Siemens SIMATIC WinCC and PCS7
1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC WinCC and SIMATIC PCS7 Vulnerability: Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition on the affected service or device. 3….
PHP Laravel Framework Token Unserialize Remote Command Execution
This Metasploit module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x up to 5.6.29. Remote command execution is possible via a correctly formatted HTTP X-XSRF-TOKEN header, due to an insecure unserialize call of the decrypt method in Illuminate/Encryption/Encrypter.php. Authentication is not…
Schneider Electric Interactive Graphical SCADA System
1. EXECUTIVE SUMMARY CVSS v3 7.0 Vendor:Schneider Electric Equipment:Interactive Graphical SCADA System (IGSS) Vulnerability:Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve arbitrary code execution or crash the software. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions…
Schneider Electric Floating License Manager
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Floating License Manager Vulnerabilities: Improper Input Validation, Memory Corruption 2. RISK EVALUATION These vulnerabilities could allow an attacker to deny the acquisition of a valid license for legal use of the product….
Delta Industrial Automation CNCSoft ScreenEditor
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Delta Electronics Equipment: CNCSoft ScreenEditor Vulnerabilities: Heap-based Buffer Overflow, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause buffer overflow conditions that may allow information disclosure, remote code execution, or crash the…
Philips Holter 2010 Plus
1. EXECUTIVE SUMMARY CVSS v3 1.9 Vendor: Philips Equipment: Philips Holter 2010 Vulnerability: Use of Obsolete Function 2. RISK EVALUATION Successful exploitation of this vulnerability under certain conditions can lead to a product feature escalation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of…
Schneider Electric Zelio Soft 2
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Zelio Soft 2 Vulnerability: Use After Free 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote code execution through the opening of a specially crafted project file. 3. TECHNICAL DETAILS…
Siemens Spectrum Power
1. EXECUTIVE SUMMARY CVSS v3 4.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Spectrum Power Vulnerability: Cross-site Scripting 3. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject arbitrary code in a specially crafted HTTP request and monitor information. 4. TECHNICAL DETAILS…
Siemens SIPROTEC 5 and DIGSI 5
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIPROTEC 5 and DIGISI 5 Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a denial-of-service condition and limited control of file upload, download, and delete functions. 3….
ICS Advisory (ICSA-19-190-02)
Rockwell Automation PanelView 5510 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: PanelView 5510 Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated user to gain root privileges on the device. 3. TECHNICAL DETAILS 3.1 AFFECTED…
Stay connected