Stay connected

Trending News

Mitsubishi Electric MELSEC iQ-R Series
ICS, News, Vulnerabilities

Mitsubishi Electric MELSEC iQ-R Series 

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition due to uncontrolled resource consumption. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS…

MB Connect line mbCONNECT24, mymbCONNECT24
ICS, News, Vulnerabilities

MB Connect line mbCONNECT24, mymbCONNECT24 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: MB connect line Equipment: mymbCONNECT24, mbCONNECT24 Vulnerabilities: SQL Injection, Cross-site Request Forgery, Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to gain unauthorized access to arbitrary information or…

Yokogawa WideField3
ICS, News, Vulnerabilities

Yokogawa WideField3 

1. EXECUTIVE SUMMARY CVSS v3 2.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Yokogawa Equipment: Main equipment Vulnerability: Buffer Copy Without Checking Size of Input 2. RISK EVALUATION Successful exploitation of this vulnerability could terminate the program abnormally. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Yokogawa reports that the…

B&R Automation SiteManager and GateManager
ICS, News, Vulnerabilities

B&R Automation SiteManager and GateManager 

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: B&R Industrial Automation GmbH Equipment: SiteManager and GateManager Vulnerabilities: Path Traversal, Uncontrolled Resource Consumption, Information Exposure, Improper Authentication, Information Disclosure   2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow for arbitrary information disclosure,…

3S CoDeSys
ICS, News, Vulnerabilities

3S CoDeSys (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: 3S-Smart Software Solutions Equipment: CoDeSys Vulnerabilities: Improper Access Control, Relative Path Traversal 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-13-011-01 3S CoDeSys that was published…

Philips Clinical Collaboration Platform
ICS, News, Vulnerabilities

Philips Clinical Collaboration Platform 

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: Clinical Collaboration Platform Vulnerabilities: Cross-site Request Forgery, Improper Neutralization of Script in Attributes in a Web Page, Protection Mechanism Failure, Algorithm Downgrade, Configuration 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an…

Advantech WebAccess Node
ICS, News, Vulnerabilities

Advantech WebAccess Node 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Advantech Equipment: WebAccess Node Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate their privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions…

Wibu-Systems CodeMeter
ICS, News, Vulnerabilities

Wibu-Systems CodeMeter (Update C) 

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Wibu-Systems AG Equipment: CodeMeter Vulnerabilities: Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper Verification of Cryptographic Signature, Improper Resource Shutdown or Release 2. UPDATE INFORMATION This updated…

ENTTEC Lighting Controllers
ICS, News, Vulnerabilities

ENTTEC Lighting Controllers (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: ENTTEC Equipment: Datagate Mk2, Storm 24, Pixelator, E-Streamer Mk2 Vulnerabilities: Use of Hard-coded Cryptographic Key, Cross-site Scripting, Improper Access Control, Incorrect Permission Assignment for Critical Resource 2. UPDATE INFORMATION This updated advisory…

Philips Patient Monitoring Devices
ICS, News, Vulnerabilities

Philips Patient Monitoring Devices 

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: Patient Information Center iX (PICiX); PerformanceBridge Focal Point; IntelliVue Patient Monitors MX100, MX400-MX850, and MP2-MP90; and IntelliVue X2, and X3 Vulnerabilities: Improper Neutralization of Formula Elements in a CSV File, Cross-site Scripting, Improper Authentication,…