Stay connected

Trending News

26 Jul 2021

Home

Siemens Mendix
ICS, News, Vulnerabilities

Siemens Mendix 

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a non-administrative user to gain administrative privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the vulnerability affects the following…

Mitsubishi Electric MELSEC iQ-R Series
ICS, News, Vulnerabilities

Mitsubishi Electric MELSEC iQ-R Series 

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-161-02 Mitsubishi Electric MELSEC iQ-R series (Update B) that was published November 5, 2020…

Schneider Electric C-Bus Toolkit
ICS, News, Vulnerabilities

Schneider Electric C-Bus Toolkit 

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: C-Bus Toolkit Vulnerabilities: Improper Privilege Management, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of C-Bus Toolkit are…

EIPStackGroup OpENer Ethernet/IP
ICS, News, Vulnerabilities

EIPStackGroup OpENer Ethernet/IP 

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: EIPStackGroup Equipment: OpENer EtherNet/IP Vulnerabilities: Incorrect Conversion Between Numeric Types, Out-of-bounds Read, Reachable Assertion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a denial-of-service condition and data exposure. 3. TECHNICAL DETAILS…

Siemens Industrial Products SNMP Vulnerabilities
ICS, News, Vulnerabilities

Siemens Industrial Products SNMP Vulnerabilities (Update D) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Various SCALANCE, SIMATIC, SIPLUS products Vulnerabilities: Data Processing Errors, NULL Pointer Dereference 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-042-02 Siemens Industrial Products SNMP Vulnerabilities (Update C) that…

Uncategorized

Siemens SCALANCE X Switches (Update B) 

1. EXECUTIVE SUMMARY CVSS v3 4.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE X switches Vulnerability: Protection Mechanism Failure 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-042-07 Siemens SCALANCE X Switches (Update A) that was published February 9,…

Siemens SCALANCE S-600
ICS, News, Vulnerabilities

Siemens SCALANCE S-600 (Update B) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE S-600 Firewall Vulnerabilities: Resource Exhaustion, Cross-site Scripting 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-042-10 Siemens SCALANCE S-600 (Update A) that was published August 11, 2020 to…

Siemens SIMATIC Communication Processor Vulnerability
ICS, News, Vulnerabilities

Siemens SIMATIC Communication Processor Vulnerability (Update C) 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC Communication Processor Vulnerability: Authentication Bypass Issues 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-15-335-03 Siemens SIMATIC Communication Processor (Update B) that was published May 3, 2016, to…

Schneider Electric SoMachine Basic
ICS, News, Vulnerabilities

Schneider Electric SoMachine Basic 

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: SoMachine Basic Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability may result in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB)…

Advantech WebAccessSCADA
ICS, News, Vulnerabilities

Advantech WebAccessSCADA 

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess/SCADA Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to login as an ‘admin’ to fully control the system. 3. TECHNICAL DETAILS 3.1 AFFECTED…