How Iran's Hackers Might Strike Back After Soleimani's Assassination

From data-destroying wipers to industrial control system hacking, Iran has a potent arsenal of cyberattacks at its disposal...

[SECURITY] Fedora 31 Update: git-2.24.1-1.fc31

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...

CVE-2019-13533

CVE-2019-13533 affects Omron PLC CJ and CS series (all versions). The vulnerability allows an attacker to monitor PLC-controller traffic and replay requests, potentially opening/closing industrial valves (authentication bypass via capture-replay). Affected products are Omron CJ/CS series PLCs; mi...

Siemens SPPA-T3000 Deserialization Untrusted Data Vulnerability

The SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants. A security vulnerability exists in the Siemens SPPA-T3000. An attacker could exploit the vulnerability to execute arbitrary code...

Siemens SPPA-T3000 improper authentication vulnerability (CNVD-2019-44769)

The SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants. A security vulnerability exists in the Siemens SPPA-T3000. An attacker with network access to the application server could cause a denial of service condition by sending...

Symantec Industrial Control System Protection CVE-2019-18380 Unauthorized Access Vulnerability

Description Symantec Industrial Control System Protection is prone to an unauthorized access vulnerability. An attacker can exploit this issue to gain unauthorized access and perform unintended actions. This may lead to further attacks. Symantec Industrial Control System Protection 6.x.x versions...

Symantec ICSP Unauthorized Access

SUMMARY Symantec has released an update to address an issue that was discovered in the Industrial Control System Protection ICSP product. AFFECTED PRODUCTS Industrial Control System Protection ICSP --- CVE | Affected Versions | Remediation CVE-2019-18380 | ICSP 6.x.x | Upgrade to ICSP 6.1.1.123...

ABB Relion 670 Series

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: Relion 670 Series Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to read and delete files on the device. 3...

eMerge E3 1.00-06 - Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications Exploit Title: eMerge E3 1.00-06 - Cross-Site Request Forgery Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 1.00-06...

ICS Attackers Set To Inflict More Damage With Evolving Tactics

Future attacks on industrial control system ICS networks may inflict even more damage in the long run, according to new research. Analysts expect them to evolve from attacks that have immediate, direct impact to those with multiple stages and attack vectors that are more stealthy. While it remain...

The vulnerability of the embedded web-server microprogramming software for Moxa MGate models MB3170, MB3180, MB3270, MB3280, MB3480, and MB3660 allows a hacker to intercept administrator credentials and other confidential information, gaining access to the control system.

The vulnerability of the embedded web-server microprogramming system controllers from Moxa, models MB3170, MB3180, MB3270, MB3280, MB3480, and MB3660, stems from the default use of the HTTP protocol during the implementation of the “Basic HTTP Authentication” method. Exploiting this vulnerability...

The vulnerability of the microprogrammed software of Moxa EDS-G516E and Moxa EDS-510E switches, which is related to the default use of the HTTP protocol, allows attackers to intercept administrator credentials and other confidential information, thereby gaining access to the control system.

The vulnerability of the microprogrammed software of Moxa EDS-G516E and Moxa EDS-510E switches is related to the default use of the HTTP protocol in implementing the “Basic HTTP Authentication” method. Exploiting this vulnerability allows a malicious actor to remotely intercept administrator...

Weak Password Vulnerability in Mingguo Database Audit and Risk Control System of Hangzhou ACE Information Technology Co.

The Meiji Database Audit and Risk Control System is a database protocol parsing device, capable of parsing the access traffic to and from the core database at the datagram field level. There is a weak password vulnerability in the database audit and risk control system of Hangzhou ACE Information...

Advantech WebAccess

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Advantech Equipment : WebAccess Vulnerabilities : Code Injection, Command Injection, Stack-based Buffer Overflow, Improper Authorization 2. RISK EVALUATION Successful exploitation of these...

Google Chrome Security Updates (stable-channel-update-for-desktop-2019-09) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

OSIsoft PI SQL Client

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: OSIsoft LLC Equipment: OSIsoft PI SQL Client Vulnerability: Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote code execution or cause a denial of service,...

DEF CON 2019: Delta ICS Flaw Allows Total Industrial Takeover

A serious vulnerability in a commonly used Delta industrial control system has been found that could allow malicious actors on the same network complete control of the operating system. The Delta enteliBUS Manager centralizes control for various pieces of hardware often found in corporate or...

HVACking: Understanding the Delta Between Security and Reality

ARCHIVED STORY HVACking: Understanding the Delta Between Security and Reality By Douglas McKee · August 09, 2019 The McAfee Labs Advanced Threat Research team is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesses and...

Industrial Security Featuring Delta's enteliBUS Manager

ARCHIVED STORY From Building Control to Damage Control: A Case Study in Industrial Security Featuring Delta's enteliBUS Manager By Mark Bereza · August 09, 2019 Management. Control. It seems that you can’t stick five people in a room together without one of them trying to order the others around...

FANUC 16i-MA Control System

Binary data 764777.prm...