Lucene search
K

205 matches found

CVE
CVE
added 2016/10/05 10:0 a.m.54 views

CVE-2016-2307

CVE-2016-2307 affects American Auto-Matrix Building Automation Front-End Solutions: specifically the Aspect-Nexus Building Automation Front-End Solutions app versions prior to 3.0.0 and the Aspect-Matrix Front-End Solutions app (all versions). The vulnerability stems from Local File Inclusion (CW...

7.5CVSS7.4AI score0.01491EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2016/10/05 10:0 a.m.20 views

CVE-2016-2307

American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application allow remote attackers to read arbitrary files via unspecified vectors, as demonstrated by the configuration file...

7.5AI score0.01491EPSS
Exploits0References1
CVE
CVE
added 2016/10/05 10:0 a.m.45 views

CVE-2016-2308

The CVE-2016-2308 vulnerability affects American Auto-Matrix Building Automation Front-End Solutions (Aspect-Nexus and Aspect-Matrix) applications prior to version 3.0.0, where passwords are stored in clear text. This enables a remote attacker to read sensitive information from a file on the host...

8.6CVSS8.1AI score0.01363EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2016/10/05 10:0 a.m.19 views

CVE-2016-2308

American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application store passwords in cleartext, which allows remote attackers to obtain sensitive information by reading a file...

8.3AI score0.01363EPSS
Exploits0References1
Nmap
Nmap
added 2016/09/07 3:49 a.m.365 views

fox-info NSE Script

Tridium Niagara Fox is a protocol used within Building Automation Systems. Based off Billy Rios and Terry McCorkle's work this Nmap NSE will collect information from A Tridium Niagara system. Example Usage nmap --script fox-info.nse -p 1911 Script Output 1911/tcp open Niagara Fox | fox-info: |...

10CVSS9.3AI score0.99448EPSS
Exploits33
ThreatPost
ThreatPost
added 2016/07/15 2:9 p.m.13 views

Scan Reveals Hydropower Plants, Other Critical Infrastructure Exposed Online

An Internet scan of the IPv4 address space uncovered more than 100 critical facilities exposed to the public Internet, including hydropower plants in Germany and Italy, and a smart building in Israel hosting luxury apartments. The investigation, conducted by researchers at Internet Wache of Berli...

7.5AI score
Exploits0References1
OpenVAS
OpenVAS
added 2016/07/12 12:0 a.m.18 views

BACnet Detection

A BACnet Service is running at this host. BACnet is a communications protocol for building automation and control networks. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.1AI score
Exploits0References1
ICS
ICS
added 2016/07/03 6:0 a.m.27 views

American Auto-Matrix Front-End Solutions Vulnerabilities

OVERVIEW Independent researcher Maxim Rupp has identified a local file inclusion and a plain text storage of password vulnerabilities in American Auto-Matrix’s Building Automation Front-End Solutions application. The Aspect-Matrix hardware platform was made end of life in 2015 and will no longer...

8.6CVSS8.7AI score0.01491EPSS
Exploits0References10
CNVD
CNVD
added 2016/06/12 12:0 a.m.6 views

KMC Controls BAC-5051E Cross-Site Request Forgery Vulnerability

KMC Controls BAC-5051E is a router product for use in building automation systems from KMC Controls, USA. A cross-site request forgery vulnerability exists in the KMC Controls BAC-5051E using firmware versions prior to E0.2.0.2. A remote attacker could exploit this vulnerability to disclose the...

8.8CVSS6.7AI score0.00602EPSS
Exploits0References1
Saint
Saint
added 2016/03/31 12:0 a.m.45 views

Wago Shell

Added: 03/31/2016 Background Wago PLCs are used in Factory and building automation. Wago ethernet PLCs are connected by IP and can be administered remotely. Problem Wago PLC devices use CoDeSyS protocols to program the device. If the programming ports are left open an attacker is able to upload,...

7.5AI score
Exploits0
Saint
Saint
added 2016/03/31 12:0 a.m.40 views

Wago Shell

Added: 03/31/2016 Background Wago PLCs are used in Factory and building automation. Wago ethernet PLCs are connected by IP and can be administered remotely. Problem Wago PLC devices use CoDeSyS protocols to program the device. If the programming ports are left open an attacker is able to upload,...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2016/03/03 12:0 a.m.79 views

Schneider Electric SBO / AS - Multiple Vulnerabilities

Exploit Title: Schneider Electric SBO / AS Multiple Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: www.schneider-electric.com Versions Reported: Automation Server Series AS, AS-P, v1.7 and prior CVE-ID: CVE-2016-2278 About Schneider Electric’s corporate headquarters is located in...

9CVSS6.9AI score0.13426EPSS
Exploits7
Cvelist
Cvelist
added 2016/03/02 11:0 a.m.24 views

CVE-2016-2278

Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh aka Minimal Shell protection mechanism...

7.2AI score0.13426EPSS
Exploits7References3
BDU FSTEC
BDU FSTEC
added 2016/03/02 12:0 a.m.8 views

The vulnerability of the Web server for visualizing BACnet/IP network controllers, SAUTER moduWeb Vision, allows a intruder to inject arbitrary Web or HTML code.

The vulnerability of the BACnet/IP network controller visualization web server from SAUTER moduWeb Vision exists due to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using a specially craft...

3.5CVSS7.1AI score0.00719EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2016/03/02 12:0 a.m.7 views

The vulnerability of the web server for visualizing BACnet/IP network controllers, SAUTER moduWeb Vision, allows a intruder to obtain confidential information.

The vulnerability of the BACnet/IP network controller visualization web server, SAUTER moduWeb Vision, is related to the transmission of data in an open manner. Exploiting this vulnerability could allow a malicious actor to obtain confidential information by listening to network traffic...

10CVSS7.8AI score0.02473EPSS
Exploits0References2
ICS
ICS
added 2016/02/06 7:0 a.m.70 views

KMC Controls Conquest BACnet Router Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on May 5, 2016, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified authentication and cross-site request forgery CSRF vulnerabilities in KMC Controls’ Conquest...

8.8CVSS8.5AI score0.01232EPSS
Exploits0References10
ThreatPost
ThreatPost
added 2015/09/16 4:15 p.m.12 views

Schneider Electric StruxureWare Building Expert Security Patch

Industrial control manufacturer Schneider Electric has published new firmware for its StruxureWare Building Expert building automation system that patches a remotely exploitable vulnerability. Researcher Artyom Kurbatov discovered that the system transmits user credentials in plaintext between th...

0.3AI score
Exploits0References6
ThreatPost
ThreatPost
added 2014/02/11 12:48 p.m.6 views

Attacking ICS Systems 'Like Hacking in the 1980s'

PUNTA CANA–Here’s how nuts the world of ICS security is: Jonathan Pollet, a security consultant who specializes in ICS systems, was at a Texas amusement park recently and the ride he was waiting for was malfunctioning. The operator told him the ride used a Siemens PLC as part of the control syste...

7.2AI score
Exploits0
ThreatPost
ThreatPost
added 2014/02/07 1:33 p.m.17 views

HVAC Vendor: Data Connection to Target was Billing System

The heating, ventilation and air conditioning contractor linked to the Target breach said its data connection to the giant retailer was “exclusively for electronic billing, contract submission and project management,” the company’s president and owner said yesterday. Ross E. Fazio said in a...

1.5AI score
Exploits0References4
ICS
ICS
added 2013/02/21 12:0 a.m.75 views

Wonderware Intelligence Tableau Server Ruby on Rails Improper Input Validation (Update A)

Overview This updated advisory was orignally posted to the US-CERT secure Portal library on February 5, 2013, and is now being released to the ICS-CERT Web page. Mitigation details for multiple vulnerabilities that impact third-party software integrated into the Invensys Wonderware Intelligence...

7.5CVSS0.4AI score0.99449EPSS
Exploits22References26
Rows per page
Query Builder