Honeywell Saia Burgess PG5 PCD

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable on adjacent network/low attack complexity Vendor: Honeywell Equipment: Saia Burgess PG5 PCD Vulnerabilities: Authentication Bypass, Use of a Broken or Risky Cryptographic Algorithm CISA is aware of a public report known as “OT:ICEFALL” that...

CIA Whistleblower Found Guilty of Leaking Vault 7 Documents to WikiLeaks

By Deeba Ahmed The Vault 7 leak included trojans, viruses, malware, zero-day exploits, malware remote control systems, and related documents dating… This is a post from HackRead.com Read the original post: CIA Whistleblower Found Guilty of Leaking Vault 7 Documents to WikiLeaks...

Rockwell Automation MicroLogix

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: MicroLogix 1100/1400 Vulnerability: Improper Restriction of Rendered UI Layers or Frames 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a...

CVE-2022-32087

creationtimestamp| type| source ---|---|--- 2022-07-02 00:40:12+00:00| seen| https://t.me/cibsecurity/45541 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

CVE-2022-32088

creationtimestamp| type| source ---|---|--- 2022-07-02 00:40:10+00:00| seen| https://t.me/cibsecurity/45539 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

CODESYS Gateway Server (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: CODESYS GmbH Equipment: CODESYS Gateway Server Vulnerability: Heap Based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-15-258-02 3S...

APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor

Entities located in Afghanistan, Malaysia, and Pakistan are in the crosshairs of an attack campaign that targets unpatched Microsoft Exchange Servers as an initial access vector to deploy the ShadowPad malware. Russian cybersecurity firm Kaspersky, which first detected the activity in mid-October...

PT-2022-4220 · Yokogawa · Exaopc +5

Name of the Vulnerable Software and Affected Versions: CENTUM CS 3000 versions R3.08.10 through R3.09.00 CENTUM VP versions R4.01.00 through R4.03.00 CENTUM VP versions R5.01.00 through R5.04.20 CENTUM VP versions R6.01.00 through R6.09.00 Exaopc versions R3.72.00 through R3.80.00 B/M9000 CS...

The vulnerability of Emerson DeltaV industrial control stations, related to the use of cryptographic algorithms containing vulnerabilities, allows an intruder to gain access to the system’s control interface.

The vulnerability of Emerson DeltaV industrial control stations lies in the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow an attacker operating remotely to gain access to the system’s control interface...

Motorola Solutions MOSCAD IP and ACE IP Gateways

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Motorola Solutions Equipment: MOSCAD IP Gateway and ACE IP Gateway Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in...

The vulnerability of the EpicMo protocol lies in its ability to exploit measurement-and-control controllers from the Experion LX, allowing attackers to cause service failures.

The vulnerability of the EpicMo protocol, which is implemented in measurement and control controllers of the Experion LX, is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

Elcomplus SmartICS

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Elcomplus LLC Equipment: SmartICS Vulnerabilities: Improper Access Control, Relative Path Traversal, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

CVE-2022-31625

creationtimestamp| type| source ---|---|--- 2022-06-16 12:21:16+00:00| seen| https://t.me/cibsecurity/44607 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

CVE-2022-31626

creationtimestamp| type| source ---|---|--- 2022-06-16 12:21:14+00:00| seen| https://t.me/cibsecurity/44605 2022-06-23 10:22:39+00:00| published-proof-of-concept| https://t.me/ptswarm/132 2022-06-23 23:53:55+00:00| published-proof-of-concept| https://t.me/MrVGunz/256 2022-06-25 12:47:01+00:00|...

CVE-2022-24946

Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V firmware versions "16" and prior, Mitsubishi Electric MELSEC-Q Series Q03UDECPU the first 5 digits of serial No. "24061" and prior, Mitsubishi Electric MELSEC-Q Series Q04/06/10/13/20/26/50/100UDEHCPU the...

Siemens Spectrum Power 信任管理问题漏洞

Spectrum Power provides the basic components for SCADA, communications and data modeling for control and monitoring systems. Application suites can be added to optimize network and generation management in all areas of energy management.Spectrum Power MGMS is an advanced control and optimization...

Mitsubishi Electric MELSEC-Q/L and MELSEC iQ-R

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: MELSEC-Q/L Series and iQ-R Series Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition and/or...

Meridian Cooperative Meridian

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Meridian Cooperative Equipment: Meridian Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a disclosure of sensitive information...

Vulnerabilities in Industrial Control Systems Lets Attackers Remotely Unlock Doors

By Deeba Ahmed In total, eight zero-day vulnerabilities have been detected in Carrier’s industrial control systems ICS which, if exploited, allow… This is a post from HackRead.com Read the original post: Vulnerabilities in Industrial Control Systems Lets Attackers Remotely Unlock Doors...

Researchers Disclose Critical Flaws in Industrial Access Controllers from HID Mercury

As many as four zero-day security vulnerabilities have been disclosed in the HID Mercury access controller system that's used widely in healthcare, education, transportation, and government facilities. "The vulnerabilities uncovered allowed us to demonstrate the ability to remotely unlock and loc...