Trane多款产品 安全漏洞

Trane Tracer SC, etc., are products of the Australian company Trane. Trane Tracer SC+ is a building controller that combines centralized monitoring and automated management capabilities. Trane Tracer Concierge is a building management software designed to monitor and manage the operating status o...

Siemens OZW672 操作系统命令注入漏洞

The OZW device web server is used for remote monitoring of building controller devices, e.g. for monitoring heating control or air conditioning status. A code execution and SQL injection vulnerability exists in the Siemens OZW672 and OZW772 web servers, which can be exploited by an attacker to...

Honeywell Alerton Ascent Control Module 安全漏洞

The Honeywell Alerton Ascent Control Module is a high performance, BACnet-compliant, integrated building controller and router from USAHoneywell. It can support BACnet/Ethernet, BACnet/IP and BACnet/MSTP. A security vulnerability exists in Honeywell Alerton Ascent Control Module ACM versions...

多款Siemens产品安全漏洞

Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA Total Room Automation applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use...

Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure Vulnerability

Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure Vendor: Delta Controls Inc. Product web page: https://www.deltacontrols.com Affected version: 3.40.3935 3.40.3706 3.33.4005 Summary: enteliTOUCH - Touchscreen Building Controller. Get instant access to the heart of your BAS. The...

Delta Controls enteliTOUCH 3.40.3935 Cross-Site Request Forgery (CSRF)

Summary enteliTOUCH - Touchscreen Building Controller. Get instant access to the heart of your BAS. The enteliTOUCH has a 7-inch, high-resolution display that serves as an interface to your building. Use it as your primary interface for smaller facilities or as an on-the-spot access point for...

Siemens APOGEE MBC 缓冲区错误漏洞

Siemens APOGEE MBC is a modular building controller from Siemens Germany. A buffer overflow vulnerability exists in several Siemens APOGEE MBC products, which can be exploited by remote, unauthenticated attackers to execute arbitrary code on the device with root privileges...

Reliable Controls® MACH-ProWebCom™ 未授权访问信息泄露

MACH-ProWebCom™ 是一个功能强大内置网络服务器完全可自由编程的BACnet® 楼宇控制器。可以快速方便地同 Reliable Controls® MACH-ProWebCom™ 将楼宇自控系统发布到网络上。 MACH-ProWebCom™ Web 服务存在未授权访问，可以下载服务配置等敏感信息 MACH-ProWebCom™, a fully programmable BACnet® Building Controller with a powerful, built-in Web server.It can post your building graphics to t...

Siemens OZW672 and OZW772 Man-in-the-Middle Attack Vulnerabilities

Siemens OZW672 and OZW772 are both building controller products from Siemens, Germany. A man-in-the-middle attack vulnerability exists in the Siemens OZW672 and OZW772. This allows an attacker to read and manipulate data in a TLS session while performing a man-in-the-middle MITM attack...

Siemens OZW672 and OZW772 Cross-Site Scripting Vulnerabilities

Siemens OZW672 and OZW772 are both building controller products from Siemens, Germany. A cross-site scripting vulnerability exists in the Siemens OZW672 and OZW772 devices. A remote attacker could exploit the vulnerability to alter data and settings...