SQL Injection Vulnerability in Business Control System of Taiyuan ECS Software Technology Co.

Ltd. is an Internet software development and system integration enterprise relying on Internet information and Internet of Things IoT technology to provide enterprises with complete smart factory solutions. There is a SQL injection vulnerability in the business control system of Taiyuan Easysoft...

GitLab Access Control Error Vulnerability (CNVD-2021-22453)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab after version...

GE MU320E

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: MU320E Vulnerabilities: Use of Hard-coded Password, Execution with Unnecessary Privileges, Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of these...

SOYAL Biometric Access Control System 5.0 Weak Default Credentials

SOYAL Biometric Access Control System 5.0 Weak Default Credentials Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com Affected version: AR-727 i/CM - F/W: 5.0 AR837E/EF - F/W: 4.3 AR725Ev2 - F/W: 4.3 191231 AR331/725E - F/W: 4.2 AR837E/EF - F/W: 4...

SOYAL 701Client 9.0.1 Insecure Permissions

Summary 701 Client is the user interface software for the access control system. It is used for adding and deleting tokens, setting door groups for access, setting time zones for limiting access and monitoring ingress and egress on a live system, among other things. Description The application...

Hitachi ABB Power Grids AFS Series

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Low skill level to exploit Vendor: Hitachi ABB Power Grids Equipment: AFS Series Vulnerability: Infinite Loop 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition on one of the ports in a HSR ring...

CVE-2021-21300

Summary: CVE-2021-21300 affects Git when cloning into case-insensitive file systems and using certain clean/smudge filters (e.g., Git LFS). A specially crafted repository containing symbolic links and files processed by these filters can cause an unchecked script to run during checkout. Affected ...

Siemens LOGO! 8 BM

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Command Execution Vulnerability in Splashtop Streamer

Splashtop Streamer is a remote control system. Splashtop Streamer suffers from a command execution vulnerability. An attacker can exploit this vulnerability to gain server privileges...

Rockwell Automation Logix Controllers (Update A)

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers Vulnerability: Insufficiently Protected Credentials 2. UPDATE INFORMATION This updated advisory is a...

CVE-2021-21702

creationtimestamp| type| source ---|---|--- 2021-02-15 07:46:08+00:00| seen| https://t.me/cibsecurity/23584 2023-12-12 01:16:05+00:00| seen| https://t.me/arpsyndicate/1784 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

Important: Red Hat Security Advisory: subversion:1.10 security update

An update for the subversion:1.10 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

subversion:1.10 security update

An update is available for subversion, utf8proc, libserf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Subversion SVN is a concurrent version control system...

[SECURITY] [DSA 4851-1] subversion security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4851-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 13, 2021 https://www.debian.org/security/faq -...

SIMATIC PCS 7 和 SIMATIC WinCC 授权问题漏洞

Siemens SIMATIC WinCC is an automated data acquisition and monitoring SCADA system from Siemens, Germany. A security vulnerability exists in Siemens SIMATIC WinCC. The vulnerability is caused due to an insecure password authentication process, which can be exploited by an attacker to bypass the...

Vulnerability fixed in Simatic WinCC and PCS7

Siemens has fixed a vulnerability in Simatic WinCC Graphics Designer Tool and PCS7. a local malicious person could exploit it to gain access to a user, even any password-protected ones. To exploit the vulnerability, the malicious party needs physical access to the system where the vulnerable...

Horner Automation Cscape

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Horner Automation Equipment: Cscape Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability may allow code execution in the context of the current process. 3. TECHNICAL...

Announcing the general availability of Azure Defender for IoT

As businesses increasingly rely on connected devices to optimize their operations, the number of IoT and Operational Technology OT endpoints is growing dramatically—industry analysts have estimated that CISOs will soon be responsible for an attack surface multiple times larger than just a few yea...

Announcing the general availability of Azure Defender for IoT

As businesses increasingly rely on connected devices to optimize their operations, the number of IoT and Operational Technology OT endpoints is growing dramatically—industry analysts have estimated that CISOs will soon be responsible for an attack surface multiple times larger than just a few yea...

Honeywell OPC UA Tunneller

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Matrikon, a subsidiary of Honeywell Equipment: OPC UA Tunneller Vulnerabilities: Heap-based Buffer Overflow, Out-of-bounds Read, Improper Check for Unusual or Exceptional Conditions, Uncontrolled...