CVE-2022-45090 SQL Injection in Smartpower Web

Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection. This issue affects Smartpower Web: before 23.01.01...

CVE-2022-45089

CVE-2022-45089 applies to Smartpower Web from Group Arge Energy and Control Systems, with versions prior to 23.01.01 vulnerable due to improper input validation that enables SQL Injection (high impact, network exposure). Mitigation: upgrade to 23.01.01 or later (per PT-2023-14597 and vendor advis...

CVE-2022-45089 SQL Injection in Smartpower Web

Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection. This issue affects Smartpower Web: before 23.01.01...

CVE-2022-45088 Local File Inclusion in Smartpower Web

Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion. This issue affects Smartpower Web: before 23.01.01...

CVE-2022-45088

CVE-2022-45088 corresponds to an Improper Input Validation vulnerability in Smartpower Web by Group Arge Energy and Control Systems. Affected: Smartpower Web prior to version 23.01.01. Root cause: inadequate input validation enabling PHP Local File Inclusion. Impact as stated: potential exposure ...

CVE-2022-45087

CVE-2022-45087 describes an XSS vulnerability in Group Arge Energy and Control Systems' Smartpower Web prior to version 23.01.01, caused by improper neutralization of user input during web page generation. Impact is limited to web-based UI exposure of stored/ reflected input with low confidential...

CVE-2022-45086 Cross-site Scripting in Smartpower Web

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting XSS. This issue affects Smartpower Web: before 23.01.01...

CVE-2022-45085 Server-Side Request Forgery in Smartpower Web

Server-Side Request Forgery SSRF vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery. This issue affects Smartpower Web: before 23.01.01...

CVE-2022-45085

CVE-2022-45085 is a Server-Side Request Forgery (SSRF) vulnerability affecting Smartpower Web from Grup Arge Energy and Control Systems, with affected versions prior to 23.01.01. The issue is documented across multiple sources (NVD, Red Hat, PRION, CNNVD, CVE listings) as SSRF in Smartpower Web, ...

How to Think Like a Hacker and Stay Ahead of Threats

To succeed as a cybersecurity analyst, you need to understand the traits, values, and thought processes of hackers, along with the tools they use to launch their attacks. During a webinar called The Hacker Mindset, a Red Team Researcher shared how you can use some of these tools for your own...

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems ICS advisory on February 7, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical...

Delta Electronics DVW-W02W2-E2

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Public exploit available/exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DVW-W02W2-E2 Vulnerabilities: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a threat actor with...

CISA Releases Eight Industrial Control Systems Advisories

CISA released eight Industrial Control Systems ICS advisories on January 26, 2023.These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...

Landis+Gyr E850

1. EXECUTIVE SUMMARY CVSS v3 3.9 ATTENTION: Low attack complexity Vendor: Landis+Gyr Equipment: E850 ZMQ200 Vulnerability: Reliance on Cookies without Validation and Integrity 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition for the end...

XINJE XD

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity/public exploits are available Vendor: XINJE Equipment: XINJE XD Programing Tool Vulnerabilities: Relative Path Traversal, Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA has published four Industrial Control Systems ICS advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that...

CISA Releases Four Industrial Control Systems Advisories

CISA released four Industrial Control Systems ICS advisories on January 17, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...

CISA Updates Best Practices for Mapping to MITRE ATT&CK®

Today, CISA updated Best Practices for MITRE ATT&CK® Mapping. The MITRE ATT&CK® framework is a lens through which network defenders can analyze adversary behavior and, as CISA Executive Assistant Director Eric Goldstein noted in his June 2021 blog post on the framework, it directly supports...

CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers

The U.S. Cybersecurity and Infrastructure Security Agency CISA has released several Industrial Control Systems ICS advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The most severe of the flaws relate to Sewio's RTLS Studio...

CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers

The U.S. Cybersecurity and Infrastructure Security Agency CISA has released several Industrial Control Systems ICS advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The most severe of the flaws relate to Sewio's RTLS Studio...