(I)IoT Security News

Wind River VxWorks SSH and Web Server and General Electric D20MX (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Wind River, General Electric Equipment: VxWorks, D20MX ——— Begin Update A Part 1 of 4 ——— Vulnerabilities: Improper Input Validation ——— End Update A Part 1 of 4 ——— 2. UPDATE INFORMATION This updated advisory is a follow-up…

(I) IoT, 5 years ago 5 min read

News, Vulnerabilities

CVE-2019-6340 Critical flaw in Drupal allows Remote Code Execution

Security expert found a “highly critical” vulnerability (CVE-2019-6340) in the popular Drupal CMS that could be exploited for remote code execution. Drupal released security updates that addresses a “highly critical” vulnerability in the popular Drupal CMS, tracked as CVE-2019-6340, that could be exploited for remote code execution….

(I) IoT, 5 years ago 2 min read

News, Vulnerabilities

Rockwell Automation Allen-Bradley PowerMonitor 1000

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Rockwell Automation Equipment: Allen-Bradley PowerMonitor 1000 Vulnerabilities: Cross-site Scripting and Authentication Bypass 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to affect the confidentiality, integrity, and availability…

(I) IoT, 5 years ago 2 min read

News, Vulnerabilities

Horner Automation Cscape

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Horner Automation Equipment: Cscape Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being accessed, which may allow the attacker to read confidential information and remotely execute arbitrary code….

(I) IoT, 5 years ago 2 min read

News, Vulnerabilities

Delta Industrial Automation CNCSoft

1. EXECUTIVE SUMMARY CVSS v3 4.4 ATTENTION: Low skill level to exploit Vendor: Delta Electronics (Delta) Equipment: Delta Industrial Automation CNCSoft Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a buffer overflow condition that may allow information disclosure or crash the application. 3. TECHNICAL…

(I) IoT, 5 years ago 2 min read

News, Vulnerabilities

Intel Data Center Manager SDK

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Intel Equipment: Data Center Manager SDK Vulnerabilities: Improper Authentication, Protection Mechanism Failure, Permission Issues, Key Management Errors, Insufficient Control Flow Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow escalation of privilege,…

(I) IoT, 5 years ago 5 min read

News, Vulnerabilities

Pangea Communications Internet FAX ATA

1. EXECUTIVE SUMMARY 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Pangea Communications Equipment: Internet FAX Analog Telephone Adapter (ATA) Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the…

(I) IoT, 5 years ago 2 min read

News, Vulnerabilities

Fuji Electric FRENIC Devices (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Fuji Electric Equipment: FRENIC Loader, FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace Vulnerabilities: Buffer Over-read, Out-of-bounds Read, Stack-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is…

(I) IoT, 5 years ago 3 min read

News, Vulnerabilities

OSIsoft PI Vision

1. EXECUTIVE SUMMARY CVSS v4.8 ATTENTION: Low skill level to exploit Vendor: OSIsoft Equipment: PI Vision Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read and modify the contents of the PI Vision web page and data related to the PI…

(I) IoT, 5 years ago 3 min read

News, Vulnerabilities

Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays

. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: EN100 Ethernet Communication Module and SIPROTEC 5 Relays Vulnerability: Improper Input Validation 2. RISK EVALUATION The EN100 Ethernet communication module and SIPROTEC 5 relays are affected by a security vulnerability that could allow…

(I) IoT, 5 years ago 4 min read

Stay connected

Trending News

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

Schneider Electric Security Notification Trio™ Licensed and License-free Data RadiosSchneider Electric Security Notification

Schneider Electric Security Notification Easergy Studio Vulnerability

B&R Automation RuntimeFTP uses unsecure encryption mechanismsCVE ID: CVE-2024-0323/2024-02-05

AC500 V3Multiple DoS vulnerabilities – 2024-01-10

Distributed Energy Resources Cybersecurity Outlook:Vulnerabilities, Attacks, Impacts, and Mitigations

Wind River VxWorks SSH and Web Server and General Electric D20MX (Update A)

CVE-2019-6340 Critical flaw in Drupal allows Remote Code Execution

Rockwell Automation Allen-Bradley PowerMonitor 1000

Horner Automation Cscape

Delta Industrial Automation CNCSoft

Intel Data Center Manager SDK

Pangea Communications Internet FAX ATA

Fuji Electric FRENIC Devices (Update A)

OSIsoft PI Vision

Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays

Hot Topics

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

Schneider Electric Security Notification Trio™ Licensed and License-free Data RadiosSchneider Electric Security Notification

Schneider Electric Security Notification Easergy Studio Vulnerability

B&R Automation RuntimeFTP uses unsecure encryption mechanismsCVE ID: CVE-2024-0323/2024-02-05

AC500 V3Multiple DoS vulnerabilities – 2024-01-10

Distributed Energy Resources Cybersecurity Outlook:Vulnerabilities, Attacks, Impacts, and Mitigations

Categories

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

Schneider Electric Security Notification Trio™ Licensed and License-free Data RadiosSchneider Electric Security Notification

Schneider Electric Security Notification Easergy Studio Vulnerability

B&R Automation RuntimeFTP uses unsecure encryption mechanismsCVE ID: CVE-2024-0323/2024-02-05

AC500 V3Multiple DoS vulnerabilities – 2024-01-10

Distributed Energy Resources Cybersecurity Outlook:Vulnerabilities, Attacks, Impacts, and Mitigations

Latest

Popular

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

Schneider Electric Security Notification Trio™ Licensed and License-free Data RadiosSchneider Electric Security Notification

Schneider Electric Security Notification Easergy Studio Vulnerability

B&R Automation RuntimeFTP uses unsecure encryption mechanismsCVE ID: CVE-2024-0323/2024-02-05

Advantech WebAccess Node

Fazecast jSerialComm

Apache Tomcat RCE by deserialization (CVE-2020-9484) – write-up and exploit0

JexBoss – JBoss Verify and EXploitation Tool