Lucene search
K

25 matches found

Packet Storm News
Packet Storm News
added 2026/04/09 12:0 a.m.4 views

OpenSCAP Libraries 1.4.4

The openscap project is a set of open source libraries that support the SCAP Security Content Automation Protocol set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF...

5.9AI score
Exploits0
Cvelist
Cvelist
added 2026/03/20 11:19 p.m.29 views

CVE-2026-24060 Automated Logic WebCTRL Premium Server Cleartext Transmission of Sensitive Information

Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...

9.1CVSS0.002EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/20 11:17 p.m.29 views

CVE-2026-32666 Automated Logic WebCTRL Premium Server Authentication Bypass by Spoofing

WebCTRL systems that communicate over BACnet inherit the protocol's lack of network layer authentication. WebCTRL does not implement additional validation of BACnet traffic so an attacker with network access could spoof BACnet packets directed at either the WebCTRL server or associated...

7.5CVSS0.00328EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.14 views

PT-2026-26701

Name of the Vulnerable Software and Affected Versions WebCTRL affected versions not specified Description WebCTRL systems utilizing BACnet communication are susceptible to an issue stemming from the protocol's inherent lack of network layer authentication. The software does not perform additional...

7.5CVSS5.8AI score0.00328EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/12/02 10:31 p.m.7 views

CVE-2025-0658

A vulnerability in Automated Logic and Carrier's Zone Controller via BACnet protocol causes the device to crash. The device enters a fault state; after a reset, a second packet can leave it permanently unresponsive until a manual power cycle is performed...

8.7CVSS6.8AI score0.00291EPSS
Exploits0References1
NVD
NVD
added 2025/11/27 1:15 a.m.6 views

CVE-2025-0657

A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drvgen5106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibility...

8.8CVSS0.00291EPSS
Exploits0References1
CVE
CVE
added 2025/11/27 1:0 a.m.26 views

CVE-2025-0658

The CVE-2025-0658 entry concerns Automated Logic and Carrier’s Zone Controller devices exposed to BACnet protocol. The vulnerability leads to a crash and a fault state; after a reset, a second BACnet packet can render the device permanently unresponsive until a manual power cycle. Documents consi...

8.7CVSS6.4AI score0.00291EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/11/24 12:0 a.m.6 views

OpenSCAP Libraries 1.4.3

The openscap project is a set of open source libraries that support the SCAP Security Content Automation Protocol set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.5 views

Siemens APOGEE PXC and TALON TC Series Expected Behavior Violation (CVE-2025-40555)

Affected devices start sending unsolicited BACnet broadcast messages after processing a specific BACnet createObject request. This could allow an attacker residing in the same BACnet network to send a specially crafted message that results in a partial denial of service condition of the targeted...

5.3CVSS5.9AI score0.00179EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/12/25 12:0 a.m.4 views

PT-2023-31891 · Unknown · Bacnet Stack

Name of the Vulnerable Software and Affected Versions: BACnet Stack versions prior to 1.3.2 Description: The issue is related to a decode function APDU buffer over-read in the bacapp decode application data function in bacapp.c. This over-read occurs in versions of the BACnet Stack before 1.3.2...

9.1CVSS7.4AI score0.01053EPSS
Exploits0References8
OSV
OSV
added 2023/07/17 9:15 p.m.4 views

CVE-2023-38405

On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash...

7.5CVSS5.8AI score0.00515EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/07/14 12:0 a.m.5 views

PT-2023-8301 · D Link · D-Link Dir-X3260

Name of the Vulnerable Software and Affected Versions: D-Link DIR-X3260 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. The specific flaw exists within the prog.cgi binary,...

7.2CVSS7.4AI score0.01126EPSS
Exploits0References6
Rockylinux
Rockylinux
added 2023/02/28 10:16 a.m.33 views

openscap bug fix and enhancement update

An update is available for openscap. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The OpenSCAP suite enables integration of the Security Content Automation...

1.8AI score
Exploits0
Rockylinux
Rockylinux
added 2023/02/22 1:8 a.m.23 views

openscap bug fix and enhancement update

An update is available for openscap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The OpenSCAP suite enables integration of the Security Content Automation...

1.8AI score
Exploits0
Rockylinux
Rockylinux
added 2023/02/22 1:8 a.m.14 views

scap-security-guide bug fix and enhancement update

An update is available for scap-security-guide. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The scap-security-guide project provides a guide for configuratio...

0.4AI score
Exploits0
AlmaLinux
AlmaLinux
added 2021/11/02 10:34 a.m.16 views

openscap bug fix and enhancement update

The OpenSCAP suite enables integration of the Security Content Automation Protocol SCAP line of standards. The openscap packages provide the OpenSCAP library and the oscap utility that provides various SCAP capabilities. Bug Fixes and Enhancements: Error when scanning DISA-STIG OpenSCAP profile o...

7.1AI score
Exploits0
Ivan 'd0znpp' Novikov
Ivan 'd0znpp' Novikov
added 2021/08/26 12:43 p.m.43 views

Common Vulnerabilities and Exposures Explained

What is a Vulnerability? A weakness can be characterized as a shortcoming that can be misused by a digital assailant to get through your security and gain unauthorized admittance to classified documents. Defects will ensure that aggressors run programs, acquire section admittance to your document...

0.2AI score
Exploits0
CNVD
CNVD
added 2019/12/21 12:0 a.m.3 views

Beckhoff TwinCAT Elevation of Privilege Vulnerability

Beckhoff TwinCAT is a suite of programming software for Programmable Logic Controllers PLCs from Beckhoff in Germany. A security vulnerability exists in Beckhoff TwinCAT version 2/3. The vulnerability can be exploited to execute code with SYSTEM privileges using the Beckhoff ADS protocol...

9.8CVSS7.3AI score0.05302EPSS
Exploits1References1
Information Security Automation
Information Security Automation
added 2018/09/01 6:12 p.m.434 views

Assessing Linux Security Configurations with SCAP Workbench

Recently I had a chance to work with OpenSCAP. It's a set of free and open-source tools for Linux Configuration Assessment and a collection security content in SCAP Security Content Automation Protocol format. In this post I will write about SCAP Workbench. It is a GUI application that can check...

Exploits0
OSV
OSV
added 2018/06/27 7:29 p.m.4 views

CVE-2017-16718

Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption...

5.9CVSS5.8AI score0.00423EPSS
Exploits0References1
Rows per page
Query Builder