Lucene search
K

157 matches found

Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.3 views

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-41004)

tracing: Build event generation tests only as modules The kprobes and synth event generation test modules add events and lock get a reference those event file reference in module init function, and unlock and delete it in module exit function. This is because those are designed for playing as...

5.5CVSS6.6AI score0.00283EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2025/10/22 12:0 a.m.3 views

Everyone Needs AIR: An Agnostic Incident Reporting Framework for Cybersecurity in Operational Technology

Operational technology OT networks are increasingly coupled with information technology IT, expanding the attack surface and complicating incident response. Although OT standards emphasise incident reporting and evidence preservation, they do not specify what data to capture during an incident,...

6.6AI score
Exploits0
CNNVD
CNNVD
added 2025/10/07 12:0 a.m.5 views

Nozomi Networks Guardian和Nozomi Networks CMC 路径遍历漏洞

Nozomi Networks Guardian and Nozomi Networks CMC are both products of Nozomi Networks, U.S.A. Nozomi Networks Guardian is an IoT device and software inspection system.Nozomi Networks CMC is a software application. It provides centralized OT and IoT security management. Nozomi Networks Guardian an...

8.1CVSS6.7AI score0.00379EPSS
Exploits0References1
HackRead
HackRead
added 2025/10/03 4:8 p.m.3 views

Global Exposure of 180,000 ICS/OT Devices Raises Safety Concerns

Bitsight warns ICS/OT exposure jumped 12% in 2024, leaving 180,000+ critical infrastructure systems open to attack. Learn about the possible vulnerabilities and new malware strains...

7.1AI score
Exploits0
CISA
CISA
added 2025/09/29 12:0 p.m.7 views

CISA and UK NCSC Release Joint Guidance for Securing OT Systems

CISA, in collaboration with the Federal Bureau of Investigation, the United Kingdom’s National Cyber Security Centre, and other international partners has released new joint cybersecurity guidance: Creating and Maintaining a Definitive View of Your Operational Technology OT Architecture. Building...

6.9AI score
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/09/05 12:0 a.m.5 views

From Protest to Power Plant: Interpreting the Role of Escalatory Hacktivism in Cyber Conflict

Since 2022, hacktivist groups have escalated their tactics, expanding from distributed denial-of-service attacks and document leaks to include targeting operational technology OT. By 2024, attacks on the OT of critical national infrastructure CNI had been linked to partisan hacktivist efforts in...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.3 views

PT-2025-34748

Name of the Vulnerable Software and Affected Versions: Delta Electronics COMMGR affected versions not specified Description: Delta Electronics COMMGR is susceptible to a stack-based buffer overflow. This issue poses a remote code execution RCE risk on Operational Technology OT systems. The...

8.6CVSS7.8AI score0.00376EPSS
Exploits0References10
CISA
CISA
added 2025/08/13 12:0 p.m.3 views

CISA and Partners Release Asset Inventory Guidance for Operational Technology Owners and Operators

CISA, along with the National Security Agency, the Federal Bureau of Investigation, Environmental Protection Agency, and several international partners, released comprehensive guidance to help operational technology OT owners and operators across all critical infrastructure sectors create and...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/08/11 3:8 p.m.13 views

Researchers Spot Surge in Erlang/OTP SSH RCE Exploits, 70% Target OT Firewalls

Malicious actors have been observed exploiting a now-patched critical security flaw impacting Erlang/Open Telecom Platform OTP SSH as early as beginning of May 2025, with about 70% of detections originating from firewalls protecting operational technology OT networks. The vulnerability in questio...

10CVSS8.3AI score0.97673EPSS
Exploits36
Rapid7 Blog
Rapid7 Blog
added 2025/08/06 6:6 p.m.4 views

An Earth-Shattering Kaboom: Bringing a Physical ICS Penetration Testing Environment to Life (Part 1)

Building the Bench This is the first in a three part series on building and using a testing bench for ICS systems. In this series we will build a physical test bench, review program logic to find flaws, perform manual exploitation of commonly used ICS protocols such as Modbus, then develop malwar...

6.5AI score
Exploits0
CISA
CISA
added 2025/06/30 12:0 p.m.3 views

CISA and Partners Urge Critical Infrastructure to Stay Vigilant in the Current Geopolitical Environment

Today, CISA, in collaboration with the Federal Bureau of Investigation FBI, the Department of Defense Cyber Crime Center DC3, and the National Security Agency NSA, released a Fact Sheet urging organizations to remain vigilant against potential targeted cyber operations by Iranian state-sponsored ...

7.7AI score
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/05/07 12:0 a.m.4 views

CISA: Primary Mitigations to Reduce Cyber Threats to Operational Technology

The Cybersecurity and Infrastructure Security Agency CISA, Federal Bureau of Investigation FBI, Environmental Protection Agency EPA, and Department of Energy DOE are aware of cyber incidents affecting the operational technology OT and industrial control systems ICS of critical infrastructure...

7AI score
Exploits0
CISA
CISA
added 2025/05/06 12:0 p.m.2 views

Unsophisticated Cyber Actor(s) Targeting Operational Technology

CISA is increasingly aware of unsophisticated cyber actors targeting ICS/SCADA systems within U.S. critical Infrastructure sectors Oil and Natural Gas, specifically in Energy and Transportation Systems. Although these activities often include basic and elementary intrusion techniques, the presenc...

7.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/05/05 12:0 a.m.5 views

Device Mode Transition Detected (High)

The state of the controller code changed, regardless of the state expected by the process. When not part of scheduled maintenance, forcing can be used to introduce hard-to-detect, long-lasting changes that are harmful to operations. This plugin only works with Tenable.ot. Please visit...

5.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/05/05 12:0 a.m.3 views

Device Status Modification Detected (High)

Changes in the controller state can stop operations altogether or start an operation that should not have been started. These operations can be used by an attacker to disrupt normal operation, cause production losses, or create safety concerns. This plugin only works with Tenable.ot. Please visit...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/17 12:0 a.m.4 views

CISA: Key Secure by Demand Elements for Operational Technology Fact Sheet

This fact sheet addresses key elements for operational technology OT owners and operators to consider when purchasing digital products that automate physical processes, e.g. programmable logic controllers PLCs, human-machine interfaces HMIs, and remote terminal units RTUs. CISA strongly advises...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/04/16 12:0 a.m.8 views

Firmware Version Change Detected (Low)

Changes in the controller firmware represent a major change in the behavior of the device and usually cause a temporary interruption of operations. An attacker could use firmware changes to add malicious code to the controller, causing it to perform harmful operations which are hard to detect. Th...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.11 views

Siemens SIMATIC S7-1500 TM MFP BIOS Out-of-bounds Write (CVE-2020-10029)

The GNU C Library aka glibc or libc6 before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to...

5.5CVSS6.9AI score0.00758EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.7 views

Siemens SIMATIC Devices Linux Kernel Missing Release of Memory after Effective Lifetime (CVE-2022-1012)

A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. This plugin only works with Tenable.ot. Please visit...

8.2CVSS6.5AI score0.02972EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2025/01/15 11:30 a.m.6 views

The High-Stakes Disconnect For ICS/OT Security

Why does ICS/OT need specific controls and its own cybersecurity budget today? Because treating ICS/OT security with an IT security playbook isn't just ineffective—it's high risk. In the rapidly evolving domain of cybersecurity, the specific challenges and needs for Industrial Control Systems ICS...

7.1AI score
Exploits0
Rows per page
Query Builder