Stay connected

Trending News

Advantech BB-ESWGP506-2SFP-T
ICS, News, Vulnerabilities

Advantech BB-ESWGP506-2SFP-T 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: BB-ESWGP506-2SFP-T Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information and execute arbitrary code. 3. TECHNICAL DETAILS 3.1…

Advantech Spectre RT Industrial Routers
ICS, News, Vulnerabilities

Advantech Spectre RT Industrial Routers 

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: Spectre RT Industrial Routers Vulnerabilities: Improper Neutralization of Input During Web Page Generation, Cleartext Transmission of Sensitive Information, Improper Restriction of Excessive Authentication Attempts, Use of a Broken or Risky Cryptographic Algorithm, Use…

Multiple Embedded TCP/IP Stacks
ICS, News, Vulnerabilities

Multiple Embedded TCP/IP Stacks (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Multiple Equipment: Nut/Net, CycloneTCP, NDKTCPIP, FNET, uIP-Contiki-OS, uC/TCP-IP, uIP-Contiki-NG, uIP, picoTCP-NG, picoTCP, MPLAB Net, Nucleus NET, Nucleus ReadyStart Vulnerabilities: Use of Insufficiently Random Values CISA is aware of a public report, known as “NUMBER:JACK” that…

Mitsubishi Electric MELSEC iQ-R Series
ICS, News, Vulnerabilities

Mitsubishi Electric MELSEC iQ-R Series (Update B) 

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-282-02 Mitsubishi Electric MELSEC iQ-R Series (Update A) that was published…

Open Design Alliance Drawings SDK
ICS, News, Vulnerabilities

Open Design Alliance Drawings SDK 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Open Design Alliance Equipment: Drawings SDK Vulnerabilities: Stack-based Buffer Overflow, Type Confusion, Untrusted Pointer Dereference, Incorrect Type Conversion or Cast, Memory Allocation with Excessive Size Value 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow…

Rockwell Automation Allen-Bradley Micrologix 1100
ICS, News, Vulnerabilities

Rockwell Automation Allen-Bradley Micrologix 1100 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Allen-Bradley MicroLogix 1100 Vulnerability: Improper Handling of Length Parameter Inconsistency 2. RISK EVALUATION Successful exploitation of this vulnerability could result in denial-of-service conditions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports…

GE Digital HMI/SCADA iFIX
ICS, News, Vulnerabilities

GE Digital HMI/SCADA iFIX 

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Low skill level to exploit Vendor: GE Digital Equipment: HMI/SCADA iFIX Vulnerabilities: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate their privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following…

Siemens SINEMA Server & SINEC NMS
ICS, News, Vulnerabilities

Siemens SINEMA Server & SINEC NMS 

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens  Equipment: SINEMA Server, SINEC NMS Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow arbitrary code execution on an affected system.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions…

Siemens RUGGEDCOM ROX II
ICS, News, Vulnerabilities

Siemens RUGGEDCOM ROX II 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: RUGGEDCOM ROX IIB Vulnerabilities: Improper Input Validation, NULL Pointer Dereference, Out-of-Bounds Write, Insufficient Verification of Data Authenticity, Improper Certificate Validation, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow the…