205 matches found
CVE-2016-2307
CVE-2016-2307 affects American Auto-Matrix Building Automation Front-End Solutions: specifically the Aspect-Nexus Building Automation Front-End Solutions app versions prior to 3.0.0 and the Aspect-Matrix Front-End Solutions app (all versions). The vulnerability stems from Local File Inclusion (CW...
CVE-2016-2307
American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application allow remote attackers to read arbitrary files via unspecified vectors, as demonstrated by the configuration file...
CVE-2016-2308
The CVE-2016-2308 vulnerability affects American Auto-Matrix Building Automation Front-End Solutions (Aspect-Nexus and Aspect-Matrix) applications prior to version 3.0.0, where passwords are stored in clear text. This enables a remote attacker to read sensitive information from a file on the host...
CVE-2016-2308
American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application store passwords in cleartext, which allows remote attackers to obtain sensitive information by reading a file...
fox-info NSE Script
Tridium Niagara Fox is a protocol used within Building Automation Systems. Based off Billy Rios and Terry McCorkle's work this Nmap NSE will collect information from A Tridium Niagara system. Example Usage nmap --script fox-info.nse -p 1911 Script Output 1911/tcp open Niagara Fox | fox-info: |...
Scan Reveals Hydropower Plants, Other Critical Infrastructure Exposed Online
An Internet scan of the IPv4 address space uncovered more than 100 critical facilities exposed to the public Internet, including hydropower plants in Germany and Italy, and a smart building in Israel hosting luxury apartments. The investigation, conducted by researchers at Internet Wache of Berli...
BACnet Detection
A BACnet Service is running at this host. BACnet is a communications protocol for building automation and control networks. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
American Auto-Matrix Front-End Solutions Vulnerabilities
OVERVIEW Independent researcher Maxim Rupp has identified a local file inclusion and a plain text storage of password vulnerabilities in American Auto-Matrix’s Building Automation Front-End Solutions application. The Aspect-Matrix hardware platform was made end of life in 2015 and will no longer...
KMC Controls BAC-5051E Cross-Site Request Forgery Vulnerability
KMC Controls BAC-5051E is a router product for use in building automation systems from KMC Controls, USA. A cross-site request forgery vulnerability exists in the KMC Controls BAC-5051E using firmware versions prior to E0.2.0.2. A remote attacker could exploit this vulnerability to disclose the...
Wago Shell
Added: 03/31/2016 Background Wago PLCs are used in Factory and building automation. Wago ethernet PLCs are connected by IP and can be administered remotely. Problem Wago PLC devices use CoDeSyS protocols to program the device. If the programming ports are left open an attacker is able to upload,...
Wago Shell
Added: 03/31/2016 Background Wago PLCs are used in Factory and building automation. Wago ethernet PLCs are connected by IP and can be administered remotely. Problem Wago PLC devices use CoDeSyS protocols to program the device. If the programming ports are left open an attacker is able to upload,...
Schneider Electric SBO / AS - Multiple Vulnerabilities
Exploit Title: Schneider Electric SBO / AS Multiple Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: www.schneider-electric.com Versions Reported: Automation Server Series AS, AS-P, v1.7 and prior CVE-ID: CVE-2016-2278 About Schneider Electric’s corporate headquarters is located in...
CVE-2016-2278
Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh aka Minimal Shell protection mechanism...
The vulnerability of the Web server for visualizing BACnet/IP network controllers, SAUTER moduWeb Vision, allows a intruder to inject arbitrary Web or HTML code.
The vulnerability of the BACnet/IP network controller visualization web server from SAUTER moduWeb Vision exists due to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using a specially craft...
The vulnerability of the web server for visualizing BACnet/IP network controllers, SAUTER moduWeb Vision, allows a intruder to obtain confidential information.
The vulnerability of the BACnet/IP network controller visualization web server, SAUTER moduWeb Vision, is related to the transmission of data in an open manner. Exploiting this vulnerability could allow a malicious actor to obtain confidential information by listening to network traffic...
KMC Controls Conquest BACnet Router Vulnerabilities
OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on May 5, 2016, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified authentication and cross-site request forgery CSRF vulnerabilities in KMC Controls’ Conquest...
Schneider Electric StruxureWare Building Expert Security Patch
Industrial control manufacturer Schneider Electric has published new firmware for its StruxureWare Building Expert building automation system that patches a remotely exploitable vulnerability. Researcher Artyom Kurbatov discovered that the system transmits user credentials in plaintext between th...
Attacking ICS Systems 'Like Hacking in the 1980s'
PUNTA CANA–Here’s how nuts the world of ICS security is: Jonathan Pollet, a security consultant who specializes in ICS systems, was at a Texas amusement park recently and the ride he was waiting for was malfunctioning. The operator told him the ride used a Siemens PLC as part of the control syste...
HVAC Vendor: Data Connection to Target was Billing System
The heating, ventilation and air conditioning contractor linked to the Target breach said its data connection to the giant retailer was “exclusively for electronic billing, contract submission and project management,” the company’s president and owner said yesterday. Ross E. Fazio said in a...
Wonderware Intelligence Tableau Server Ruby on Rails Improper Input Validation (Update A)
Overview This updated advisory was orignally posted to the US-CERT secure Portal library on February 5, 2013, and is now being released to the ICS-CERT Web page. Mitigation details for multiple vulnerabilities that impact third-party software integrated into the Invensys Wonderware Intelligence...