Multiple Equipment: Multiple Vulnerabilities: Integer Overflow or Wraparound CISA is aware of a public report, known as “BadAlloc” that details vulnerabilities found in multiple real-time operating systems (RTOS) and supporting libraries. CISA is issuing this advisory to…

Horner Automation Cscape
ICS, News, Vulnerabilities

Horner Automation Cscape 

1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low attack complexity Vendor: Horner Automation Equipment: Cscape Vulnerabilities: Improper Input Validation, Improper Access Controls 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow code execution in the context of the current process or locally escalate privileges. 3. TECHNICAL DETAILS 3.1…

Mitsubishi Electric GOT
ICS, News, Vulnerabilities

Mitsubishi Electric GOT 

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: GOT Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to gain unauthorized access. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports the vulnerability affects the VNC function of…

Delta Electronics CNCSoft-B
ICS, News, Vulnerabilities

Delta Electronics CNCSoft-B 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity  Vendor: Delta Electronics Equipment: CNCSoft-B Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of CNCSoft-B, a software management platform,…

Eaton Intelligent Power Manager
ICS, News, Vulnerabilities

Eaton Intelligent Power Manager 

1. EXECUTIVE SUMMARY CVSS v3 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Eaton Equipment: Intelligent Power Manager (IPM) Vulnerabilities: SQL Injection, Eval Injection, Improper Input Validation, Unrestricted Upload of File with Dangerous Type, Code Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to change certain…