268 matches found
Motorola MOSCAD SCADA IP Gateway Vulnerabilities
OVERVIEW Independent researcher Aditya K. Sood has identified Remote File Inclusion RFI and Cross-Site Request Forgery CSRF vulnerabilities in Motorola Solutions’ MOSCAD IP Gateway. Motorola Solutions has confirmed this product was cancelled at the end of 2012 and no longer offer software updates...
Hard-Coded FTP Credentials Found in Schneider Electric SCADA Gateway
The parade of easily exploitable, critical vulnerabilities in ICS software shows no signs of ending anytime soon, with the latest entrant being two flaws in Schneider Electric’s ETG3000 FactoryCast HMI Gateway that allow unauthenticated remote access to the device’s FTP server and configuration...
Siemens SIMATIC HMI Devices Vulnerabilities (Update E)
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-099-01D Siemens SIMATIC HMI Devices Vulnerabilities that was published September 10, 2015, on the NCCIC/ICS‑CERT web site. Siemens has identified three vulnerabilities in its SIMATIC HMI devices. These...
Ecava IntegraXor Buffer Overflow Vulnerability
OVERVIEW This advisory is a follow-up to the alert titled ICS-ALERT-14-015-01 Ecava IntegraXor Buffer Overflow Vulnerability that was published January 15, 2014, on the NCCIC/ICS-CERT Web site. Independent researcher Luigi Auriemma identified a buffer overflow vulnerability in the Ecava IntegraXo...
7T Interactive Graphical SCADA System 'dc.exe' Command Injection Vulnerability
7T Interactive Graphical SCADA System is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CoDeSys SCADA 2.3 - Remote Exploit
No description provided by source. / See Also: http://aluigi.altervista.org/adv/codesys1-adv.txt CoDeSys v2.3 Industrial Control System Development Software Remote Buffer Overflow Exploit for CoDeSys Scada webserver Author : Celil UNUVER, SignalSEC Labs www.signalsec.com Tested on WinXP SP1 EN TH...
Interactive Graphical SCADA System Remote Command Injection
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp def initializeinfo =...
DATAC RealWin SCADA 1.06 - Buffer Overflow Exploit
No description provided by source. Exploit Title: RealWin SCADA System SEH Overwrite Date: 10-27-10 Author: Blake Software Link: http://www.realflex.com/products/realwin/realwin.php Version: 1.06 Tested on: Windows XP SP3 running in VMware Workstation rfx import socket, sys if lensys.argv!= 3:...
Interactive Graphical SCADA System - Remote Command Injection (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Interactive Graphical SCADA System Remote Command Injection', 'Description' = %q This module abuses a directory traversal flaw in...
Interactive Graphical SCADA System Remote Command Injection
This module abuses a directory traversal flaw in Interactive Graphical SCADA System v9.00. In conjunction with the traversal flaw, if opcode 0x17 is sent to the dc.exe process, an attacker may be able to execute arbitrary system commands. This module requires Metasploit:...
Bug Bounty to Reward Researchers with Redeemable Points
IntegraXor, a manufacturer of supervisory control and data acquisition SCADA equipment, announced last week that it would implement a bug bounty program offering points redeemable for company services to researchers that disclose security vulnerabilities in their IGX SCADA system. In most bug...
Kelihos Update Includes New TLD and USB Infection Capabilities
There’s a little Michael Myers in the Kelihos botnet; maim it, kill it and it keeps on coming back to wreak more havoc. The 2011 takedown of the Kelihos botnet was one of Microsoft’s high-profile success stories against spambots and the like, yet Kelihos was back for more at the start of 2012 usi...
Siemens SIMATIC WinCC Flexible SCADA Runtime Stack Buffer Overflow
A stack buffer overflow vulnerability has been reported in Siemens SIMATIC WinCC Flexible...
7T-IGSS Server Login Attempt Detected (SCADA)
Binary data 6323.prm...
Interactive Graphical SCADA System DLL Loading Arbitrary Code Execution Vulnerability
This host is installed with Interactive Graphical SCADA System and is prone to code execution vulnerability. OpenVAS Vulnerability Test $Id: gbigssdllcodeexecutionvuln.nasl 5940 2017-04-12 09:02:05Z teissa $ Interactive Graphical SCADA System DLL Loading Arbitrary Code Execution Vulnerability...
CVE-2011-4053
Untrusted search path vulnerability in 7-Technologies 7T Interactive Graphical SCADA System IGSS before 9.0.0.11291 allows local users to gain privileges via a Trojan horse DLL in the current working directory...
Buffer overflow
Buffer overflow in 7-Technologies 7T Interactive Graphical SCADA System IGSS 9.0.0.11200 allows remote attackers to cause a denial of service via a crafted packet to TCP port 12401...
Buffer overflow
Multiple buffer overflows in 7-Technologies 7T Interactive Graphical SCADA System IGSS 9.0.0.11355 and earlier allow remote attackers to execute arbitrary code or cause a denial of service via a crafted packet to TCP port 1 12397 or 2 12399...
CVE-2011-4050
The CVE-2011-4050 issue affects 7-Technologies IGSS Data Server (IGSSdataServer.exe) in IGSS 9.x. A buffer overflow in the server, caused by handling of file/packet data, can be triggered remotely by sending a crafted TCP packet to port 12401, leading to a remote denial of service. Public referen...
7T Interactive Graphical SCADA System (IGSS) Directory Traversal (CVE-2011-1565)
A directory traversal vulnerability has been reported in 7T Interactive Graphical SCADA System IGSS. 7-Technologies' IGSS is a Supervisory Control and Data Acquisition SCADA system used for monitoring and controlling industrial processes. A remote attacker may exploit this vulnerability to read a...