The vulnerabilities of microprogrammed logic controllers such as Modicon M580, Modicon M340, Modicon MC80, Modicon Momentum Ethernet, Modicon Quantum, Modicon Premium, and the programming software for these controllers—EcoStruxure Control Expert and EcoStruxure Process Expert—allow a hacker to trigger malfunctions during maintenance operations.

The vulnerability of microprogrammed logic controllers such as Modicon M580, Modicon M340, Modicon MC80, Modicon Momentum Ethernet, Modicon Quantum, Modicon Premium, and the programming software for these controllers—EcoStruxure Control Expert and EcoStruxure Process Expert—is related to reading...

The vulnerability of microprogramming software for logic controllers used in building and facility management systems from Schneider Electric—such as spaceLYnk, Wiser for KNX (formerly homeLYnk), and FellerLYnk—is related to the lack of protective measures for the website structure. This allows attackers to execute arbitrary code.

The vulnerability of microprogramming software for logic controllers used in building and facility management by Schneider Electric, such as spaceLYnk and Wiser for KNX formerly homeLYnk and fellerLYnk, is related to the lack of measures taken to protect the website structure. Exploiting this...

msLDAPDump - LDAP Enumeration Tool

msLDAPDump simplifies LDAP enumeration in a domain environment by wrapping the lpap3 library from Python in an easy-to-use interface. Like most of my tools, this one works best on Windows. If using Unix, the tool will not resolve hostnames that are not accessible via eth0 currently. Binding...

CVE-2023-0971

A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered...

CVE-2023-0971

SiLabs Z/IP Gateway SDK 7.18.02 and earlier are affected by a logic error that allows authentication bypass, enabling remote administration of Z‑Wave controllers and recovery of S0/S2 encryption keys. The Red Hat/NVD/CVE entries corroborate this description, with no exploitation details provided ...

Researchers Expose New Severe Flaws in Wago and Schneider Electric OT Products

Three security vulnerabilities have been disclosed in operational technology OT products from Wago and Schneider Electric. The flaws, per Forescout, are part of a broader set of shortcomings collectively called OT:ICEFALL , which now comprises a total of 61 issues spanning 13 different vendors...

PT-2023-3435 · Wago · Wago

Name of the Vulnerable Software and Affected Versions: WAGO devices affected versions not specified Description: The issue is related to insufficient input validation in the software of WAGO programmable logic controllers, which may allow an authenticated remote attacker with high privileges to...

PT-2023-3455 · Wago · Wago 750

Name of the Vulnerable Software and Affected Versions: WAGO 750 versions affected versions not specified Description: The issue is related to insufficient input validation in the software of WAGO 750 programmable logic controllers. It may allow a remote attacker to cause a denial of service using...

The vulnerability of the microprogramming software for Rockwell Automation’s ArmorStart ST controllers, related to insufficient validation of input data, allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of the microprogramming software for Rockwell Automation’s ArmorStart ST distributed controllers is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting XSS attacks remotely...

The vulnerability of the microprogramming software for Rockwell Automation’s ArmorStart ST controllers, related to deficiencies in the validation of user-input data, allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of Rockwell Automation’s ArmorStart ST engine controllers is related to deficiencies in the validation of user input data. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting XSS attacks remotely...

State-Backed Hackers Employ Advanced Methods to Target Middle Eastern and African Governments

Governmental entities in the Middle East and Africa have been at the receiving end of sustained cyber-espionage attacks that leverage never-before-seen and rare credential theft and Exchange email exfiltration techniques. "The main goal of the attacks was to obtain highly confidential and sensiti...

State-Backed Hackers Employ Advanced Methods to Target Middle Eastern and African Governments

Governmental entities in the Middle East and Africa have been at the receiving end of sustained cyber-espionage attacks that leverage never-before-seen and rare credential theft and Exchange email exfiltration techniques. "The main goal of the attacks was to obtain highly confidential and sensiti...

The vulnerability of FTP servers of microprogrammed logic controllers MELSEC RJ71EIP91, SW1DNN-EIPCT-BD, FX5-ENET/IP, SW1DNN-EIPCTFX5-BD allows a intruder to gain unauthorized access to protected information.

The vulnerability of FTP servers of microprogrammed logic controllers such as MELSEC RJ71EIP91, SW1DNN-EIPCT-BD, FX5-ENET/IP, and SW1DNN-EIPCTFX5-BD lies in the insufficient protection of password input fields. Exploiting this vulnerability can allow attackers to gain unauthorized access to...

Vulnerability of microprogramming software in embedded network control controllers of building management systems like ASPECT Enterprise, NEXUS Series, and MATRIX Series, due to insufficient validation of input data, allows intruders to execute arbitrary codes.

The vulnerability of microprogrammed software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to insufficient verification of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CISA and NSA Release Joint Guidance on Hardening Baseboard Management Controllers (BMCs)

Today, CISA, together with the National Security Agency NSA, released a Cybersecurity Information Sheet CSI, highlighting threats to Baseboard Management Controller BMC implementations and detailing actions organizations can use to harden them. BMCs are trusted components designed into a computer...

CVE-2023-33557

Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php...

CVE-2023-33557

Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php...

Firewall Whitelisting for Delivery Controllers to add Azure as a Hosting Connection

Requesting a Firewall white-list for Delivery Controller with connecting to Azure Subscription as a hosting connection...

The vulnerability of the microprogramming software for Rockwell Automation’s ArmorStart ST controllers, related to deficiencies in the validation of user-input data, allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of the microprogramming software for Rockwell Automation’s ArmorStart ST distributed controllers is related to deficiencies in the validation of user-input data. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting XSS attacks remotely...

The vulnerability of the FTP server function of microprogrammed logic controllers MELSEC RJ71EIP91, SW1DNN-EIPCT-BD, FX5-ENET/IP, SW1DNN-EIPCTFX5-BD allows a intruder to gain unauthorized access to protected information.

The vulnerability of the FTP server functions of microprogrammed logic controllers such as MELSEC RJ71EIP91, SW1DNN-EIPCT-BD, FX5-ENET/IP, and SW1DNN-EIPCTFX5-BD is related to the use of fixed password encoding. Exploiting this vulnerability can allow an intruder to gain unauthorized access to...