Malicious Package

Overview @clearpool/comms is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-3056 Malicious code in @clearpool/comms (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f79c0a598ffe54e6eba22b90afd0c9bbb902c3086178c2ea2a9227e002e399d The package @clearpool/comms was found to contain malicious code. Source: ghsa-malware aac3d8fce06f495311a581ee9a8f6acf42b7ea35162b9a3387ad6040adfef4...

Malicious code in @clearpool/comms (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f79c0a598ffe54e6eba22b90afd0c9bbb902c3086178c2ea2a9227e002e399d The package @clearpool/comms was found to contain malicious code. Source: ghsa-malware aac3d8fce06f495311a581ee9a8f6acf42b7ea35162b9a3387ad6040adfef4...

CVE-2025-53710

Due to a product misconfiguration in certain deployment types, it was possible from different pods in the same namespace to communicate with each other. This issue resulted in bypass of access control due to the presence of a vulnerable endpoint in Foundry Container Service that executed...

Vulnerabilities fixed in Rockwell Automation COMMS

Rockwell Automation has fixed vulnerabilities in COMMS NATR systems. The vulnerabilities include multiple broken authentication issues that pose serious risks, including denial-of-service attacks, possible takeovers of admin accounts and improper changes to NAT rules. In addition, there is a Stor...

Rockwell Automation Comms-1783-NATR Cross-Site Request Forgery Vulnerability

Rockwell Automation Comms-1783-NATR is an industrial Ethernet address translation device from Rockwell Automation. The Rockwell Automation Comms-1783-NATR suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to cause a specially crafted link to trick a...

Rockwell Automation Comms-1783-NATR Cross-Site Scripting Vulnerability

Rockwell Automation Comms-1783-NATR is an industrial Ethernet address translation device from Rockwell Automation. The Rockwell Automation Comms-1783-NATR is vulnerable to a cross-site scripting vulnerability that is caused by improper validation of user-supplied input. An attacker could exploit...

CVE-2025-9178

The CVE-2025-9178 issue affects Rockwell Automation 1715 EtherNet/IP Adapters (notably the 1715-AENTR). It is a denial-of-service vulnerability triggered by crafted CIP payloads in the CIP communications path, which can cause the web server/CIP handling to crash or lose CIP communication, and req...

CVE-2025-9177

Rockwell Automation 1715 EtherNet/IP Comms Module/Adapter is affected by CVE-2025-9177. A denial-of-service vulnerability arises from a high volume of requests to the device's web server, which can cause the web server to crash. Impact described across sources: requires a power cycle to recover a...

CVE-2025-7329

CVE-2025-7329 describes a Stored Cross-Site Scripting vulnerability in Rockwell Automation Comms-1783-NATR (industrial Ethernet translation device). The issue arises from missing filtering/encoding of user input, allowing a logged-in administrator to update configuration fields and potentially vi...

CVE-2025-7329 Rockwell Automation Comms - 1783-NATR Stored Cross-Site Scripting Vulnerability

A Stored Cross-Site Scripting security issue exists in the affected product that could potentially allow a malicious user to view and modify sensitive data or make the webpage unavailable. The vulnerability stems from missing special character filtering and encoding. Successful exploitation...

CVE-2025-7328 Rockwell Automation Comms - 1783-NATR Multiple Broken Authentication Vulnerabilities

Multiple Broken Authentication security issues exist in the affected product. The security issues are due to missing authentication checks on critical functions. These could result in potential denial-of-service, admin account takeover, or NAT rule modifications. Devices would no longer be able t...

CVE-2025-7328 Rockwell Automation Comms - 1783-NATR Multiple Broken Authentication Vulnerabilities

Multiple Broken Authentication security issues exist in the affected product. The security issues are due to missing authentication checks on critical functions. These could result in potential denial-of-service, admin account takeover, or NAT rule modifications. Devices would no longer be able t...

Rockwell Automation Comms-1783-NATR 安全漏洞

Rockwell Automation Comms-1783-NATR is an industrial Ethernet address translation device from Rockwell Automation. A security vulnerability exists in the Rockwell Automation Comms-1783-NATR that stems from a lack of authentication checks for critical functions and can be exploited by an attacker ...

Rockwell Automation Comms-1783-NATR 安全漏洞

Rockwell Automation Comms-1783-NATR is an industrial Ethernet address translation device from Rockwell Automation. The Rockwell Automation Comms-1783-NATR suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to cause a specially crafted link to trick a...

EUVD-2014-7556

Malware in sbrugna...

EUVD-2014-7499

Malware in sbrugna...

Pipedream ICS malware toolkit is a nightmare

TL;DR Malware toolkit specifically designed for attacking ICS Modular and framework based Main features are enumeration, Modbus comms, and HTTP interactions Operational Technology OT network breaches are often due to connected Windows devices Off-network compromise assessments give a strategic vi...

claremontcomms.com Cross Site Scripting vulnerability OBB-3850018

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

We’re Excited to Announce the Launch of Comms Hub!

We are excited to announce the launch of Comms Hub to the Researcher Portal submission experience! With this launch, security researchers will be able to streamline communication with MSRC case SPMs case managers, attach additional files, track case and bug bounty status all in the Researcher...