Vulnerability Archives - (I)IoT Security News

Critical vulnerabiliities, ICS, Vulnerabilities

Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d

Executive SummaryCVSS v3 5.4ALERT: Vulnerable to exploitation with adjacent access/low attack complexityManufacturer: Zebra TechnologiesDevices: ZTC Industrial ZT410, ZTC Desktop GK420dIssue: Potential Authentication Bypass via Alternate Path or Channel Risk AssessmentSuccessful exploitation of this vulnerability could permit an unauthorized individual to manipulate credentials by sending specifically…

IoT, 5 months ago 2 min read

Critical vulnerabiliities

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-28810 Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability CVE-2022-33891 Apache Spark Command Injection Vulnerability CVE-2022-35914 Teclib GLPI Remote Code Execution Vulnerability These types of vulnerabilities are frequent attack vectors for…

IoT, 1 year ago 3 min read

Critical vulnerabiliities, Market, News, Recommendations, Vulnerabilities

Hitachi Energy AFF660/665 Series

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: AFF660/665 Firewall Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could overflow a buffer on the device and fully compromise it. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions…

IoT, 2 years ago 2 min read

Critical vulnerabiliities, News, Recommendations, Vulnerabilities

Digi ConnectPort X2D

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Digi International, Inc. Equipment: ConnectPort X2D Gateway Vulnerability: Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious actions resulting in code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED…

IoT, 2 years ago 2 min read

Critical vulnerabiliities, Cyber Security, ICS, IoT Security, News, Recommendations, Vulnerabilities...

Hitachi Energy MicroSCADA Pro/X SYS600

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MicroSCADA Pro/X SYS600 Vulnerabilities: Observable Discrepancy, HTTP Request Smuggling, Classic Buffer Overflow, Improper Certificate Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, Exposure of Sensitive Information to an Unauthorized Actor…

(I)IoT, 2 years ago 6 min read

Stay connected

Trending News

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

Schneider Electric Security Notification Trio™ Licensed and License-free Data RadiosSchneider Electric Security Notification

Schneider Electric Security Notification Easergy Studio Vulnerability

B&R Automation RuntimeFTP uses unsecure encryption mechanismsCVE ID: CVE-2024-0323/2024-02-05

AC500 V3Multiple DoS vulnerabilities – 2024-01-10

Distributed Energy Resources Cybersecurity Outlook:Vulnerabilities, Attacks, Impacts, and Mitigations

Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d

CISA Adds Three Known Exploited Vulnerabilities to Catalog

Hitachi Energy AFF660/665 Series

Digi ConnectPort X2D

Hitachi Energy MicroSCADA Pro/X SYS600

Hot Topics

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

Schneider Electric Security Notification Trio™ Licensed and License-free Data RadiosSchneider Electric Security Notification

Schneider Electric Security Notification Easergy Studio Vulnerability

B&R Automation RuntimeFTP uses unsecure encryption mechanismsCVE ID: CVE-2024-0323/2024-02-05

AC500 V3Multiple DoS vulnerabilities – 2024-01-10

Distributed Energy Resources Cybersecurity Outlook:Vulnerabilities, Attacks, Impacts, and Mitigations

Trending Slider

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

Schneider Electric Security Notification Trio™ Licensed and License-free Data RadiosSchneider Electric Security Notification

Schneider Electric Security Notification Easergy Studio Vulnerability

B&R Automation RuntimeFTP uses unsecure encryption mechanismsCVE ID: CVE-2024-0323/2024-02-05

AC500 V3Multiple DoS vulnerabilities – 2024-01-10

Distributed Energy Resources Cybersecurity Outlook:Vulnerabilities, Attacks, Impacts, and Mitigations

Latest

Popular

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

Schneider Electric Security Notification Trio™ Licensed and License-free Data RadiosSchneider Electric Security Notification

Schneider Electric Security Notification Easergy Studio Vulnerability

B&R Automation RuntimeFTP uses unsecure encryption mechanismsCVE ID: CVE-2024-0323/2024-02-05

Advantech WebAccess Node

Fazecast jSerialComm

Apache Tomcat RCE by deserialization (CVE-2020-9484) – write-up and exploit0

JexBoss – JBoss Verify and EXploitation Tool

Categories