ABB CP400 Panel Builder TextEditor 2.0
1. EXECUTIVE SUMMARY CVSS v7.0 Vendor: ABB Equipment: CP400 Panel Builder TextEditor 2.0 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, and cause a denial-of-service condition within the Text Editor application. 3. TECHNICAL DETAILS 3.1 AFFECTED…
Omron CX-Supervisor
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: Omron Equipment: CX-Supervisor Vulnerabilities: Code Injection, Command Injection, Use After Free, Type Confusion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in a denial-of-service condition, and/or allow an attacker to achieve code execution…
LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME Equipment: LAquis SCADA Vulnerabilities: Improper Input Validation, Out-of-Bounds Read, Code Injection, Untrusted Pointer Dereference, Out-of-Bounds Write, Relative Path Traversal, Injection, Use of Hard-Coded Credentials, Authentication…
36-Year-Old SCP Clients’ Implementation Flaws Discovered
A set of 36-year-old vulnerabilities has been uncovered in the Secure Copy Protocol (SCP) implementation of many client applications that can be exploited by malicious servers to overwrite arbitrary files in the SCP client target directory unauthorizedly. Session Control Protocol (SCP), also known as secure…
Computers at the City Hall of Del Rio were infected by ransomware
The City Hall of Del Rio, a city in and the county seat of Val Verde County, Texas, was hit by a ransomware attack, operations were suspended. Last week, the City Hall of Del Rio, a city in and the county seat of Val Verde County, Texas, was…
Schneider Electric Modicon M340 PLC (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Remotely exploitable/low-skill level to exploit Vendor: Schneider Electric Equipment: Modicon M340 PLC Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-054-03 Schneider Electric Modicon M340 PLC that was published February 23, 2017, on…
Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4
1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION: Exploitable remotely/low skill level Vendor: Tridium Equipment: Niagara Enterprise Security, Niagara AX, and Niagara 4 Vulnerability: Cross-site Scripting 2. REPOSTED INFORMATION This advisory was originally posted to the HSIN ICS-CERT library on November 29, 2018, and is being…
Omron CX-One CX-Protocol
1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Omron Equipment: CX-Protocol within CX-One Vulnerabilities: Type Confusion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code under the privileges of the application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS CX-One…
Emerson DeltaV
Legal Notice All information products included in http://ics-cert.us-cert.gov are provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product…
Schneider Electric U.motion Builder (Update A)
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Schneider Electric Equipment: U.motion Builder ——— Begin Update A Part 1 of 5 ——– Vulnerabilities: SQL Injection, Path Traversal, Improper Authentication, Use of Hard-Coded Password, Improper Access Control, Denial of Service,…
Stay connected