Code injection

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel...

CVE-2018-10607

CVE-2018-10607 affects Martem TELEM-GW6 and GWM devices. The vulnerability allows creating new connections to one or more IOAs without properly closing them, causing a denial of service in the industrial process control channel. Affected firmware: 2018.04.18-linux_4-01-601cb47 and prior; remediat...

CVE-2018-10607

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service Vulnerability

Exploit for hardware platform in category dos / poc Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Service Control DoS Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6 build...

CVE-2018-5163

If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache JSBC for other JavaScript code. If the parent process then runs this replaced code, the...

Martem TELEM-GW6/GWM Denial of Service Vulnerability

Martem specializes in providing remote control systems for monitoring and controlling distribution networks, and its customers include distribution companies as well as industrial and transportation companies that own their own power grids. A denial of service vulnerability exists in the Martem...

Martem TELEM-GW6/GWM (Update B)

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Martem Equipment : TELEM-GW6/GWM --------- Begin Update B Part 1 of 5 -------- Vulnerabilities : Missing Authentication for Critical Function, Incorrect Default Permissions, Resource Exhaustion,...

Microsoft Windows 10: Take ownership of files or other objects

This policy setting determines which users can take ownership of any securable object in the device, including Active Directory objects, NTFS files and folders, printers, registry keys, services, processes, and threads. Every object has an owner, whether the object resides in an NTFS volume or...

CVE-2017-13261

In bnepprocesscontrolpacket of bneputils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1,...

SUSE-SU-2018:0866-1 Security update for coreutils

This update for coreutils fixes one issue. This security issue was fixed: - CVE-2017-2616: In su with PAM support it was possible for local users to send SIGKILL to selected other processes with root privileges bsc1023041...

Supervisor XML-RPC Authenticated Remote Code Execution Exploit

This Metasploit module exploits a vulnerability in the Supervisor process control software, where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending o...

Siemens SIMATIC WinCC/PCS 7/WinCCRuntime Professional has a Remote Code Execution Vulnerability

SIMATIC WinCC Windows Control Center, Siemens' process monitoring system, provides complete supervisory control and data acquisition SCADA functionality for industry; the PCS 7 system is a seamlessly integrated automation solution that can be used in all areas of industry. A remote code execution...

The vulnerability of the Simatic PCS 7 software allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability exists in the implementation of the Web Navigator interface in Siemens WinCC, due to the presence of a strictly encrypted user account. Exploiting this vulnerability allows malicious actors, operating remotely, to gain access to the system through a specially crafted request...

Siemens Firmware Updates Patch SIMATIC Vulnerabilities

Siemens has provided firmware updates addressing vulnerabilities in two popular products lines, the SIMATIC WinCC flexible, and the SIMATIC S7-300 CPU family. The SIMATIC S7-300 flaw is a denial-of-service issue that could be remotely exploited to cause the device to go into defect mode, an...

Red Hat SPICE is vulnerable

Red Hat SPICE is an adaptive telepresence open-source protocol used by Red Hat's Enterprise Virtualized Desktop Edition to connect users to their virtual desktops, providing the exact same end-user experience as a physical desktop. A security vulnerability exists in Red Hat SPICE. The vulnerabili...

Elipse E3 Process Control Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-069-04 Elipse E3 Process Control Vulnerability that was published March 10, 2015, on the NCCIC/ICS-CERT web site. Ivan Sanchez from Nullcode Team has identified a process control vulnerability in the Elipse E3...

ABB HART Device DTM Vulnerability

OVERVIEW Alexander Bolshev of Digital Security has identified an improper input vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library used in ABB’s HART Device DTM. CodeWrights GmbH has addressed the vulnerability with a new library, which ABB have begun to integrate. AFFECTE...

Phoenix Contact Software ProConOs and MultiProg Authentication Vulnerability

OVERVIEW Reid Wightman of Digital Bond has identified an authentication vulnerability in Phoenix Contact Software’s ProConOs and MultiProg applications. KW-Software originally wrote these applications without authentication intentionally. This vulnerability could be exploited remotely. AFFECTED...

php: pcntl_exec() accepts paths with NUL character

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

Elipse E3 Process Control Vulnerability

Elipse E3 is the monitoring control and data acquisition system. A process control vulnerability in the Elipse E3 application caused by a third-party DLL can be successfully exploited to cause arbitrary code execution...