The vulnerability of microprogrammed software in Schneider Electric’s Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 programmable logic controllers arises from an operation that escapes the buffer boundaries into memory, allowing a malicious actor to trigger a service failure.

The vulnerability of microprogrammed software in Schneider Electric’s Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 programmable logic controllers arises from the execution of an operation outside the buffer boundaries in memory. Exploiting this vulnerability can allow a...

[SECURITY] Fedora 27 Update: dolphin-emu-5.0-24.fc27

Dolphin is a Gamecube, Wii and Triforce the arcade machine based on the Gamecube emulator, which supports full HD video with several enhancements such as compatibility with all PC controllers, turbo speed, networked multiplaye r, and more. Most games run perfectly or with minor bugs...

Sql injection

phpkaiyuancms PhpOpenSourceCMS POSCMS V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajaxsavedraft function with the dir parameter...

Remote Control Vulnerability in HOLLYWOOD LE5109L PLCs

HOLLIS Group is a professional automation company integrating R&D, production, sales and technical service. A remote control vulnerability exists in the HELISE LE5109L PLC, which can be exploited by an attacker to cause the PLC to be remotely controlled by constructing specific private protocol...

[SECURITY] Fedora 28 Update: libcgroup-0.41-20.fc28

Control groups infrastructure. The library helps manipulate, control, administrate and monitor control groups and the associated controllers...

Medtronic MiniMed MMT-500/MMT-503 Remote Controllers (Update A)

1. EXECUTIVE SUMMARY CVSS v3 5.3 Vendor: Medtronic --------- Begin Update A Part 1 of 3 -------- Equipment: Medtronic MiniMed MMT-500 and MMT-503 Remote Controllers --------- End Update A Part 1 of 3 -------- Vulnerabilities: Cleartext Transmission of Sensitive Information, Authentication Bypass...

CVE-2017-9000

ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally is vulnerable to unauthenticated arbitrary file access. An...

CVE-2018-10592

Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could...

CVE-2018-10592

CVE-2018-10592 affects Yokogawa STARDOM controllers: FCJ (R4.02 and prior), FCN-100 (R4.02 and prior), FCN-RTU (R4.02 and prior), and FCN-500 (R4.02 and prior); updates show affected families also include R4.10 and prior. Root cause is use of hard-coded credentials that could allow an attacker to...

Podcast: The Industrial World is Facing a Security Crisis

As more industrial systems become connected, so follows increased awareness of security issues surrounding industrial control systems, programmable logic controllers and SCADA. These once rare worlds of operational technology OT and IoT have now become part of the mainstream cybersecurity...

Intel ME 6.x/7.x/8.x/9.x/10.x./11.x, SPS 4.0, and TXE 3.0 Cumulative Security Update - US

Lenovo Security Advisory: LEN-17297 Potential Impact: An attacker could load and execute arbitrary code outside the visibility of the user, operating system, and hypervisor/virtualization platform; resulting in exfiltration of secrets, subtle manipulation of system operation, or denial of service...

CVE-2018-10635

In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code and execute the code. This enables a remote attacker who has access to the ports to remotely execute code that may allow root access to be obtained...

CVE-2018-10635

The CVE-2018-10635 vulnerability affects Universal Robots Robot Controllers CB 3.1 with software version 3.4.5-100, where TCP ports 30001/30002/30003 listen for URScript and can be remotely executed, potentially giving root access. The issue stems from executing arbitrary URScript received on tho...

CVE-2018-10633

Universal Robots Robot Controllers CB 3.1 with SW 3.4.5-100 are affected by CVE-2018-10633 due to hard-coded credentials (CWE-798), which could permit an attacker to reset the controller password. Affected product: CB 3.1, SW 3.4.5-100. Root cause: use of hard-coded credentials. Impact: remote at...

CVE-2018-10633

Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that may allow an attacker to reset passwords for the controller...

Universal Robots Robot Controllers Hard-Coded Certificate Vulnerability

Universal Robots Robot Controllers is a collaborative robot controller product from Universal Robots, Denmark. A security vulnerability exists in Universal Robots Robot Controllers CB version 3.1 and SW version 3.4.5-100, which stems from the program's use of hard-coded credentials. An attacker...

Universal Robots Robot Controllers Remote Code Execution Vulnerability

Universal Robots Robot Controllers is a collaborative robot controller product from Universal Robots, Denmark. A security vulnerability exists in Universal Robots Robot Controllers CB version 3.1 and SW version 3.4.5-100, which originates from the use of TCP ports 3001 through 3003 for listening...

HID discoveryd - 'command_blink_on' Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HID discoveryd commandblinkon Unauthenticated RCE', 'Description' = %q This module exploits an unauthenticated remote command execution...

HID discoveryd command_blink_on Unauthenticated Remote Command Execution Exploit

This Metasploit module exploits an unauthenticated remote command execution vulnerability in the discoveryd service exposed by HID VertX and Edge door controllers. This Metasploit module was tested successfully on a HID Edge model EH400 with firmware version 2.3.1.603 Build 04/23/2012. This modul...

Error: "Your logon has expired. Please log on again to continue" When one XML broker does not work correctly, users are unable to see apps and desktops from other working XML brokers.

When one XML broker does not work correctly, users are unable to see apps and desktops from other working XML brokers if StoreFront . The following error is displayed. "Your logon has expired. Please log on again to continue." This problem happens if the store has been configured with multiple...