The vulnerability of video surveillance cameras for monitoring and surveillance systems, related to insufficient protection of operational data, allows intruders to gain unauthorized access to protected information.

The vulnerability of video surveillance cameras for monitoring and surveillance systems is related to insufficient protection of operational data. Exploiting this vulnerability can allow an unauthorized intruder to gain unauthorized access to protected information...

USN-7226-1: Cacti vulnerability

It was discovered that Cacti did not properly sanitize the 'pollerid' parameter in the "remoteagent.php" file. A remote attacker could possibly use this issue to achieve remote code execution...

Siemens Spectrum Power 7 Local Elevation of Privilege Vulnerability

Spectrum Power 7 provides the essential components of SCADA, communications and data modeling for control and monitoring systems. Application suites can be added to optimize network and generation management in all areas of energy management. A local elevation of privilege vulnerability exists in...

Solar monitoring systems exposed: Secure your devices

Researchers who go looking for devices exposed to the Internet report "tens of thousands" of solar photovoltaic PV monitoring and diagnostic systems can be found on the web. The systems are used for everything from system optimization to performance monitoring and troubleshooting. No fewer than...

Debian: Security Advisory (DLA-255-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of microprogramming software in the software-hardware environment for monitoring and security protection of IT infrastructure against physical threats, such as the implementation of NetBotz 4, allows a intruder to execute arbitrary code.

The vulnerability of microprogramming software in programming-and-software-based environments for monitoring and security protection of IT infrastructure arises due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability in the HTTP web interface of the software for high-voltage distribution device monitoring systems from Hitachi Modular Switchgear Monitoring (MSM) allows a perpetrator to execute arbitrary code.

The vulnerability of the HTTP web interface of the performance measurement software for Hitachi Modular Switchgear Monitoring systems is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of Bently Nevada 3701 monitoring and protection systems, related to the use of pre-installed credentials, allows a intruder to execute arbitrary commands.

The vulnerability of Bently Nevada 3701 monitoring and protection systems lies in the use of pre-installed credentials. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Siemens Spectrum Power 4 Cross-Site Scripting Vulnerability

Spectrum Power provides essential components for SCADA, communications and data modeling for control and monitoring systems. Siemens Spectrum Power 4 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to conduct an attack if an unsuspecting user is tricked into...

The vulnerability of the software for power monitoring systems such as Power Monitoring Expert, EcoStruxure Energy Expert, Power Manager, data collection systems, and industrial automation control systems like StruxureWare PowerSCADA Expert, related to access control deficiencies, allows attackers to exploit these vulnerabilities to gain increased privileges.

The vulnerabilities of the Power Monitoring Expert, EcoStruxure Energy Expert, Power Manager software, as well as systems for data collection and process control in industrial automation, such as StruxureWare PowerSCADA Expert, are related to lack of access control mechanisms. Exploiting these...

Want to stay ahead of emerging threats? Here’s how.

Are you working with good information? A key question security organizations might ask themselves with regard to emerging — or imminent — threats: Are the systems we have logging the correct information? They may need that information to hunt threats or to reconstruct what an attacker did while...

Industrial Gear at Risk from Fuji Code-Execution Bugs

Industrial control software ICS from Fuji Electric is vulnerable to several high-severity arbitrary code-execution security bugs, according to a federal warning. Authorities are warning the flaws could allow physical attacks on factory and critical-infrastructure equipment. Fuji Electric’s Tellus...

IoT security: how Microsoft protects Azure Datacenters

Azure Sphere first entered the IoT Security market in 2018 with a clear mission—to empower every organization on the planet to connect and create secure and trustworthy IoT devices. Security is the foundation for durable innovation and business resilience. Every industry investing in IoT must...

Debian DLA-2069-1 : cacti security update

It was discovered that there were a number of cross-site scripting vulnerabilities in cacti, a web interface for monitoring systems. For Debian 8 'Jessie', this issue has been fixed in cacti version 0.8.8b+dfsg-8+deb8u9. We recommend that you upgrade your cacti packages. NOTE: Tenable Network...

Debian Security Advisory DSA 3494-1 (cacti - security update)

Two SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems. Specially crafted input can be used by an attacker in parameters of the graphsnew.php script to execute arbitrary SQL commands on the database. OpenVAS Vulnerability Test $Id:...

Debian: Security Advisory (DSA-3494-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-3494-1 : cacti - security update

Two SQL injection vulnerabilities were discovered in cacti, a web interface for graphing of monitoring systems. Specially crafted input can be used by an attacker in parameters of the graphsnew.php script to execute arbitrary SQL commands on the database. %NASLMINLEVEL 70300 C Tenable Network...

Debian DLA-386-1 : cacti security update

It was discovered that there was another SQL injection vulnerability in cacti, a web interface for graphing monitoring systems. For Debian 6 Squeeze, this issue has been fixed in cacti version 0.8.7g-1+squeeze9+deb6u14. NOTE: Tenable Network Security has extracted the preceding description block...

DLA-374-3 cacti - regression update

Bulletin has no description...

DLA-374-2 cacti - regression update

Bulletin has no description...