Lucene search
K

19 matches found

Packet Storm News
Packet Storm News
added 2025/09/14 12:0 a.m.3 views

Securing AI Agents: Implementing Role-Based Access Control for Industrial Applications

The emergence of Large Language Models LLMs has significantly advanced solutions across various domains, from political science to software development. However, these models are constrained by their training data, which is static and limited to information available up to a specific date...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/06/17 11:8 a.m.10 views

Where AI Provides Value

If you've worried that AI might take your job, deprive you of your livelihood, or maybe even replace your role in society, it probably feels good to see the latest AI tools fail spectacularly. If AI recommends glue as a pizza topping, then you're safe for another day. But the fact remains that AI...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/05/14 12:0 a.m.8 views

The vulnerability of the Java framework for securing industrial applications using Spring Security involves a flaw in the data protection mechanism, allowing attackers to compromise the integrity of the protected information.

The vulnerability of the Java framework for securing industrial applications using Spring Security is related to a flaw in the data protection mechanism. Exploiting this vulnerability allows an attacker, operating remotely, to compromise the integrity of the protected information...

5.3CVSS5.5AI score0.00402EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.10 views

The vulnerabilities of the String.toLowerCase() and String.toUpperCase() methods in the Java framework allow for security breaches in industrial applications, as they are exploited by attackers to bypass authentication processes.

The vulnerability of the String.toLowerCase and String.toUpperCase methods in the Java framework, which is used for securing industrial applications with Spring Security, is related to improper authentication. Exploiting this vulnerability can allow an attacker to bypass the authentication proces...

4.8CVSS6.5AI score0.00385EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/04/19 12:0 a.m.5 views

The vulnerability of the Java framework for securing industrial applications using Spring Security lies in the incomplete cleanup of temporary or auxiliary resources. This allows attackers to access confidential data or cause service failures.

The vulnerability of the Java framework for securing industrial applications using Spring Security is related to incomplete cleanup of temporary or auxiliary resources. Exploiting this vulnerability allows an attacker operating remotely to gain access to confidential data or cause service failure...

10CVSS6.5AI score0.00648EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/02/27 12:0 a.m.7 views

The vulnerability of the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method in the Java framework for securing industrial applications by Spring Security allows attackers to influence the integrity and confidentiality of protected information.

The vulnerability of the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method in the Java framework for securing industrial applications by Spring Security is related to deficiencies in access control when processing the null parameter. Exploiting this vulnerability could allow a...

7.4CVSS7.2AI score0.00682EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/01/30 12:0 a.m.5 views

The vulnerability of the Spring MVC design pattern used in the Spring Framework, a Java framework for securing industrial applications, and Spring Boot, a framework for creating web applications, allows attackers to induce service failures.

The vulnerability of the Spring MVC design pattern used in the Spring Framework, a Java framework for securing industrial applications, and Spring Boot, a framework for creating web applications, is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow an attack...

7.8CVSS7.2AI score0.01048EPSS
Exploits0References5Affected Software3
CNVD
CNVD
added 2023/10/11 12:0 a.m.20 views

Siemens SINEMA Server V14 Cross-Site Scripting Vulnerability

Siemens SINEMA Server is a software from Siemens, Germany, developed specifically for industrial applications. It enables you to fully visualize and monitor your network. A cross-site scripting vulnerability exists in Siemens SINEMA Server V14 due to an affected application incorrectly clearing...

9CVSS6.7AI score0.00594EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/07/08 12:0 a.m.7 views

The vulnerability of the RegexRequestMatcher component in the Spring Security Java framework allows attackers to escalate their privileges.

The vulnerability of the RegexRequestMatcher component in the Spring Security Java framework, which is used for securing industrial applications, is related to deficiencies in the authentication process. Exploiting this vulnerability can allow attackers to enhance their privileges remotely...

10CVSS6.8AI score0.10037EPSS
Exploits6References2Affected Software1
CNVD
CNVD
added 2022/06/22 12:0 a.m.17 views

Siemens SIMATIC WinCC OA Client Authentication Vulnerability

Siemens SIMATIC WinCC OA is a SCADA operating system from Siemens, Germany. It is used to control and monitor industrial applications. A security vulnerability exists in Siemens SIMATIC WinCC OA that stems from the application using only client-side authentication when both server-side...

9.8CVSS7.2AI score0.01166EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/09/14 12:0 a.m.28 views

SINEMA Server 访问控制错误漏洞

Siemens SINEMA Server is a software developed for industrial applications by Siemens, Germany. It enables you to fully visualize and monitor your network. Siemens SINEMA Server has a security vulnerability that could be exploited by an attacker to obtain encoded system configuration backup files...

5.3CVSS5.6AI score0.00804EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2021/07/06 12:0 a.m.5 views

The vulnerability of the Java framework for securing industrial applications using Spring Security, related to uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of the Java framework for securing industrial applications using Spring Security is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures by initiating authentication requests, thereby providing...

7.8CVSS6.8AI score0.06001EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2021/05/14 12:0 a.m.9 views

WAGO Cross-Site Scripting Vulnerability

WAGO is a 750-88x series programmable logic controller from WAGO, Germany. The device is designed specifically for applications in industrial environments where digital algorithms operate electronic systems. A cross-site scripting vulnerability exists in WAGO. The vulnerability stems from a lack ...

8.8CVSS6.2AI score0.00629EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/02/16 12:0 a.m.10 views

The vulnerability of the OAuth component in the Java framework for securing Spring-based industrial applications allows attackers to escalate their privileges and gain unauthorized access to protected information.

The vulnerability of the OAuth component in the Java framework for securing Spring-based industrial applications relates to the redirection of URLs to insecure websites. Exploiting this vulnerability allows an attacker to enhance their privileges and gain unauthorized access to protected...

6.5CVSS6.3AI score0.15621EPSS
Exploits4References3Affected Software9
BDU FSTEC
BDU FSTEC
added 2021/01/26 12:0 a.m.6 views

The vulnerability of the Spring Framework’s spring-security-saml2-service-provider component, which is used for securing industrial applications with Spring Security. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Spring Java framework component spring-security-saml2-service-provider related to Spring Security’s industrial application security features is linked to an improper verification of the cryptographic signature. Exploiting this vulnerability could allow a malicious actor t...

9CVSS7.7AI score0.01199EPSS
Exploits0References8Affected Software2
BDU FSTEC
BDU FSTEC
added 2020/11/17 12:0 a.m.4 views

The vulnerability of the Java framework for securing industrial applications using Spring Security, related to the use of insufficiently random values, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Java framework for securing industrial applications using Spring Security is related to the use of insufficiently random values. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

6.8CVSS6.6AI score0.01594EPSS
Exploits0References4Affected Software6
CNVD
CNVD
added 2020/07/01 12:0 a.m.5 views

Nozomi Networks OS Injection Vulnerability

Nozomi Networks OS is a real-time operating system for industrial applications from the Swiss company Nozomi Networks. A security vulnerability exists in Nozomi Networks OS versions prior to 19.0.4. The vulnerability can be exploited by an attacker to remotely access and take control of another...

8.5CVSS6.9AI score0.00902EPSS
Exploits1References1
ICS
ICS
added 2016/08/02 12:0 a.m.72 views

Siemens SINEMA Server Privilege Escalation Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-215-02 Siemens SINEMA Server Privilege Escalation Vulnerability that was published August 2, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 2 -------- Security researcher rgod working...

7.8CVSS0.9AI score0.00475EPSS
Exploits0References21
ICS
ICS
added 2014/01/18 7:0 a.m.37 views

Siemens SINEMA Vulnerabilities

OVERVIEW Siemens has identified vulnerabilities in SINEMA server. Siemens has produced a software update that mitigates these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED PRODUCTS The following Siemens product is affected: SINEMA server: all versions prior to V12 S...

9.3CVSS7.8AI score0.04243EPSS
Exploits3References10
Rows per page
Query Builder