RSA Conference 2019: The Sky's the Limit For Satellite Hacks

SAN FRANCISCO – The satellites orbiting the world are rife with vulnerabilities – and as more satellites go up, and antenna equipment becomes cheaper, they are becoming a lucrative target for threat actors back on earth, according to researchers. William Malik, vice president of infrastructure...

Rockwell Automation RSLinx Classic

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: RSLinx Classic Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to execute...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ versions 8 used by IBM Spectrum Conductor with Spark 2.2.0, 2.2.1 and IBM Spectrum Conductor 2.3.0. IBM Spectrum Conductor has addressed the applicable CVEs. Vulnerability Details If you run your own Java code using the...

Siemens Automation License Manager Detection (Windows SMB Login)

SMB login-based detection of Siemens Automation License Manager. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

What you can learn from Cisco Talos’ new oil pumpjack workshop

Paul Rascagneres wrote this blog post with contributions from Patrick DeSantis from Cisco Talos ARES Advanced Research/Embedded Systems. Executive summary Every day, more industrial control systems ICS become vulnerable to cyber attacks. As these massive, critical machines become more...

The vulnerability of the web interface of the Cisco Secure Access Control System allows a perpetrator to access confidential information.

The vulnerability of the Cisco Secure Access Control System’s web interface is related to incorrect processing of external XML entities when working with XML files. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information...

Yokogawa License Manager Service

1. EXECUTIVE SUMMARY CVSS v8.1 ATTENTION : Exploitable remotely Vendor : Yokogawa Equipment : License Manager Service Vulnerability : Unrestricted Upload of Files with Dangerous Type 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to remotely upload files,...

The vulnerability in the web interface of the Cisco Secure ACS control system allows a perpetrator to execute stored scripts across sites.

The vulnerability in the Cisco Secure ACS access control system’s web interface management interface is related to improper verification and the absence of encryption for user data. Exploiting this vulnerability allows a malicious actor to remotely execute stored scripts against the user’s web...

CVE-2018-0482 Cisco Prime Network Control System Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient...

CVE-2018-0482

Cisco Prime Network Control System (NCS) web-based management interface contains a stored XSS vulnerability due to insufficient validation of user-supplied input. An authenticated, remote attacker could lure a user into clicking a malicious link, causing arbitrary script execution in the web inte...

CVE-2018-0482

A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient...

CVE-2018-0482

A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient...

Cisco Prime Network Control System Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient...

Permission License Access Control Vulnerability in HOLLiAS_MACS Distributed Control System by HOLLiAS

HOLLIS Group is a professional automation company integrating R&D, production, sales and technical service. A privilege permission access control vulnerability exists in the HOLLiASMACS distributed control system of HOLLiS, which can be exploited by an attacker to overwrite the original password...

Code Execution Vulnerability in HOLLiAS_MACS Distributed Control System by HOLLiAS

HOLLIS Group is a professional automation company integrating R&D, production, sales and technical service. A code execution vulnerability exists in the HOLLiASMACS distributed control system of HOLLiS, which can be exploited by attackers to execute arbitrary code...

Information Disclosure Vulnerability in HOLLiAS_MACS Distributed Control System by HOLLiAS

HOLLIS Group is a professional automation company integrating R&D, production, sales and technical service. An information leakage vulnerability exists in the HOLLiASMACS distributed control system of HOLLiS, which can be exploited by an attacker to obtain a login password...

Secure Critical Infrastructure Top of Mind for U.S.

When it comes to cyber-threats and defense, the U.S. government says that critical infrastructure threats are a growing concern. Rob Joyce, senior advisor of cybersecurity strategy for the National Security Agency NSA, said that while attacks targeting the systems that power the manufacturing,...

[SECURITY] Fedora 28 Update: git-2.17.2-2.fc28

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...

Managing the Risk of IT-OT Convergence

A few years ago, it wasn’t easy getting executives on board with the concept of operational technology OT security. Having finally come around to acknowledging the need for information technology IT security, boards and C-suite executives at industrial enterprises were then faced with the...

git: arbitrary code execution via .gitmodules

An option injection flaw has been discovered in git when it recursively clones a repository with sub-modules. A remote attacker may configure a malicious repository and trick a user into recursively cloning it, thus executing arbitrary commands on the victim's machine...