Lucene search
K

157 matches found

Vulnrichment
Vulnrichment
added 2026/03/06 3:5 p.m.4 views

CVE-2026-2754

Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...

7.5CVSS5.9AI score0.00505EPSS
Exploits0References2
Akamai Blog
Akamai Blog
added 2026/02/23 3:0 p.m.6 views

When Uptime Is Non-Negotiable: Rethinking Zero Trust for OT Environments

...

5.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.10 views

PT-2026-7972

Name of the Vulnerable Software and Affected Versions SIMATIC CN 4100 versions prior to V5.0 Description The application does not properly restrict unauthenticated connections, making it susceptible to resource exhaustion. This condition allows an attacker to disrupt normal operations or perform...

9.1CVSS7.3AI score0.003EPSS
Exploits0References6
CISA
CISA
added 2026/02/10 12:0 p.m.31 views

Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps

The purpose of this Alert is to amplify Poland’s Computer Emergency Response Team CERT Polska’s Energy Sector Incident Report published on Jan. 30, 2026, and highlight key mitigations for Energy Sector stakeholders. In December 2025, a malicious cyber actors targeted and compromised operational...

5.7AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.5 views

Siemens SCALANCE and RUGGEDCOM Improper Input Validation (CVE-2025-38086)

"In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised access during miinwayrestart In miinwayrestart the code attempts to call mii-mdioread which is ch9200mdioread. ch9200mdioread utilises a local buffer called buff, which is initialised with...

5.5CVSS6.5AI score0.00154EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/01/30 12:0 a.m.3 views

CERT.pl Energy Sector Incident 29 December

This is the official report from CERT.pl on the coordinated attacks against Poland's energy sector. These events affected both information systems IT and physical industrial equipment OT, which is rarely observed in attacks reported publicly to date...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/29 11:55 a.m.6 views

Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps

A study by OMICRON has revealed widespread cybersecurity gaps in the operational technology OT networks of substations, power plants, and control centers worldwide. Drawing on data from more than 100 installations, the analysis highlights recurring technical, organizational, and functional issues...

7.8CVSS6.1AI score0.74497EPSS
Exploits7
The Hacker News
The Hacker News
added 2026/01/28 4:6 p.m.7 views

Russia-Aligned ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid

The "coordinated" cyber attack targeting multiple sites across the Polish power grid has been attributed with medium confidence to a Russian state-sponsored hacking crew known as ELECTRUM. Operational technology OT cybersecurity company Dragos, in a new intelligence brief published Tuesday,...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/22 12:0 a.m.4 views

CISA: Principles for the Secure Integration of Artificial Intelligence in Operational Technology V2

Artificial intelligence AI has the potential to increase efficiency and productivity, enhance decision-making, cut costs and improve customer experience, but introducing AI in operational technology OT environments can introduce risks that require careful management to support the safety, securit...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/12/26 12:0 a.m.5 views

PT-2025-53450

Name of the Vulnerable Software and Affected Versions Nozomi Networks affected versions not specified Description Inadequate validation of incoming XML format request messages can allow for cross-site scripting XSS attacks on a user's browser. The vulnerability affects Industrial Control Systems...

5.8CVSS5.8AI score0.00181EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/26 12:0 a.m.5 views

PT-2025-53445

Name of the Vulnerable Software and Affected Versions Nozomi Networks affected versions not specified Description Inadequate permission management exists for the camera guest account. The issue affects Industrial Control Systems ICS and OT/IoT security. The manufacturer has released a patch...

6.3CVSS6.6AI score0.00212EPSS
Exploits0References5
CISA
CISA
added 2025/12/11 12:0 p.m.8 views

Cybersecurity Performance Goals 2.0 for Critical Infrastructure

Today, CISA released updated Cross-Sector Cybersecurity Performance Goals CPG 2.0 with measurable actions for critical infrastructure owners and operators to achieve a foundational level of cybersecurity. This update incorporates lessons learned, aligns with the most recent National Institute of...

6.7AI score
Exploits0References3
CISA
CISA
added 2025/12/09 12:0 p.m.7 views

Opportunistic Pro-Russia Hacktivists Attack US and Global Critical Infrastructure

CISA, in partnership with Federal Bureau of Investigation, the National Security Agency, Department of Energy, Environmental Protection Agency, the Department of Defense Cyber Crime Center, and other international partners published a joint cybersecurity advisory, Pro-Russia Hacktivists Create...

7AI score
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/12/04 12:0 a.m.4 views

CISA: Principles for the Secure Integration of Artificial Intelligence in Operational Technology

Artificial intelligence AI has the potential to increase efficiency and productivity, enhance decision-making, cut costs and improve customer experience, but introducing AI in operational technology OT environments can introduce risks that require careful management to support the safety, securit...

6.9AI score
Exploits0
CISA
CISA
added 2025/12/03 12:0 p.m.8 views

CISA, Australia, and Partners Author Joint Guidance on Securely Integrating Artificial Intelligence in Operational Technology

CISA and the Australian Signals Directorate’s Australian Cyber Security Centre, in collaboration with federal and international partners, have released new cybersecurity guidance: Principles for the Secure Integration of Artificial Intelligence in Operational Technology. This guidance aims to hel...

6.8AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.2 views

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-40931)

mptcp: ensure snduna is properly initialized on connect. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504689; scriptversion"1.3";...

5.5CVSS6.8AI score0.00253EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.2 views

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-42105)

nilfs2: use-after-free. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504674; scriptversion"1.3";...

7.8CVSS6.7AI score0.0026EPSS
Exploits0References4
CNVD
CNVD
added 2025/11/14 12:0 a.m.3 views

Unspecified Vulnerability in Rockwell Automation Verve Asset Manager

Rockwell Automation Verve Asset Manager is a vendor-neutral OT endpoint management platform from Rockwell Automation USA. A security vulnerability exists in Rockwell Automation Verve Asset Manager that can be exploited by an attacker to read, update, and delete users via the API...

8.4CVSS5.9AI score0.00315EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.3 views

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2019-16056)

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To header...

7.5CVSS6.8AI score0.05366EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2025/10/31 12:0 a.m.8 views

Mind the Gap: Missing Cyber Threat Coverage in NIDS Datasets for the Energy Sector

Network Intrusion Detection Systems NIDS developed using publicly available datasets predominantly focus on enterprise environments, raising concerns about their effectiveness for converged Information Technology IT and Operational Technology OT in energy infrastructures. This study evaluates the...

6.9AI score
Exploits0
Rows per page
Query Builder