Siemens RWG Universal Controllers

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION : Low attack complexity Vendor : Siemens Equipment : RWG Universal Controllers Vulnerability : Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a...

isf

This is an Industrial Exploitation Framework ISF repository, a Python-based framework for exploitation and testing of industrial control systems ICS. The framework is similar to Metasploit and is designed to be used for penetration testing and vulnerability assessment of ICS devices. The reposito...

How to Mitigate Microsoft Print Spooler Vulnerability – PrintNightmare

This week, PrintNightmare - Microsoft's Print Spooler vulnerability CVE-2021-34527 was upgraded from a 'Low' criticality to a 'Critical' criticality. This is due to a Proof of Concept published on GitHub, which attackers could potentially leverage for gaining access to Domain Controllers. As we...

Exploit for CVE-2020-1472

PoC exploit for CVE-2020-1472, a vulnerability in the Windows Netlogon service that allows authentication bypass. The exploit uses the Impacket library to test the vulnerability and attempt to perform a Netlogon authentication bypass. It targets the Netlogon service on a domain controller and sen...

CISA Offers New Mitigation for PrintNightmare Bug

The U.S. government has stepped in to offer a mitigation for a critical remote code execution RCE vulnerability in the Windows Print Spooler service that may not have been fully patched by Microsoft’s initial effort to fix it. To mitigate the bug, dubbed PrintNightmare, the CERT Coordination Cent...

Bachmann Electronic All M-Base Controllers 加密问题漏洞

Bachmann Electronic All M-Base Controllers is a controller system from Bachmann, Germany, used to control networks. A cryptographic issue vulnerability exists in Bachmann Electronic All M-Base Controllers that stems from not properly using the relevant cryptographic algorithms, resulting in...

Mitsubishi Electric Air Conditioning Systems

1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: Multiple Air Conditioning Systems Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability may...

All Bachmann M1 System Processor Modules

1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Bachmann Electronic, GmbH Equipment: All M-Base Controllers Vulnerability: Use of Password Hash with Insufficient Computational Effort 2. REPOSTED INFORMATION This updated advisory is a follow-up to the...

Exploit for CVE-2021-1675

From Lares Labs: Detection & Remedia...

PrintNightmare, Critical Windows Print Spooler Vulnerability

Updated July 2, 2021 For new information and mitigations, see Microsoft's updated guidance for the Print spooler vulnerability CVE-2021-34527. Updated July 1, 2021 See Microsoft's new guidance for the Print spooler vulnerability CVE-2021-34527 and apply the necessary workarounds. Original post Ju...

Authentication flaw

Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a denial of...

CVE-2021-33541 Phoenix Contact: ILC1x Industrial controllers affected by Denial-of-Service vulnerability

Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a denial of...

Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 安全漏洞

The Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 are industrial control devices from Phoenix Contact, Germany. The protocol configuration for device management and communication does not include authentication measures. Phoenix Contact Classic Line Controllers versions ILC1x0 and...

[SECURITY] Fedora 34 Update: mosquitto-2.0.11-1.fc34

Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...

The vulnerability of Windows operating system filter controllers allows attackers to increase their privileges.

The vulnerability of filter administrators in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

Gallagher Command Centre Server 处理逻辑错误漏洞

Gallagher Command Center Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings. A Processing Logic Error vulnerability exists in Gallagher Command Centre Server that stems from incorrect coding or escaping in Gallagher Command Centre Server...

CVE-2020-12291

Uncontrolled resource consumption in some IntelR ThunderboltTM controllers may allow an authenticated user to potentially enable denial of service via local access...

CVE-2020-12289

Out-of-bounds write in some IntelR ThunderboltTM controllers may allow an authenticated user to potentially enable denial of service via local access...

CVE-2020-12290

Improper access control in some IntelR ThunderboltTM controllers may allow an authenticated user to potentially enable denial of service via local access...

CVE-2020-12296

Uncontrolled resource consumption in some IntelR ThunderboltTM controllers may allow an authenticated user to potentially enable denial of service via local access...