PT-2022-3160 · Emerson · Emerson Deltav Distributed Control System

Name of the Vulnerable Software and Affected Versions: Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 Description: The issue is related to the misuse of passwords and the use of hardcoded credentials in the TELNET service on port 18550, which provides...

MAL-2022-454 Malicious code in @nerv-hq/control-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 20a7e7877cb0a7188b9fdc4feb0645afa1aa7cd1998ce9a61e3c170eb714cf35 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Trellix Threat Labs Uncovers Critical Flaws in Widely Used Building Access Control System

Trellix Threat Labs Uncovers Critical Flaws in Widely Used Building Access Control System By Trellix · June 9, 2022 This story was also written by Steve Povolny and Sam Quinn. Today at the Hardwear.io Security Trainings and Conference, Trellix Threat Labs is sharing new research into...

subversion:1.14 security update

An update is available for subversion, utf8proc, libserf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Subversion SVN is a concurrent version control system...

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software lies in the improper limitation of the path name to the restricted access directory. This allows a malicious actor to load any file into any directory of the file system.

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to download any file into any directory of the file system b...

The vulnerability of the SCADA system “SKADA-NEV” is related to insufficient restrictions on authentication attempts, allowing a intruder to gain access to the user account.

The vulnerability of the SCADA system “SKADA-NEV” is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the user account by force...

Horner Automation Cscape Csfont Out-of-Bounds Reading Vulnerability

Horner Automation Cscape is a programming software for industrial control system development from Horner Automation, Inc. An out-of-bounds read vulnerability exists in Horner Automation Cscape Csfont, which can be exploited by attackers to execute arbitrary code...

Horner Automation Cscape Csfont Buffer Overflow Vulnerability

Horner Automation Cscape is a set of programming software for industrial control system development from Horner Automation, Inc. A buffer overflow vulnerability exists in Horner Automation Cscape Csfont, which can be exploited by attackers to execute arbitrary code...

Horner Automation Cscape Csfont Out-of-Bounds Writing Vulnerability

Horner Automation Cscape is a programming software for industrial control system development from Horner Automation, Inc. An out-of-bounds write vulnerability exists in Horner Automation Cscape Csfont, which can be exploited by attackers to execute arbitrary code...

Horner Automation Cscape Csfont Out-of-Bounds Write Vulnerability (CNVD-2022-64133)

Horner Automation Cscape is a programming software for industrial control system development from Horner Automation, Inc. An out-of-bounds write vulnerability exists in Horner Automation Cscape Csfont, which can be exploited by attackers to execute arbitrary code...

vulhub

This repository is an offensive tool for web application security training and testing. It is a collection of vulnerable web applications and tools for testing and training purposes. The repository contains a variety of vulnerable applications, including web servers, databases, and other web-base...

Keysight N6854A Geolocation server and N6841A RF Sensor software

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Keysight Technologies, Inc. Equipment: N6854A Geolocation server and N6841A RF Sensor software Vulnerabilities: Relative Path Traversal, Deserialization of Untrusted Data 2. RISK EVALUATION Successful...

subversion security update

An update is available for subversion. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Subversion SVN is a concurrent version control system which enables one or...

CVE-2021-33021

xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘edate’ of the resource xhisalarm.htm, which may allow an unauthorized attacker to execute arbitrary code...

Important: Red Hat Security Advisory: subversion:1.10 security update

An update for the subversion:1.10 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

Siemens SIMATIC WinCC Kiosk Mode Incorrect Initialization Vulnerability

SIMATIC PCS 7 is a process control system.SIMATIC WinCC is an automated data acquisition and monitoring SCADA system.SIMATIC WinCC Runtime Professional is a visual runtime platform for operators to control and monitor machines and equipment. A security vulnerability exists in Siemens SIMATIC WinC...

Siemens Desigo PXC and DXR Devices have unspecified vulnerabilities

Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA Total Room Automation applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use...

Eaton Intelligent Power Manager

1. EXECUTIVE SUMMARY CVSS v3 5.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Eaton Equipment: Intelligent Power Manager IPM v1 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the server virtualization automation design (Automation Design) SCADA system Yokogawa CENTUM VP’s network protocol implementation allows a hacker to exploit the functions provided by the AD server.

The vulnerability of the server network protocol implementation in the Automation Design SCADA system of Yokogawa CENTUM VP is related to errors during the authentication process. Exploiting this vulnerability allows a malicious actor to utilize the features provided by the AD server...

Rockwell Automation ISaGRAF5 Runtime Cleartext Transmission of Sensitive Information (CVE-2020-25178)

ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote...