1492 matches found
Fuji Electric Alpha7 PC Loader
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Alpha7 PC Loader Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED...
The vulnerability of the CAMS for HIS distributed control systems management component is related to violations of security design principles. This allows attackers to access protected information or cause service failures.
The vulnerability of the CAMS for HIS distributed control systems’ emergency message and event management components is related to violations of secure design principles. Exploiting this vulnerability could allow an attacker operating remotely to gain access to protected information or cause...
Critical Flaws in Popular ICS Platform Can Trigger RCE
Critical flaws in a popular platform used by industrial control systems ICS that allow for unauthorized device access, remote code execution RCE or denial of service DoS could threaten the security of critical infrastructure. OAS—offered by a company of the same name–makes it easy to transfer dat...
Matrikon OPC Server
1. EXECUTIVE SUMMARY CVSS v3 5.8 ATTENTION: Exploitable remotely Vendor: Matrikon, a subsidiary of Honeywell Equipment: Matrikon OPC Server Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote command...
CVE-2022-27640
A vulnerability has been identified in SIMATIC CP 442-1 RNA All versions V1.5.18, SIMATIC CP 443-1 RNA All versions V1.5.18. The affected devices improperly handles excessive ARP broadcast requests. This could allow an attacker to create a denial of service condition by performing ARP storming...
Circutor COMPACT DC-S BASIC
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Circutor Equipment: COMPACT DC-S BASIC Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a buffer overflow condition resulting in...
Got the security controls wrong in OT and maritime? Watch as engineers work around them
Industrial control systems security is slowly improving, partly a result of attention from regulators and lawmakers. However, we often see security controls implemented that don’t take account of the unique challenges that engineers looking after OT environments face. We see controls brought in...
Inkscape in Industrial Products
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Inkscape Equipment: Inkscape, an open-source graphics editor Vulnerabilities: Out-of-bounds Read, Access of Uninitialized Pointer, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities...
Delta Electronics CNCSoft
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow arbitrary code execution or information...
Eaton Intelligent Power Protector
1. EXECUTIVE SUMMARY CVSS v3 5.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Eaton Equipment: Intelligent Power Protector IPP Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code...
A week in security (April 18 – 24)
Last week on Malwarebytes Labs: Why you shouldn’t automate your VirusTotal uploads North Korean Lazarus APT group targets blockchain tech companies Watch out for Ukraine donation scammers in Twitter replies Beware tragic “my daughter died…” Facebook posts offering free PS5s US warns of APT groups...
Five Eyes Nations Warn of Russian Cyber Attacks Against Critical Infrastructure
The Five Eyes nations have released a joint cybersecurity advisory warning of increased malicious attacks from Russian state-sponsored actors and criminal groups targeting critical infrastructure organizations amidst the ongoing military siege on Ukraine. "Evolving intelligence indicates that the...
Delta Electronics ASDA-Soft
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: ASDA-Soft Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow arbitrary code execution. 3. TECHNICAL DETAILS...
US warns of APT groups that can “gain full system access” to some industrial control systems
An "exceptionally rare and dangerous" advanced persistent threat APT malware kit, containing custom-made tools designed to target some of North America’s industrial control systems ICS and supervisory control and data acquisition SCADA devices, appears to have been caught before it could be let...
CVE-2022-27451
creationtimestamp| type| source ---|---|--- 2022-04-17 00:02:19+00:00| seen| https://t.me/cibsecurity/40755 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...
CVE-2022-27449
creationtimestamp| type| source ---|---|--- 2022-04-14 16:19:16+00:00| seen| https://t.me/cibsecurity/40771 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...
CVE-2022-27458
creationtimestamp| type| source ---|---|--- 2022-04-14 16:19:08+00:00| seen| https://t.me/cibsecurity/40764 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...
Industrial Control System Malware Discovered
The Department of Energy, CISA, the FBI, and the NSA jointly issued an advisory describing a sophisticated piece of malware called Pipedream thats designed to attack a wide range of industrial control systems. This is clearly from a government, but no attribution is given. Theres also no indicati...
CVE-2022-27376
creationtimestamp| type| source ---|---|--- 2022-04-13 00:17:15+00:00| seen| https://t.me/cibsecurity/40690 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...
Siemens SICAM A8000
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM A8000 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access files...