Stay connected

Trending News

Abusing COM & DCOM objects
News, White Papers

Abusing COM & DCOM objects 

IntroductionNowadays organization’s security members became familiar with most of popular lateral movements techniques, which makes red teaming more difficult, therefor applying the latest techniques of initial access and lateral movements is a crucial for a successful attack, in this paper we will cover some aspects…

Mitsubishi Electric Multiple Products
ICS, News, Vulnerabilities

Mitsubishi Electric Multiple Products 

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: Multiple Products Vulnerability: Predictable Exact Value from Previous Values 2. RISK EVALUATION Successful exploitation of this vulnerability could be used to hijack TCP sessions and allow remote command execution. 3. TECHNICAL DETAILS…

OpenClinic GA (Update A)
ICS, News, Vulnerabilities

OpenClinic GA (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: OpenClinic GA is a product of open-source collaboration on Source Forge Equipment: OpenClinic GA Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Improper Restriction of Excessive Authentication Attempts, Improper Authentication, Missing…

Red Lion N-Tron 702-W, 702M12-W
ICS, News, Vulnerabilities

Red Lion N-Tron 702-W, 702M12-W 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Red Lion Equipment: N-Tron 702-W / 702M12-W Vulnerabilities: Reflected Cross-site Scripting, Stored Cross-site Scripting, Cross-site Request Forgery, Hidden Functionality, Use of Unmaintained Third-Party Components 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an…

Treck TCP/IP Stack
ICS, News, Vulnerabilities

Treck TCP/IP Stack 

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely Vendor: Treck Inc. Equipment: TCP/IP Vulnerabilities: Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound, Improper Null Termination, Improper Access Control CISA is aware of a public report, known as “Ripple20” that…

Yokogawa CENTUM
ICS, News, Vulnerabilities

Yokogawa CENTUM 

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Yokogawa Equipment: CENTUM Vulnerabilities: Improper Authentication, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to send tampered communication packets or create/overwrite any file and run any commands….

Tridium Niagara
ICS, News, Vulnerabilities

Tridium Niagara 

1. EXECUTIVE SUMMARY CVSS v3 4,3 ATTENTION: Exploitable from adjacent network/low skill level to exploit Vendor: Tridium Equipment: Niagara Vulnerability: Synchronous Access of Remote Resource without Timeout 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following…

Siemens SCALANCE, RUGGEDCOM
ICS, News, Vulnerabilities

Siemens SCALANCE, RUGGEDCOM 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE, RUGGEDCOM Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthenticated access to a device and cause a buffer overflow to execute custom…

Siemens SIMATIC, SIMOTICS
ICS, News, Vulnerabilities

Siemens SIMATIC, SIMOTICS 

1. EXECUTIVE SUMMARY CVSS v3 3.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC, SIMOTICS Vulnerability: TOCTOU Race Condition  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read a discrete set of traffic over the air after a Wi-Fi device state…

Siemens Desigo CC
News, Vulnerabilities

Siemens Desigo CC 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Desigo CC Vulnerability: Code Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain remote code execution on the server with SYSTEM privileges. 3. TECHNICAL DETAILS 3.1…