Lucene search
+L

15 matches found

The Hacker News
The Hacker News
added 2025/01/17 2:8 p.m.10 views

Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation

Cybersecurity researchers have disclosed three security flaws in Planet Technology's WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. "These switches are widely used in building and home automation systems for a varie...

9.3CVSS10AI score0.02341EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/12/10 12:0 a.m.7 views

The vulnerability of microprogrammed software in embedded network control controllers for building automation systems, such as ASPECT Enterprise, NEXUS Series, and MATRIX Series, arises from improper validation of certain types of input data. This allows unauthorized access by attackers to the device.

The vulnerability of microprogrammed software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to improper validation of certain types of input data. Exploiting this vulnerability can allow an unauthorized attacker to gain unauthorized acces...

10CVSS5.4AI score0.00449EPSS
Exploits0References2Affected Software4
Trellix
Trellix
added 2022/08/25 12:0 a.m.20 views

A Door Isn’t a Door When It’s Ajar - Part 3

A Door Isn’t a Door When It’s Ajar - Part III By Trellix · August 25, 2022 This story was also written by Steve Povolny and Sam Quinn Contents Installing OnGuard by Third Party Vendor Exploitation and Hacking the Planet! Putting it all Together Building the Final Demo System The Demo Lessons and...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2022/06/28 11:30 a.m.200 views

APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor

Entities located in Afghanistan, Malaysia, and Pakistan are in the crosshairs of an attack campaign that targets unpatched Microsoft Exchange Servers as an initial access vector to deploy the ShadowPad malware. Russian cybersecurity firm Kaspersky, which first detected the activity in mid-October...

9.8CVSS2.2AI score0.99999EPSS
Exploits63
Prion
Prion
added 2021/11/09 12:15 p.m.23 views

Design/Logic Flaw

A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and...

5CVSS8.2AI score0.01477EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/11/09 11:31 a.m.31 views

CVE-2021-31882

A vulnerability has been identified in Capital Embedded AR Classic 431-422 All versions, Capital Embedded AR Classic R20-11 All versions V2303. The DHCP client application does not validate the length of the Domain Name Server IP options 0x06 when processing DHCP ACK packets. This may lead to...

6.5CVSS8.7AI score0.01476EPSS
Exploits0References6
Microsoft Malware Protection
Microsoft Malware Protection
added 2020/11/23 5:0 p.m.38 views

IoT security: how Microsoft protects Azure Datacenters

Azure Sphere first entered the IoT Security market in 2018 with a clear mission—to empower every organization on the planet to connect and create secure and trustworthy IoT devices. Security is the foundation for durable innovation and business resilience. Every industry investing in IoT must...

7.5AI score
Exploits0
ThreatPost
ThreatPost
added 2020/09/25 8:17 p.m.68 views

Industrial Cyberattacks Get Rarer but More Complex

Cyberattacks against the oil and gas industry inched up only slightly compared to the second half of 2019. Security experts say they are encouraged by the anemic growth, but at the same time are expressing concern that attacks are now becoming more potent, targeted and complex. According to new...

0.3AI score
Exploits0References5
HackRead
HackRead
added 2019/01/16 4:27 p.m.21 views

Malware can fully compromise building control systems

By Waqas Enterprise security vendor ForeScout’s operational technology research unit has developed a PoC Proof-of-Concept malware that exposed the vulnerabilities in building automation systems BAS by compromising them due to the presence of two very critical bugs in the BAS's PLC programmable...

1.9AI score
Exploits0
OpenVAS
OpenVAS
added 2018/01/03 12:0 a.m.12 views

Building Automation Systems BAS-Device Web Detection

Detection of running version of Building Automation System device. This script sends an HTTP GET request and tries to ensure the presence of Building Automation System devices. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2017/08/07 12:0 a.m.1222 views

Niagara Fox (Flexible Object eXchange) Service Detection

A Niagara Fox Flexible Object eXchange service is running at this host. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7AI score
Exploits0References1
Exploit DB
Exploit DB
added 2017/05/01 12:0 a.m.65 views

Alerton Webtalk 2.5/3.3 - Multiple Vulnerabilities

''' Security Issues in Alerton Webtalk ================================== Introduction ------------ Vulnerabilities were identified in the Alerton Webtalk Software supplied by Alerton. This software is used for the management of building automation systems. These were discovered during a black bo...

7.4AI score
Exploits0
0day.today
0day.today
added 2017/04/28 12:0 a.m.47 views

Alerton Webtalk 2.5 / 3.3 Hash Disclosure / CSRF / Command Injection Vulnerabilities

Exploit for multiple platform in category web applications Security Issues in Alerton Webtalk ================================== Introduction ------------ Vulnerabilities were identified in the Alerton Webtalk Software supplied by Alerton. This software is used for the management of building...

7.1AI score
Exploits0
Nmap
Nmap
added 2016/09/07 3:49 a.m.367 views

fox-info NSE Script

Tridium Niagara Fox is a protocol used within Building Automation Systems. Based off Billy Rios and Terry McCorkle's work this Nmap NSE will collect information from A Tridium Niagara system. Example Usage nmap --script fox-info.nse -p 1911 Script Output 1911/tcp open Niagara Fox | fox-info: |...

10CVSS9.3AI score0.99448EPSS
Exploits33
ICS
ICS
added 2016/02/06 7:0 a.m.71 views

KMC Controls Conquest BACnet Router Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on May 5, 2016, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified authentication and cross-site request forgery CSRF vulnerabilities in KMC Controls’ Conquest...

8.8CVSS8.5AI score0.01232EPSS
Exploits0References10
Rows per page
Query Builder