Input Validation Vulnerability in Multiple Rockwell Automation Products

Rockwell Automation Allen-Bradley Compact GuardLogix 5370 controller and so on are programmable logic controller products of Rockwell Rockwell Automation. An input validation vulnerability exists in several Rockwell Automation products. An attacker could exploit this vulnerability to cause a deni...

Rockwell Automation Allen-Bradley CompactLogix and Compact GuardLogix (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Allen-Bradley CompactLogix and Compact GuardLogix Vulnerability: Improper Input Validation 2 UPDATE INFORMATION This updated advisory is a follow-up to the original...

PT-2018-3111 · Blender +1 · Blender +1

Name of the Vulnerable Software and Affected Versions: Blender version 2.78c Description: An integer overflow exists in the 'modifier mdef compact influences' functionality, allowing for a buffer overflow that can enable code execution under the context of the application. This issue can be...

Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service

This module sends a specially crafted packet to port 50000/UDP causing a denial of service of the affected Siemens SIPROTEC 4 and SIPROTEC Compact 'Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service', 'Description' = %q This module sends a specially crafted packet t...

ICSA-18-067-02_Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle Devices using the EN100 Ethernet Communication Module Extension (Update B)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIPROTEC 4, SIPROTEC Compact, and Reyrolle devices using the EN100 Ethernet communication module extension Vulnerability: Missing Authentication for Critical Function 2. UPDATE...

Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module < 4.25 - Denial of Service Exploit

Exploit for hardware platform in category dos / poc Exploit Title: Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module V4.25 - Denial of Service Exploit Author: M. Can Kurnaz Contact: https://twitter.com/0x43414e Vendor Homepage: https://www.siemens.com Version: All devices that include...

Siemens SIPROTEC 4 / Compact EN100 Ethernet Module Denial Of Service

Exploit Title: Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module V4.25 - Denial of Service Date: 14.02.2018 Exploit Author: M. Can Kurnaz Contact: https://twitter.com/0x43414e Vendor Homepage: https://www.siemens.com Version: All devices that include the EN100 Ethernet module version...

Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module 4.25 - Denial of Service

Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module 4.25 - Denial of Service Exploit Title: Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module V4.25 - Denial of Service Date: 14.02.2018 Exploit Author: M. Can Kurnaz Contact: https://twitter.com/0x43414e Vendor Homepage:...

Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module &lt; 4.25 - Denial of Service

Exploit Title: Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module V4.25 - Denial of Service Date: 14.02.2018 Exploit Author: M. Can Kurnaz Contact: https://twitter.com/0x43414e Vendor Homepage: https://www.siemens.com Version: All devices that include the EN100 Ethernet module version...

compact-brake.com XSS vulnerability

Open Bug Bounty ID: OBB-555416 Description| Value ---|--- Affected Website:| compact-brake.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Blender modifier_mdef_compact_influences integer overflow vulnerability

Blender is an open source cross-platform all-in-one 3D animation software, providing a series of animated short film production solutions from modeling, animation, materials, rendering, to audio processing, video editing and so on. An integer overflow vulnerability exists in Blender...

Siemens BACnet Field Panels (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: BACnet Field Panels Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Path Traversal 2. UPDATE INFORMATION This updated advisory is a follow-up to the...

CVE-2017-11222

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Product Representation Compact PRC engine. Successful exploitation could lead to arbitrary code execution...

Design/Logic Flaw

An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privileges to execute code with administrative privileges...

CVE-2017-3751

CVE-2017-3751 affects the ThinkPad Compact USB Keyboard with TrackPoint driver versions earlier than 1.5.5.0. The issue is an unquoted service path in the driver, enabling an attacker with local privileges to execute code with administrative privileges. Lenovo’s LEN-15061 advisory confirms the im...

CVE-2017-3751

An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privileges to execute code with administrative privileges...

July 18, 2017 – Morning Cyber Coffee Headlines – “Thomas Edison” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! July 18, 2017 - Headlines U.S. House Panel to Consider Self-Driving Car...

CVE-2017-2252

Untrusted search path vulnerability in self-extracting archive files created by File Compact Ver.5 version 5.10 and earlier, Ver.6 version 6.02 and earlier, Ver.7 version 7.02 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

CVE-2017-2252

Untrusted search path vulnerability in self-extracting archive files created by File Compact Ver.5 version 5.10 and earlier, Ver.6 version 6.02 and earlier, Ver.7 version 7.02 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

Design/Logic Flaw

Untrusted search path vulnerability in self-extracting archive files created by File Compact Ver.5 version 5.10 and earlier, Ver.6 version 6.02 and earlier, Ver.7 version 7.02 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...