32 matches found
EUVD-2025-5062
Malicious code in bioql PyPI...
EUVD-2025-5063
Malicious code in bioql PyPI...
EUVD-2025-13263
Malicious code in bioql PyPI...
CISA Releases Thirteen Industrial Control Systems Advisories
CISA released thirteen Industrial Control Systems ICS advisories on July 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-191-01 Siemens SINEC NMS ICSA-25-191-02 Siemens Solid Edge ICSA-25-191-03 Siemens TI...
The vulnerability of the web application for the basic configuration of devices under Revolution Pi OS, specifically the Bullseye device, is related to deficiencies in the authentication process. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the web application for the basic configuration of devices under the Revolution Pi OS operating system, Bullseye, is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and...
KUNBUS Revolution Pi 代码问题漏洞
KUNBUS Revolution Pi is an open, modular and cost-effective Raspberry Pi based industrial PC from KUNBUS. A code issue vulnerability exists in the KUNBUS Revolution Pi that stems from a type conversion error that could lead to authentication bypass...
RCEs and more in the KUNBUS GmbH Revolution Pi PLC
TL;DR Four new vulnerabilities in the Revolution Pi industrial PLCs Two give unauthenticated attackers RCE—potentially a direct impact on safety and operations Documentation and firmware is public, meaning greater oversight and better security in the long run KUNBUS’ PSIRT and CISA were great at...
CVE-2025-24522
KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by default for the Node-RED server. This can give an unauthenticated remote attacker full access to the Node-RED server where they can run arbitrary commands on the underlying operating system...
CVE-2025-24522
KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by default for the Node-RED server. This can give an unauthenticated remote attacker full access to the Node-RED server where they can run arbitrary commands on the underlying operating system...
CVE-2025-36558 KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the ssotoken used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an ssotoken, that script will reply to the user and be executed...
CVE-2025-36558 KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the ssotoken used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an ssotoken, that script will reply to the user and be executed...
CVE-2025-35996 KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API endpoints. That filename is later transmitted to the client in order to show a list of configuration files. Due to a missing escape or sanitization, t...
CVE-2025-35996 KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API endpoints. That filename is later transmitted to the client in order to show a list of configuration files. Due to a missing escape or sanitization, t...
CVE-2025-24522 KUNBUS Revolution Pi Authentication Bypass by Primary Weakness
KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by default for the Node-RED server. This can give an unauthenticated remote attacker full access to the Node-RED server where they can run arbitrary commands on the underlying operating system...
CVE-2025-24522 KUNBUS Revolution Pi Authentication Bypass by Primary Weakness
KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by default for the Node-RED server. This can give an unauthenticated remote attacker full access to the Node-RED server where they can run arbitrary commands on the underlying operating system...
CVE-2025-24522
CVE-2025-24522 affects KUNBUS Revolution Pi OS Bookworm 01/2025 where Node-RED authentication is not configured by default. An unauthenticated remote attacker can gain full access to the Node-RED server and execute arbitrary OS commands (impacting PLC control). Connected sources describe the root...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on May 1, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-121-01 KUNBUS GmbH Revolution Pi ICSMA-25-121-01 MicroDicom DICOM Viewer CISA encourages...
PT-2025-18781 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: IntelR TiberTM Edge Platform Edge Orchestrator versions prior to 24.11.1 Description: A protection mechanism failure exists in some Edge Orchestrator software. An authenticated user may be able to enable a denial of service via adjacent acces...
KUNBUS Revolution Pi OS Bookworm 安全漏洞
KUNBUS Revolution Pi OS Bookworm is an industrial-grade real-time operating system based on Debian Bookworm from KUNBUS. A security vulnerability exists in KUNBUS Revolution Pi OS Bookworm 01/2025 that stems from the Node-RED server not being configured for authentication by default, which could...
PT-2025-18782 · Undefined · Undefined
@CISAgov 2/8 🏭 Revolution Pi vulnerability details: The industrial IoT platform has THREE critical flaws CVE-2025-24522, CVE-2025-24523, CVE-2025-24524 with CVSS scores up to 10.0! These affect Node-RED and PiCtory components widely used in manufacturing, energy, and water sectors...