Lucene search
K

31 matches found

ICS
ICS
added 2024/09/10 6:0 a.m.41 views

Viessmann Climate Solutions SE Vitogate 300

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Viessmann Climate Solutions SE Equipment : Vitogate 300 Vulnerabilities : Use of Hard-coded Credentials, Forced Browsing, Command Injection 2. RISK EVALUATION...

9.8CVSS9.7AI score0.74697EPSS
Exploits5References10
The Hacker News
The Hacker News
added 2024/08/29 11:5 a.m.86 views

Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks

A years-old high-severity flaw impacting AVTECH IP cameras has been weaponized by malicious actors as a zero-day to rope them into a botnet. CVE-2024-7029 CVSS score: 8.7, the vulnerability in question, is a "command injection vulnerability found in the brightness function of AVTECH closed-circui...

10CVSS9.1AI score0.99975EPSS
Exploits13
ICS
ICS
added 2024/06/20 6:0 a.m.23 views

CAREL Boss-Mini

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : CAREL Equipment : Boss-Mini Vulnerability : Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

9.8CVSS9.1AI score0.75206EPSS
Exploits6References10
hivepro
hivepro
added 2023/11/20 8:17 a.m.10 views

Scattered Spider Cyber Threat Key Findings and Security Measures

Summary: A cybercriminal group, Scattered Spider, known for targeting commercial facilities, highlighting their evolving tactics, social engineering expertise, phishing, and SIM swap attacks, evolving techniques like file encryption post-exfiltration to maintain persistence and adapt to security...

7.3AI score
Exploits0
CISA
CISA
added 2023/11/16 12:0 p.m.8 views

FBI and CISA Release Advisory on Scattered Spider Group

Today, the Federal Bureau of Investigation FBI and the Cybersecurity and Infrastructure Security Agency CISA released a joint Cybersecurity Advisory CSA on Scattered Spider—a cybercriminal group targeting commercial facilities sectors and subsectors. The advisory provides tactics, techniques, and...

7.2AI score
Exploits0References3
ICS
ICS
added 2023/11/16 12:0 p.m.114 views

Scattered Spider

SUMMARY The Federal Bureau of Investigation FBI and Cybersecurity and Infrastructure Security Agency CISA are releasing this joint Cybersecurity Advisory CSA in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors. This advisory...

10AI score
Exploits0References134
ICS
ICS
added 2023/11/14 12:0 a.m.60 views

Siemens Desigo CC product family

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.8CVSS9.8AI score0.33304EPSS
Exploits2References10
ICS
ICS
added 2023/10/26 6:0 a.m.37 views

Centralite Pearl Thermostat

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Centralite Equipment : Pearl Thermostat Vulnerability : Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this...

7.5CVSS7.7AI score0.00635EPSS
Exploits0References8
ICS
ICS
added 2021/12/02 12:0 a.m.44 views

Schneider Electric SESU

1. EXECUTIVE SUMMARY CVSS v3 3.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Schneider Electric Software Update SESU Vulnerability: Insufficient Entropy 2. RISK EVALUATION Successful exploitation of this vulnerability could cause unintended connection from an internal...

3.8CVSS4.8AI score0.00237EPSS
Exploits0References4
ICS
ICS
added 2021/07/01 12:0 a.m.46 views

Mitsubishi Electric Air Conditioning Systems

1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: Multiple Air Conditioning Systems Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability may...

8.5CVSS8.2AI score0.01781EPSS
Exploits0References5
ICS
ICS
added 2021/04/15 12:0 a.m.60 views

Schneider Electric C-Bus Toolkit

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: C-Bus Toolkit Vulnerabilities: Improper Privilege Management, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow remote code...

8.8CVSS8.3AI score0.40582EPSS
Exploits1References5
ICS
ICS
added 2021/03/09 12:0 a.m.82 views

Siemens LOGO! 8 BM

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

5.5CVSS5.8AI score0.00266EPSS
Exploits0References10
ICS
ICS
added 2021/01/05 12:0 a.m.91 views

Schneider Electric Web Server on Modicon M340

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write, Classic Buffer Overflow 2. RISK...

8.8CVSS9.5AI score0.01087EPSS
Exploits0References5
ICS
ICS
added 2020/09/10 12:0 a.m.38 views

HMS Networks Ewon Flexy and Cosy

1. EXECUTIVE SUMMARY CVSS v3 2.3 ATTENTION: Low skill level to exploit Vendor: HMS Networks Equipment: Ewon Flexy and Cosy Vulnerability: Permissive Cross-domain Policy with Untrusted Domains 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to retrieve...

2.3CVSS4AI score0.0034EPSS
Exploits0References5
ICS
ICS
added 2020/06/25 12:0 a.m.99 views

ENTTEC Lighting Controllers (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: ENTTEC Equipment: Datagate Mk2, Storm 24, Pixelator, E-Streamer Mk2 Vulnerabilities: Use of Hard-coded Cryptographic Key, Cross-site Scripting, Improper Access Control...

10CVSS8.5AI score0.02016EPSS
Exploits4References5
ICS
ICS
added 2020/05/21 12:0 a.m.67 views

Johnson Controls Software House C-CURE 9000 and American Dynamics victor VMS

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Equipment: Software House C•CURE 9000 and American Dynamics victor Video Management System Vulnerability: Cleartext Storage of...

9.9CVSS7.7AI score0.0099EPSS
Exploits0References5
ICS
ICS
added 2020/03/03 12:0 a.m.73 views

ICSA-20-063-02_PHOENIX CONTACT Emalytics Controller ILC

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Phoenix Contact Equipment: Emalytics Controller ILC 2050 BIL Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability...

9.4CVSS9.5AI score0.01846EPSS
Exploits0References2
ICS
ICS
added 2020/02/13 12:0 a.m.92 views

Schneider Electric Modicon Ethernet Serial RTU

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Modicon BMXNOR0200H Vulnerabilities: Improper Check for Unusual or Exceptional Conditions, Improper Access Control 2. RISK EVALUATION Successful exploitation of these...

8.8CVSS9AI score0.02084EPSS
Exploits0References5
ICS
ICS
added 2019/06/04 12:0 a.m.199 views

PHOENIX CONTACT PLCNext AXC F 2152

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Phoenix Contact Equipment: PLCNext AXC F 2152 Vulnerabilities: Key Management Errors, Improper Access Control, Man-in-the-Middle, Using Component with Known Vulnerabilities 2. RISK EVALUATION...

7.1CVSS6.6AI score0.01581EPSS
Exploits0References6
ICS
ICS
added 2018/12/20 12:0 a.m.126 views

Schneider Electric EcoStruxure

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: EcoStruxure Vulnerability: Open Redirect 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to use this device as a platform to...

6.1CVSS6.6AI score0.00755EPSS
Exploits0References5
Rows per page
Query Builder