Stay connected

Trending News

News, Vulnerabilities

Siemens SCALANCE X Switches 

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE X switches Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of SCALANCE X switches…

News, Vulnerabilities

Siemens SIMATIC WinCC and PCS7 (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC WinCC and SIMATIC PCS7 Vulnerability: Unrestricted Upload of File with Dangerous Type 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory titled ICSA-19-192-02 Siemens SIMATIC WinCC and PCS7 that…

News, Vulnerabilities

Siemens Spectrum Power (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 4.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Spectrum Power Vulnerability: Cross-site Scripting 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-190-04 Siemens Spectrum Power that was published July 9, 2019, on the ICS webpage…

News, Vulnerabilities

Siemens SIPROTEC 5 and DIGSI 5 (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIPROTEC 5 and DIGSI 5 Vulnerabilities: Improper Input Validation 2    UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-190-05 Siemens SIPROTEC 5 and DIGSI 5 that was published July…

News, Vulnerabilities

Siemens SIMATIC PCS7, WinCC, TIA Portal (Update B) 

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC PCS7, WinCC Runtime Professional, WinCC (TIA Portal) Vulnerabilities: SQL Injection, Uncaught Exception, Exposed Dangerous Method 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-134-08 Siemens SIMATIC…

News, Vulnerabilities

Wind River VxWorks (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Wind River Equipment: VxWorks Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Race Condition, Argument Condition or Modification, Null Pointer Dereference, Argument Injection…

News, Vulnerabilities

Advantech WebAccess HMI Designer 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Advantech Equipment: Advantech WebAccess HMI Designer Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to remotely execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS…

News, White Papers

Technical Analysis Of BlueKeep 

Introduction: The following text outlines a potential path for exploitation of CVE-2019-0708 (BlueKeep). It is certain that some people will disagree with releasing this text. Reasons why I am releasing: ■ It is released in the spirit of open knowledge. ■ It is an attempt…

News, Vulnerabilities

3S-Smart Software Solutions GmbH CODESYS V3 

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: 3S-Smart Software Solutions GmbH Equipment: CODESYS V3 Vulnerabilities: Unverified Ownership, Uncontrolled Memory Allocation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to close existing communication channels…

News, Vulnerabilities

3S-Smart Software Solutions GmbH CODESYS V3 

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low skill level to exploit Vendor: 3S-Smart Software Solutions GmbH Equipment: CODESYS V3 Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow for an attacker with access to PLC traffic to obtain user credentials. 3. TECHNICAL DETAILS…