1577 matches found
Code Execution Vulnerability in HOLLiAS_MACS Distributed Control System by HOLLiAS
HOLLIS Group is a professional automation company integrating R&D, production, sales and technical service. A code execution vulnerability exists in the HOLLiASMACS distributed control system of HOLLiS, which can be exploited by attackers to execute arbitrary code...
Information Disclosure Vulnerability in HOLLiAS_MACS Distributed Control System by HOLLiAS
HOLLIS Group is a professional automation company integrating R&D, production, sales and technical service. An information leakage vulnerability exists in the HOLLiASMACS distributed control system of HOLLiS, which can be exploited by an attacker to obtain a login password...
Permission License Access Control Vulnerability in HOLLiAS_MACS Distributed Control System by HOLLiAS
HOLLIS Group is a professional automation company integrating R&D, production, sales and technical service. A privilege permission access control vulnerability exists in the HOLLiASMACS distributed control system of HOLLiS, which can be exploited by an attacker to overwrite the original password...
Secure Critical Infrastructure Top of Mind for U.S.
When it comes to cyber-threats and defense, the U.S. government says that critical infrastructure threats are a growing concern. Rob Joyce, senior advisor of cybersecurity strategy for the National Security Agency NSA, said that while attacks targeting the systems that power the manufacturing,...
[SECURITY] Fedora 28 Update: git-2.17.2-2.fc28
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...
Managing the Risk of IT-OT Convergence
A few years ago, it wasn’t easy getting executives on board with the concept of operational technology OT security. Having finally come around to acknowledging the need for information technology IT security, boards and C-suite executives at industrial enterprises were then faced with the...
git: arbitrary code execution via .gitmodules
An option injection flaw has been discovered in git when it recursively clones a repository with sub-modules. A remote attacker may configure a malicious repository and trick a user into recursively cloning it, thus executing arbitrary commands on the victim's machine...
Security Analysis Toolkit for Proprietary Car Protocols: CANalyzat0r
While car manufacturers steadily refine and advance vehicle systems, requirements of the underlying networks increase even further. Striving for smart cars, a fast-growing amount of components are interconnected within a single car. This results in specialized and often proprietary car protocols...
Important: Red Hat Security Advisory: git security update
An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
CVE-2018-0417
A vulnerability in TACACS authentication with Cisco Wireless LAN Controller WLC Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific...
Siemens SIMATIC S7-1200 CPU Family Version 4
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC S7-1200 CPU Family Version 4 Vulnerability: Cross-Site Request Forgery CSRF 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a CSRF attack if an unsuspecting user is...
GE iFix
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: Gigasoft component of iFix Vulnerability: Unsafe ActiveX Control Marked Safe For Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a buffer...
Debian DSA-4311-1 : git - security update
joernchen of Phenoelit discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability via a specially crafted .gitmodules file in a project cloned with --recurse-submodules. C Tenable Network Security, Inc. The descriptive text an...
Fuji Electric Alpha5 Smart Loader (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Fuji Electric Equipment: Alpha5 Smart Loader Vulnerabilities: Classic Buffer Overflow, Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Functional Tester (CVE-2018-2633, CVE-2018-2634, CVE-2018-2603, CVE-2018-2602, CVE-2018-2579)
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and 8 that is used by Rational Functional Tester. These issues were disclosed as part of the IBM Java SDK updates in January 2018. Vulnerability Details If you run your own Java code using the IBM Java...
Ecava IntegraXor Directory Traversal
Overview This advisory is a follow-up to ICS-ALERT-10-355-01 - Ecava IntegraXor Directory Traversal, published on the ICS-CERT Web page on December 21, 2010. ICS-CERT has become aware of a directory traversal vulnerability in the Ecava IntegraXor Human-Machine Interface HMI product that could all...
ABB NETCADOPS HELP SYSTEM VULNERABILITY
Overview A cross-site scriptinghttp://www.owasp.org/index.php/Cross-siteScriptingXSS vulnerability exists in the system used by the ABB Electrical Distribution Management System DMS product netCADOPS to generate online Help. Affected Products All releases of the ABB netCADOPS product. The ABB...
Beijer Electronics ADP and H-Designer Buffer Overflow Vulnerability
Overview This advisory provides details about a buffer overflow vulnerability in multiple Beijer Electronics ADP and H-designer products. Independent researcher Kuang-Chun Hung of Information and Communication Security Technology Center ICST has identified a buffer overflow vulnerability in Beije...
High-Severity Flaws Patched in Schneider Electric Products
Schneider Electric has released fixes for a slew of vulnerabilities that can be exploited remotely in two of its industrial control system products. The two flaws, which exist in Schneider Electric’s power management system, PowerLogic PM5560, and its programmable logic controller, Modicon M221,...
Schneider Electric Modicon M221
1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Modicon M221 Vulnerabilities: Information Management Errors, Permissions, Privileges, and Access Controls 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow...