ABB CP651 HMI
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable from adjacent network/low skill level to exploit Vendor: ABB Equipment: CP651 HMI Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to prevent legitimate access to an affected system…
ABB PB610 Panel Builder 600
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low skill level to exploit Vendor: ABB Equipment: PB610 Panel Builder 600 Vulnerabilities: Use of Hard-coded Credentials, Improper Authentication, Relative Path Traversal, Improper Input Validation, Stack-based Buffer Overflow 2. RISK EVALUATION An attacker who successfully exploits these vulnerabilities could prevent legitimate access…
ABB CP635 HMI
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable from adjacent network/low skill level to exploit Vendor: ABB Equipment: CP635 HMI Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to prevent legitimate access to an affected system node, remotely cause an…
Medtronic MiniMed 508 and Paradigm Series Insulin Pumps
1. EXECUTIVE SUMMARY CVSS v3 7.1 Vendor: Medtronic Equipment: MiniMed 508 and Paradigm Series Insulin Pumps Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker with adjacent access to one of the affected products to intercept, modify, or interfere with the…
SICK MSC800
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: SICK Equipment: MSC800 Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a low-skilled remote attacker to reconfigure settings and/or disrupt the functionality of the device. 3. TECHNICAL DETAILS…
Advantech WebAccess/SCADA
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess/SCADA Vulnerabilities: Path Traversal, Stack-based Buffer Overflow, Heap-based Buffer Overflow, Out-of-bounds Read, Out-of-bounds Write, Untrusted Pointer Dereference 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow information disclosure, deletion of files, and…
The “Return of the WiZard” Vulnerability: Crooks Start Hitting
Introduction Figure 1: Exposed EXIM server in Italy (Reference: ZoomEye) In the past days, a really important issue has been disclosed to the public: “Return of the WiZard” vulnerability (ref. EW N030619, CVE-2019-10149). Such vulnerability affected a wide range of Exim servers, one of the main email…
NASA hacked because of unauthorized Raspberry Pi connected to its network
NASA described the hackers as an “advanced persistent threat,” a term generally used for nation-state hacking groups. A report published this week by the NASA Office of Inspector General reveals that in April 2018 hackers breached the agency’s network and stole approximately 500 MB of…
PHOENIX CONTACT Automation Worx Software Suite
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Phoenix Contact Equipment: Automation Worx Software Suite Vulnerabilities: Access of Uninitialized Pointer, Out-of-bounds Read, Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker, with access to an original PC…
A Debugging Primer With CVE-2019-0708
The purpose of this post is to share how one would use a debugger to identify the relevant code path that can trigger the crash. I hope this post will be educational to people that are excited to learning how to use debugger for vulnerability…
Stay connected