1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low skill level to exploit Vendor: Yokogawa Equipment: Exaopc, Exaplog, Exaquantum, Exasmoc, Exarqe, GA10, and InsightSuiteAE Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to execute malicious files. 3. TECHNICAL DETAILS…

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendors: ENEA, Green Hills Software, ITRON, IP Infusion, Wind River Equipment: OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, Zebos by IP Infusion, and VxWorks by Wind River Vulnerabilities: Stack-based Buffer…

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Tridium Equipment: Niagara Vulnerabilities: Information Exposure, Improper Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a local user to escalate their privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Tridium products are…

  1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Low skill level to exploit Vendor: Rockwell Automation Equipment: Arena Simulation Software ——— Begin Update B Part 1 of 2 ——— Vulnerabilities: Use After Free, Information Exposure, Type Confusion, Insufficient UI Warning of Dangerous Operations, Access of Uninitialized Pointer ——— End…

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: WECON Technology Co., Ltd (WECON) Equipment: LeviStudioU Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Memory Corruption 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-036-03 WECON LeviStudioU that was published February…

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess Vulnerabilities: Code Injection, Command Injection, Stack-based Buffer Overflow, Improper Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, access files…

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SINEMA Remote Connect Server Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Information Exposure, Cross-Site Request Forgery, Use of Password Hash with Insufficient Computational Effort 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow an attacker unauthorized…

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Honeywell Equipment: Performance IP Cameras and Performance NVRs Vulnerability: Information Exposure 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to view device configuration information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The…

1. EXECUTIVE SUMMARY CVSS v3 6.4 Vendor: Philips Equipment: IntelliVue M3002A X2 MMS Transport Monitor/Module and IntelliVue MP monitors (MP2/X2, MP5, MP20-MP90, MX600, MX700 and MX800) Vulnerabilities: Use of Hard-coded Password, Download of Code Without Integrity Check 2. RISK EVALUATION Successful exploitation of these vulnerabilities may cause corruption…