190 matches found
How Groove Gang is Shaking up the RAAS to Empower Affiliates
ARCHIVED STORY How Groove Gang is Shaking up the Ransomware-as-a-Service Market to Empower Affiliates By Max Kersten, John Fokker and Thibault Seret Β· September 08, 2021 Co-authored with Intel471 and McAfee Enterprise Advanced Threat Research ATR would also like to thank Coveware for its...
ECOA Building Automation System Path Traversal Arbitrary File Upload
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
The vulnerability of the Moxa MXView network control software is related to incorrect default access permissions settings, which allow a violator to execute arbitrary commands with privileges of a system user.
The vulnerability of the Moxa MXView network control software is related to incorrect default access rights settings. Exploiting this vulnerability allows a perpetrator to execute arbitrary commands with privileges of a system user...
Johnson Controls MS-NCE2566-0 Metasys NCE Controller
Binary data 764889.prm...
Johnson Controls MS-NCE2526-0 Metasys NCE Controller
Binary data 764891.prm...
Johnson Controls MS-NCE2560-0 Metasys NCE Controller
Binary data 764890.prm...
CVE-2018-0482 Cisco Prime Network Control System Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient...
CVE-2019-5892
bgpd in FRRouting FRR aka Free Range Routing 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 not affecting Cumulus Linux or VyOS, when ENABLEBGPVNC is used for Virtual Network Control, allows remote attackers to cause a denial of service peering session flap via...
CVE-2018-0482
Cisco Prime Network Control System (NCS) web-based management interface contains a stored XSS vulnerability due to insufficient validation of user-supplied input. An authenticated, remote attacker could lure a user into clicking a malicious link, causing arbitrary script execution in the web inte...
CVE-2018-0482
A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient...
CVE-2018-0482
A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient...
Cisco Prime Network Control System Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient...
Siemens OpenSSL Vulnerabilities (Update G)
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-14-198-03F Siemens OpenSSL Vulnerabilities that was published October 16, 2014, on the NCCIC/ICS-CERT web site. --------- Begin Update G Part 1 of 3 -------- Siemens has identified four vulnerabilities in its OpenSS...
Multiple Yokogawa Product Security Bypass Vulnerabilities
Yokogawa FCJ and others are Yokogawa's controllers for network control systems. A security bypass vulnerability exists in multiple Yokogawa products. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service in the context of an affected device...
SUSE SLES12 Security Update : quagga (SUSE-SU-2018:0456-1)
This update for quagga fixes the security following issues : - The Quagga BGP daemon contained a bug in the ASPATH size calculation that could have been exploited to facilitate a remote denial-of-service attack via specially crafted BGP UPDATE messages. CVE-2017-16227, bsc1065641 - The Quagga BGP...
FreeBSD : FreeBSD -- heimdal KDC-REP service name validation vulnerability (420243e9-a840-11e7-b5af-a4badb2f4699)
There is a programming error in the Heimdal implementation that used an unauthenticated, plain-text version of the KDC-REP service name found in a ticket. Impact : An attacker who has control of the network between a client and the service it talks to will be able to impersonate the service,...
[SECURITY] Fedora 26 Update: network-manager-applet-1.8.2-1.fc26
This package contains a network control and status notification area applet for use with NetworkManager...
Wireshark NCP Parser Denial of Service Vulnerability (CNVD-2016-09585)
Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A denial of service vulnerability exists in the packet-ncp2222.inc file in the NCP parse...
State-Sponsored SCADA Malware targeting European Energy Companies
Security researchers have discovered a new campaign targeting energy companies in Western Europe with a sophisticated malware that almost goes to great lengths in order to remain undetected while targeting energy companies. Researchers from SentinelOne Labs discovered the malware, which has alrea...
The plant controller has a remote vulnerability and no patch-vulnerability warning-the black bar safety net
Power station use of an industrial control system has not patched the vulnerability, an attacker can remotely exploit it to gain network control. Remedy method? Turning off the function or replace the equipment. Power station use of an industrial control system has not patched the vulnerability, ...