Lucene search
K

101 matches found

ICS
ICS
added 2024/02/06 7:0 a.m.67 views

HID Global Reader Configuration Cards

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Low attack complexity Vendor : HID Global Equipment : Reader Configuration Cards Vulnerability : Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read the credential and device...

5.3CVSS5.4AI score0.00253EPSS
Exploits0References8
ICS
ICS
added 2023/10/31 6:0 a.m.45 views

INEA ME RTU

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : INEA Equipment : ME RTU Vulnerabilities : OS Command Injection, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code execution...

9.9CVSS10AI score0.01698EPSS
Exploits0References8
ICS
ICS
added 2023/06/27 12:0 a.m.6 views

Hitachi Energy GMS600

SUMMARY Hitachi Energy is aware of the vulnerability, CVE-2022-4304 in the OSS component OpenSSL, that affects the GMS600 versions that are listed below. An attacker successfully exploiting this vulnerability could send trial messages to the server and record the time taken to process them...

5.9CVSS6.1AI score0.16195EPSS
Exploits0References9
ICS
ICS
added 2022/11/17 12:0 a.m.22 views

Red Lion Crimson

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Red Lion Controls Equipment: Crimson Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain user credential hashes. 3...

7.5CVSS6.6AI score0.00609EPSS
Exploits0References5
ICS
ICS
added 2022/07/21 12:0 a.m.63 views

Johnson Controls Metasys ADS, ADX, OAS

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc Equipment: Metasys ADS, ADX, OAS with MUI Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...

5.3CVSS5.7AI score0.00582EPSS
Exploits0References5
ICS
ICS
added 2022/05/26 12:0 a.m.52 views

Keysight N6854A Geolocation server and N6841A RF Sensor software

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Keysight Technologies, Inc. Equipment: N6854A Geolocation server and N6841A RF Sensor software Vulnerabilities: Relative Path Traversal, Deserialization of Untrusted Data 2. RISK EVALUATION Successful...

10CVSS9.7AI score0.15968EPSS
Exploits0References5
ICS
ICS
added 2022/05/10 12:0 a.m.30 views

Eaton Intelligent Power Manager

1. EXECUTIVE SUMMARY CVSS v3 5.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Eaton Equipment: Intelligent Power Manager IPM v1 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code...

5.2CVSS7.5AI score0.08439EPSS
Exploits0References5
ICS
ICS
added 2021/12/16 12:0 a.m.59 views

Xylem AquaView

1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Low attack complexity Vendor: Xylem, Inc. Equipment: AquaView Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated local attacker to create users, delete users,...

9.3CVSS8.9AI score0.00211EPSS
Exploits0References4
ICS
ICS
added 2021/11/30 12:0 a.m.47 views

Johnson Controls CEM Systems AC2000

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Controlled Electronic Management Systems, Ltd., a subsidiary of Johnson Controls, Inc. Equipment: CEM Systems AC2000 Vulnerability: Off-by-one Error 2. RISK EVALUATION Successful exploitation of this vulnerability could...

7.8CVSS8.1AI score0.99295EPSS
Exploits81References5
ICS
ICS
added 2021/08/31 12:0 p.m.51 views

Sensormatic Electronics KT-1

1. EXECUTIVE SUMMARY Vendor: Sensormatic Electronics, LLC., a subsidiary of Johnson Controls, Inc. Equipment: KT-1 Vulnerability: Use of Unmaintained Third-party Components 2. RISK EVALUATION The affected product uses an unsupported version of Microsoft Windows CE. This version may not receive...

7.3AI score
Exploits0References27
ICS
ICS
added 2021/06/08 12:0 a.m.37 views

Johnson Controls Metasys

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: Metasys Servers, Engines, and Tools Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could give an authenticated...

8.8CVSS9.1AI score0.01245EPSS
Exploits0References5
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/06/01 4:0 p.m.193 views

Understanding the threat landscape and risks of OT environments

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Chris Sistrunk, Technical Manager in...

0.5AI score
Exploits0
ICS
ICS
added 2021/04/13 12:0 a.m.63 views

Siemens Nucleus DNS (Update A)

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Nucleus Vulnerability: Use of Insufficiently Random Values 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-103-14 Siemens Nucleus...

5.3CVSS5.5AI score0.00751EPSS
Exploits0References11
ICS
ICS
added 2021/03/23 12:0 a.m.155 views

GE MU320E

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: MU320E Vulnerabilities: Use of Hard-coded Password, Execution with Unnecessary Privileges, Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of these...

7.8CVSS8.8AI score0.00263EPSS
Exploits0References5
ICS
ICS
added 2021/03/09 12:0 a.m.83 views

Siemens LOGO! 8 BM

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

5.5CVSS5.8AI score0.00266EPSS
Exploits0References10
ICS
ICS
added 2021/01/21 12:0 a.m.60 views

Honeywell OPC UA Tunneller

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Matrikon, a subsidiary of Honeywell Equipment: OPC UA Tunneller Vulnerabilities: Heap-based Buffer Overflow, Out-of-bounds Read, Improper Check for Unusual or Exceptional Conditions, Uncontrolled...

9.8CVSS9.1AI score0.02411EPSS
Exploits0References5
ICS
ICS
added 2021/01/19 12:0 a.m.82 views

Reolink P2P Cameras

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Reolink Equipment: P2P protocol Vulnerabilities: Use of Hard-coded Cryptographic Key, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these...

7.8CVSS8.1AI score0.00986EPSS
Exploits0References5
Gitee
Gitee
added 2020/11/09 4:57 p.m.4 views

icsmaster

This repository is an offensive tool for ICS Industrial Control Systems security research. It contains a collection of resources, including papers, exploits, firmware, Nmap scripts, and tools, related to ICS security. The repository is organized into several sections, including a directory of...

6.9AI score
Exploits0
ICS
ICS
added 2020/10/13 12:0 a.m.68 views

Fieldcomm Group HART-IP and hipserver

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Fieldcomm Group Equipment: HARP-IP Developer kit, hipserver Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being...

10CVSS10AI score0.01375EPSS
Exploits0References5
ICS
ICS
added 2020/09/10 12:0 a.m.59 views

AVEVA Enterprise Data Management Web

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: AVEVA Equipment: Enterprise Data Management Web Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL...

9.8CVSS9.9AI score0.02912EPSS
Exploits3References5
Rows per page
Query Builder