Siemens SPC Controller Series Denial-of-Service Vulnerability

OVERVIEW Davide Peruzzi of GoSecure! has identified a denial-of-service DoS vulnerability in the Siemens SPC Controllers. Siemens has produced an update that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following SPC Controllers are affected:...

Vulnerability of microprogrammed software in Micrologix 1100 and 1400 programmable logic controllers, allowing a intruder to cause malfunctions during maintenance

The vulnerability of the microprogrammed logic controllers Micrologix 1100 and 1400 is caused by buffer overflow. Exploiting this vulnerability can allow a malicious actor to cause a service failure through a specially crafted HTTP request...

Vulnerability of microprogrammed software for Micrologix 1100 and 1400 programmable logic controllers, allowing a intruder to execute arbitrary code

The vulnerability of the microprogrammed logic controllers Micrologix 1100 and 1400 is caused by buffer overflow on the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability

Document Title: =============== NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1600 Release Date: ============= 2015-09-24 Vulnerability Laboratory ID VL-ID: ====================================...

Design Flaws Make Drones Vulnerable to Cyber-Attacks

In the past, The Hacker News THN reported about various activities surrounding Drones. Whether it was the development of the first backdoor for drones MalDrone, or Weaponized drones getting legal, or Drones hacking smartphones. And now the reports depict... Security Researcher has showcased a...

Hardcoded credentials

EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x before 2.0.5.21, as used in Accutrol, Bar-Tech Automation, Infocon/EasyIO, Honeywell Automation India, Johnson Controls, SyxthSENSE, Transformative Wave Technologies, Tridium Asia Pacific, and Tridium Europe products, have a...

Multiple Huawei WLAN AC Products Information Disclosure Vulnerability

Huawei WLAN AC6005 and others are wireless access controller products from Huawei China. An information disclosure vulnerability exists in the mDNS module module of multiple Huawei WLAN AC products. An attacker can exploit the vulnerability to disclose sensitive information...

Multiple Chiyu products fingerprint access-control devices are vulnerable.

Chiyu BF-630 and BF-630W are both networked fingerprint access controllers from Chiyu. A security vulnerability exists in the Chiyu BF-630 and BF-630W fingerprint access-control devices. A remote attacker can use this vulnerability to bypass authentication by sending a request to the voice.htm pa...

Cisco Application Policy Infrastructure Controllers and Nexus 9000 Series ACI Mode Switches Unauthorized Access Vulnerability

Cisco Application Policy Infrastructure is a controller that automates the management of application-centric infrastructures.Cisco Nexus 9000 Series ACI Mode Switches The Cisco Nexus 9000 Series ACI Mode Switches are 9000 series switches for application-centric infrastructure ACI. An unauthorized...

Citrix NetScaler ADC and NetScaler Gateway Remote Arbitrary Shell Command Execution Vulnerability

Citrix NetScaler ADCs are application delivery controllers that optimize enterprise service delivery.Citrix Access Gateway is a general purpose SSL VPN appliance. A security vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway that allows authenticated users to send specially crafte...

fineCMS免费版注入再来一弹

简要描述： 抢先呵呵!!! 详细说明： 问题文件： /controllers/member/InfoController.php public function favoriteAction $favorite = $this-model'favorite'; if $this-isPostForm $ids = ''; foreach $this-post'ids' as $i $ids.= ','.int$i; $ids = trim$ids, ','; if empty$ids $this-memberMsglang'm-inf-11'; $ids = @implode',',...

Cisco Wireless LAN Controller Web Administration Interface Authenticated Remote Denial of Service Vulnerability

A vulnerability in the web administration interface of Cisco Wireless LAN Controllers WLC could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of certain parameters submitted as part of form...

CVE-2015-0984

Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows...

CVE-2015-0984

CVE-2015-0984 affects Honeywell XL Web Controller (multiple XL1000C/X LXL lines) where the FTP server flaw enables directory traversal to read web-root files, potentially granting administrative login access. The ICS-CERT advisory ICSA-15-076-02 confirms remote exploitation via path traversal and...

CVE-2015-0984

Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows...

Multiple Siemens SPC Controller Product Denial of Service Vulnerabilities

Siemens SPC controllers are Siemens controller devices. A security vulnerability in the Siemens SPC controllers SPC4000, SPC5000, and SPC6000 allows attackers to exploit the vulnerability to submit messages for denial of service attacks...

Code injection

Siemens SPC controllers SPC4000, SPC5000, and SPC6000 before 3.6.0 allow remote attackers to cause a denial of service device restart via crafted packets...

CVE-2014-9369

Siemens SPC controllers SPC4000, SPC5000, and SPC6000 before 3.6.0 allow remote attackers to cause a denial of service device restart via crafted packets...

CVE-2014-9369

CVE-2014-9369 – Affected products and impact : Siemens SPC Controllers SPC4000, SPC5000, and SPC6000 (all versions before 3.6.0) can be forced into a denial-of-service state by specially crafted packets sent to the web interface, causing the device to restart. The vulnerability is categorized as ...

CVE-2014-9369

Siemens SPC controllers SPC4000, SPC5000, and SPC6000 before 3.6.0 allow remote attackers to cause a denial of service device restart via crafted packets...