New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids

A new strain of malicious software that's engineered to penetrate and disrupt critical systems in industrial environments has been unearthed. Google-owned threat intelligence firm Mandiant dubbed the malware COSMICENERGY , adding it was uploaded to the VirusTotal public malware scanning utility i...

PT-2023-4018 · Siemens · Tecnomatix Plant Simulation

Name of the Vulnerable Software and Affected Versions: Tecnomatix Plant Simulation versions prior to V2201.0008 Tecnomatix Plant Simulation versions prior to V2302.0002 Description: The issue is related to a stack-based buffer overflow in the affected application when parsing specially crafted SP...

PT-2023-4021 · Siemens · Tecnomatix Plant Simulation

Name of the Vulnerable Software and Affected Versions: Tecnomatix Plant Simulation V2201 versions prior to V2201.0008 Tecnomatix Plant Simulation V2302 versions prior to V2302.0002 Description: A type confusion vulnerability has been identified in the affected application while parsing STP files...

PT-2023-4072 · Siemens · Tecnomatix Plant Simulation

Name of the Vulnerable Software and Affected Versions: Tecnomatix Plant Simulation versions prior to V2201.0008 Tecnomatix Plant Simulation versions prior to V2302.0002 Description: The issue is related to a stack-based buffer overflow in the affected application when parsing specially crafted ST...

Zero Trust + Deception: Join This Webinar to Learn How to Outsmart Attackers!

Cybersecurity is constantly evolving, but complexity can give hostile actors an advantage. To stay ahead of current and future attacks, it's essential to simplify and reframe your defenses. Zscaler Deception is a state-of-the-art next-generation deception technology seamlessly integrated with the...

Zero Trust + Deception: Join This Webinar to Learn How to Outsmart Attackers!

Cybersecurity is constantly evolving, but complexity can give hostile actors an advantage. To stay ahead of current and future attacks, it's essential to simplify and reframe your defenses. Zscaler Deception is a state-of-the-art next-generation deception technology seamlessly integrated with the...

(Pwn2Own) Prosys OPC UA Simulation Server Resource Exhaustion Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Prosys OPC UA Simulation Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of message chunks. By sending a large number ...

Rockwell Automation Arena Simulation Software Buffer Overflow Vulnerability (CNVD-2023-49821)

Rockwell Automation Arena Simulation Software is a suite of simulation software from Rockwell Automation that provides 3D animation and graphics capabilities. A buffer overflow vulnerability exists in Rockwell Automation Arena Simulation Software, which can be exploited by an attacker to submit...

Rockwell Automation Arena Simulation Software Buffer Overflow Vulnerability (CNVD-2023-49823)

Rockwell Automation Arena Simulation Software is a suite of simulation software from Rockwell Automation that provides 3D animation and graphics capabilities. A buffer overflow vulnerability exists in Rockwell Automation Arena Simulation Software, which can be exploited by an attacker to execute...

Rockwell Automation Arena Simulation Software Buffer Overflow Vulnerability

Rockwell Automation Arena Simulation Software is a suite of simulation software from Rockwell Automation that provides 3D animation and graphics capabilities. A buffer overflow vulnerability exists in Rockwell Automation Arena Simulation Software, which can be exploited by an attacker to remotely...

Rockwell Automation Arena Simulation Software

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Arena Simulation Software Vulnerabilities: Incorrect Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

The vulnerability of the sub-component “Application” within the Oracle Financial Services Behavior Detection Platform of the banking analytics system’s simulation model. This vulnerability allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the sub-component “Application” within the Oracle Financial Services Behavior Detection Platform of a bank analytics system’s simulation model involves insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain...

Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

The vulnerability of the SMS Module component of the Oracle Banking Virtual Account Management component of the banking analytics system’s simulation model, Oracle Financial Services Applications, allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the SMS Module component of the Oracle Banking Virtual Account Management component of the banking analytics system’s simulation model, Oracle Financial Services Applications, is related to insufficient validation of entered data. Exploiting this vulnerability could allow an...

CISA Releases Fifteen Industrial Control Systems Advisories

CISA released fifteen Industrial Control Systems ICS advisories on May 11, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-131-01 Siemens Solid Edge ICSA-23-131-02 Siemens SCALANCE W1750D ICSA-23-131-03 Siemen...

CVE-2023-29460

An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow potentially resulting in a complete loss of...

CVE-2023-29461

An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complet...

CVE-2023-29462

An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complet...

CVE-2023-29462

An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complet...