P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery Add Admin Google Dork:jizhicms Exploit Author: iej1ctk1g Product web page: https://www.p5.hu Affected version: 1.0.20, 1.0.11 CVE : N/A !-- P5 FNIP-8x16A/FNIP-4xSH...

P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery (Add Admin)

Exploit Title: P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery Add Admin Google Dork:jizhicms Date: 2020-04-18 Exploit Author: iej1ctk1g Product web page: https://www.p5.hu Affected version: 1.0.20, 1.0.11 CVE : N/A !-- P5 FNIP-8x16A/FNIP-4xSH CSRF Stored Cross-Site Scripting Vendor: ...

Fedora: Security Advisory for git (FEDORA-2020-cdef88bb89)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Buffer Overflow Vulnerability in GE Control System ACTIVEX Control (CNVD-2020-26344)

General Electric GE is a global digital industrial company that creates software-defined machines that are connected, responsive and predictive to transform traditional industries. A buffer overflow vulnerability exists in the ACTIVEX control of the GE control system, which can be exploited by an...

Buffer overflow vulnerability in GE control system ACTIVEX control (CNVD-2020-26342)

General Electric GE is a global digital industrial company that creates software-defined machines that are connected, responsive and predictive to transform traditional industries. A buffer overflow vulnerability exists in the ACTIVEX control of the GE control system, which can be exploited by an...

Denial of Service Vulnerability in Configuration King HistorySvr

Configuration King, i.e. Configuration King development monitoring system software, is a new type of industrial automatic control system, which replaces the traditional closed system with an integrated system composed of standard industrial computer software and hardware platforms. There is a...

CVE-2019-5105

creationtimestamp| type| source ---|---|--- 2020-03-30 09:47:43+00:00| seen| https://t.me/cibsecurity/10817 2026-03-17 12:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01...

CVE-2020-5551

Toyota 2017 Model Year DCU Display Control Unit allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus LC, LS, NX, RC, RC F, TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the...

Design/Logic Flaw

Toyota 2017 Model Year DCU Display Control Unit allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus LC, LS, NX, RC, RC F, TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the...

Advantech WebAccess

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote code execution. 3. TECHNICAL DETAILS 3.1...

Schneider Electric Interactive Graphical SCADA System Path Traversal Vulnerability

Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. A path traversal vulnerability exists in Schneider Electric IGSS Interactive Graphical SCADA...

ABB Asset Suite

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: Asset Suite Vulnerability: Authorization Bypass Through User-Controlled Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker access to...

ICSA-20-051-01_B&R Automation Studio and Automation Runtime

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: B&R Industrial Automation GmbH Equipment: Automation Studio and Automation Runtime Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability may allow a...

Schneider Electric Magelis HMI Panels

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Magelis HMI Panel Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a...

Schneider Electric Modicon Ethernet Serial RTU

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Modicon BMXNOR0200H Vulnerabilities: Improper Check for Unusual or Exceptional Conditions, Improper Access Control 2. RISK EVALUATION Successful exploitation of these...

Pen Testing Ships. A year in review

Partially driven by the upcoming inclusion of Cyber Security by the IMO International Maritime Organisation, 2019 was a really busy year for maritime security testing at PTP. What can we all learn from a year of evaluating the security of ships? We’ve been involved in all sorts of ship testing,...

Command Execution Vulnerability in Schneider 500NAC/500NSHAC Building Control System

The Schneider 500NAC/500NSHAC is a building control system from the French company Schneider Electric Schneider Electric. A command execution vulnerability exists in the Schneider 500NAC/500NSHAC building control system that can be exploited by an attacker to upload malicious files...

SQL Injection Vulnerability in Intelligent Meter Management System of Qingdao Automation Instrument Co.

Intelligent meter cluster management system is an industrial control management system that controls statistics and manages some of the data in the energy industry. There is a SQL injection vulnerability in the Intelligent Instrumentation System of Qingdao Automation Instrumentation Co., Ltd, whi...

CentOS 7 : git (RHSA-2020:0124)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0124 advisory. - An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are...

CentOS Update for emacs-git CESA-2020:0124 centos7

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...