1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low skill level is needed to exploit/public exploits are available Vendor: Moxa Equipment: Moxa AWK-3131A Vulnerabilities: Improper Access Control, Use of Hard-coded Cryptographic Key, OS Command Injection, Use of Hard-coded Credentials, Classic Buffer Overflow, Out-of-bounds Read, Stack-based Buffer Overflow, Improper Access…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility Vulnerabilities: Cleartext Storage of Sensitive Information, Cleartext Transmission of Sensitive Information, Incorrectly Specified Destination in a Communication Channel 2. RISK EVALUATION Successful exploitation…

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: PT-7528 Series and PT-7828 Series Vulnerabilities: Stack-based Buffer Overflow, Use of a Broken or Risky Cryptographic Algorithm, Use of Hard-coded Cryptographic Key, Use of Hard-coded Credentials, Weak Password Requirements, Information Exposure 2. RISK…

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Honeywell Equipment: WIN-PAK Vulnerabilities: Cross-site Request Forgery, Improper Neutralization of HTTP Headers for Scripting Syntax, Use of Obsolete Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities allows an attacker to perform remote code execution. 3. TECHNICAL DETAILS 3.1…

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk Diagnostics Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to execute arbitrary code with SYSTEM level privileges. 3. TECHNICAL DETAILS…

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low skill level to exploit/Public exploits known Vendor: Spacelabs Equipment: Xhibit Telemetry Receiver Vulnerability: Improper Input Validation 2. RISK EVALUATION A remote code execution vulnerability called BlueKeep (CVE-2019-0708) exists within the Remote Desktop Protocol (RDP) used by…

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: GE Equipment: Ultrasound Products Vulnerability: Protection Mechanism Failure 2. RISK EVALUATION The affected GE Healthcare ultrasound devices utilize a method of software application implementation called “Kiosk Mode.” This Kiosk Mode is vulnerable to local breakouts, which…