PT-2025-28947 · Ruckus · Network Director

Name of the Vulnerable Software and Affected Versions: RUCKUS Network Director versions prior to 4.5 Description: RUCKUS Network Director allows jailed users to obtain root access via a weak, hardcoded password. Recommendations: Update RUCKUS Network Director to version 4.5 or later...

Emerson Liebert SiteScan XML External Entity Vulnerability

OVERVIEW Researcher Evgeny Ermakov from Kaspersky Lab has identified an XML External Entity XXE vulnerability affecting Emerson’s Liebert SiteScan application. Emerson has produced patches to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The...

INDAS Web SCADA Path Traversal Vulnerability

OVERVIEW Independent researcher Ehab Hussein of IOActive has identified a path traversal vulnerability in the INDAS Web SCADA application. INDAS has produced new software to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following INDAS Web SCAD...

SearchBlox File Exfiltration Vulnerability

OVERVIEW Oana Murarasu of Ixia has identified a file exfiltration vulnerability in SearchBlox’s web-based proprietary search engine application. SearchBlox has produced a new version to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following...

Honeywell Experion PKS Directory Traversal Vulnerability

OVERVIEW Independent researcher Joel Langill identified a directory traversal vulnerability in Honeywell’s Experion PKS application. This vulnerability exists in all unsupported phased out versions of the application that is still in use by some customers. Honeywell has recommended users of the...

Innominate mGuard Privilege Escalation Vulnerability

OVERVIEW Innominate Security Technologies has identified a privilege escalation vulnerability affecting all mGuard devices. Innominate has produced a firmware patch that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following Innominate mGuard...

ICS-CERT Tips for Critical Infrastructure to Avoid Shamoon

Most publicly known malware attacks are disruptive in nature, for example causing the interruption of online banking services or taking websites temporarily offline. Few attacks cause actual physical damage to computers where hard drives are damaged and data lost or destroyed. The Shamoon virus i...

Multiple Vulnerabilities Haunt Long List of PLC Modules

A long list of industrial-control modules manufactured by Schneider Electric and used to control operations at various industrial facilities contain multiple weaknesses and vulnerabilities that could allow an attacker to modify the firmware, login remotely and run arbitrary code on the vulnerable...