IoT Insecurity: Top Connected Device Security Concerns

It’s a coin toss whether or not that Internet of Things device you depend on is secure. Those unacceptable 50/50 odds come from a survey by IOActive where technology professionals were asked about the security of connected devices from thermostats, security cameras to alarm systems. Those numbers...

The plant controller has a remote vulnerability and no patch-vulnerability warning-the black bar safety net

Power station use of an industrial control system has not patched the vulnerability, an attacker can remotely exploit it to gain network control. Remedy method? Turning off the function or replace the equipment. Power station use of an industrial control system has not patched the vulnerability, ...

CVE-2016-4501

CVE-2016-4501 affects ESC 8832 Data Controller (v3.02 and earlier). Root cause: improper session handling enables authentication bypass, allowing remote attackers to perform arbitrary configuration changes. Public exploitation is evidenced by a Metasploit module; advisories (ICS-CERT ICSA-16-147-...

CVE-2016-4502

The CVE-2016-4502 entry affects Environmental Systems Corporation (ESC) 8832 Data Controller versions 3.02 and earlier. The vulnerability allows remote attackers to bypass authentication and perform unauthorized administrative operations by abusing a modified parameter, enabling privilege escalat...

CVE-2016-4502

Environmental Systems Corporation ESC 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter...

Environmental Systems Corporation Data Controllers Vulnerabilities (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-147-01A Environmental Systems Corporation Data Controllers Vulnerabilities that was published June 2, 2016, on the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified data controller...