Lucene search
K

101 matches found

CVE
CVE
added 2020/04/22 2:18 p.m.72 views

CVE-2020-8474

CVE-2020-8474 concerns ABB System 800xA Base, where an incorrect permission assignment allows low-privilege users to read/modify registry settings that control system functionality. The vulnerability can be exploited by an authenticated user with local access to cause system functions to stop or ...

7.8CVSS7.4AI score0.00285EPSS
Exploits0References1Affected Software1
ICS
ICS
added 2020/03/26 12:0 a.m.52 views

Advantech WebAccess

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote code execution. 3. TECHNICAL DETAILS 3.1...

8.8CVSS9.3AI score0.02123EPSS
Exploits0References5
ICS
ICS
added 2020/02/20 12:0 a.m.82 views

ICSA-20-051-01_B&R Automation Studio and Automation Runtime

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: B&R Industrial Automation GmbH Equipment: Automation Studio and Automation Runtime Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability may allow a...

9.4CVSS9.4AI score0.0165EPSS
Exploits0References2
ICS
ICS
added 2020/02/13 12:0 a.m.73 views

Schneider Electric Magelis HMI Panels

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Magelis HMI Panel Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a...

6.5CVSS6.8AI score0.01049EPSS
Exploits1References5
ICS
ICS
added 2020/02/13 12:0 a.m.92 views

Schneider Electric Modicon Ethernet Serial RTU

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Modicon BMXNOR0200H Vulnerabilities: Improper Check for Unusual or Exceptional Conditions, Improper Access Control 2. RISK EVALUATION Successful exploitation of these...

8.8CVSS9AI score0.02084EPSS
Exploits0References5
ICS
ICS
added 2019/11/26 12:0 a.m.36 views

ABB Relion 670 Series

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: Relion 670 Series Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to read and delete files on the device. 3...

10CVSS9.2AI score0.0198EPSS
Exploits0References5
ICS
ICS
added 2019/09/17 12:0 a.m.196 views

Advantech WebAccess

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Advantech Equipment : WebAccess Vulnerabilities : Code Injection, Command Injection, Stack-based Buffer Overflow, Improper Authorization 2. RISK EVALUATION Successful exploitation of these...

9.8CVSS10AI score0.02863EPSS
Exploits0References5
ICS
ICS
added 2019/08/01 12:0 a.m.140 views

3S-Smart Software Solutions GmbH CODESYS V3 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low skill level to exploit Vendor: 3S-Smart Software Solutions GmbH Equipment: CODESYS V3 Vulnerability: Insufficiently Protected Credentials 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-213-04...

8.8CVSS8.8AI score0.00303EPSS
Exploits0References5
ICS
ICS
added 2019/06/11 12:0 a.m.87 views

ICSA-19-162-01 Siemens Siveillance VMS

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Siveillance VMS Vulnerabilities: Improper Authorization, Incorrect User Management, Missing Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

9.8CVSS8.5AI score0.01667EPSS
Exploits0References9
ICS
ICS
added 2019/03/05 12:0 a.m.118 views

Rockwell Automation RSLinx Classic

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: RSLinx Classic Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to execute...

9.8CVSS9.8AI score0.50031EPSS
Exploits0References5
ICS
ICS
added 2018/10/09 12:0 a.m.585 views

Siemens SIMATIC S7-1200 CPU Family Version 4

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC S7-1200 CPU Family Version 4 Vulnerability: Cross-Site Request Forgery CSRF 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a CSRF attack if an unsuspecting user is...

7.3CVSS7.6AI score0.00626EPSS
Exploits0References9
ICS
ICS
added 2018/09/06 12:0 p.m.24 views

Ecava IntegraXor Directory Traversal

Overview This advisory is a follow-up to ICS-ALERT-10-355-01 - Ecava IntegraXor Directory Traversal, published on the ICS-CERT Web page on December 21, 2010. ICS-CERT has become aware of a directory traversal vulnerability in the Ecava IntegraXor Human-Machine Interface HMI product that could all...

7.3AI score
Exploits0References19
ICS
ICS
added 2018/09/06 12:0 p.m.74 views

ABB NETCADOPS HELP SYSTEM VULNERABILITY

Overview A cross-site scriptinghttp://www.owasp.org/index.php/Cross-siteScriptingXSS vulnerability exists in the system used by the ABB Electrical Distribution Management System DMS product netCADOPS to generate online Help. Affected Products All releases of the ABB netCADOPS product. The ABB...

7AI score
Exploits0References17
ICS
ICS
added 2018/07/12 12:0 a.m.35 views

Eaton 9000X Drive

1. EXECUTIVE SUMMARY CVSS v3 5.6 ATTENTION: Exploitable remotely Vendor: Eaton Equipment: 9000X Drive Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The...

9.8CVSS10AI score0.06838EPSS
Exploits0References5
ICS
ICS
added 2018/05/17 12:0 a.m.265 views

GE PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CPU320/CRU320, RXi

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : GE Equipment : PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CPU320/CRU320, RXi Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this...

7.8CVSS7.8AI score0.03474EPSS
Exploits0References5
ICS
ICS
added 2017/06/13 12:0 a.m.52 views

OSIsoft PI Server 2017

CVSS v3 8.9 ATTENTION: Remotely exploitable. Vendor: OSIsoft Equipment: PI Server 2017 Vulnerabilities: Improper Authentication AFFECTED PRODUCTS OSIsoft reports that the vulnerabilities affect the following PI Server products: PI Data Archive versions prior to 2017. IMPACT Successful exploitatio...

7.4CVSS6.9AI score0.02147EPSS
Exploits0References3
ICS
ICS
added 2015/09/10 6:0 a.m.46 views

LOYTEC Router Information Exposure Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified a password file vulnerability in LOYTEC’s LIP-3ECTB routers. LOYTEC has produced a firmware update to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following LOYTEC routers are affected:...

10CVSS7AI score0.02338EPSS
Exploits0References10
ICS
ICS
added 2014/10/19 6:0 a.m.43 views

Ecava IntegraXor Buffer Overflow Vulnerability

OVERVIEW This advisory is a follow-up to the alert titled ICS-ALERT-14-015-01 Ecava IntegraXor Buffer Overflow Vulnerability that was published January 15, 2014, on the NCCIC/ICS-CERT Web site. Independent researcher Luigi Auriemma identified a buffer overflow vulnerability in the Ecava IntegraXo...

7.8CVSS7.1AI score0.02518EPSS
Exploits0References10
ThreatPost
ThreatPost
added 2011/09/26 7:30 p.m.16 views

DHS Thinks Some SCADA Problems Are Too Big To Call "Bug"

The Stuxnet worm may be the most famous piece of malicious software ever written. When it was first detected, a little over a year ago, the worm sounded a warning to nations around the world that critical infrastructure systems were potential targets of attack for foreign governments and cyber...

Exploits0References6
ICS
ICS
added 2011/08/13 6:0 a.m.56 views

Safenet Sentinel and 7-T Input Sanitization Vulnerability

Overview ICS-CERT originally released advisory ICSA-11-314-01P on the US-CERT secure portal on November 14, 2011. This web page release was delayed to allow users time to download and install the update. Security researcher Carlos Mario Penagos Hollman of Synapse-labs has identified an input...

4.3CVSS6.1AI score0.01457EPSS
Exploits0References10
Rows per page
Query Builder