Lucene search
K

1577 matches found

CNVD
CNVD
added 2018/12/26 12:0 a.m.2 views

Code Execution Vulnerability in HOLLiAS_MACS Distributed Control System by HOLLiAS

HOLLIS Group is a professional automation company integrating R&D, production, sales and technical service. A code execution vulnerability exists in the HOLLiASMACS distributed control system of HOLLiS, which can be exploited by attackers to execute arbitrary code...

8AI score
Exploits0
CNVD
CNVD
added 2018/12/26 12:0 a.m.2 views

Information Disclosure Vulnerability in HOLLiAS_MACS Distributed Control System by HOLLiAS

HOLLIS Group is a professional automation company integrating R&D, production, sales and technical service. An information leakage vulnerability exists in the HOLLiASMACS distributed control system of HOLLiS, which can be exploited by an attacker to obtain a login password...

6.6AI score
Exploits0
CNVD
CNVD
added 2018/12/26 12:0 a.m.4 views

Permission License Access Control Vulnerability in HOLLiAS_MACS Distributed Control System by HOLLiAS

HOLLIS Group is a professional automation company integrating R&D, production, sales and technical service. A privilege permission access control vulnerability exists in the HOLLiASMACS distributed control system of HOLLiS, which can be exploited by an attacker to overwrite the original password...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2018/12/13 5:52 p.m.11 views

Secure Critical Infrastructure Top of Mind for U.S.

When it comes to cyber-threats and defense, the U.S. government says that critical infrastructure threats are a growing concern. Rob Joyce, senior advisor of cybersecurity strategy for the National Security Agency NSA, said that while attacks targeting the systems that power the manufacturing,...

0.4AI score
Exploits0References8
Fedora
Fedora
added 2018/11/28 2:46 a.m.42 views

[SECURITY] Fedora 28 Update: git-2.17.2-2.fc28

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...

9.8CVSS2.4AI score0.97356EPSS
Exploits20
ThreatPost
ThreatPost
added 2018/11/15 5:34 p.m.12 views

Managing the Risk of IT-OT Convergence

A few years ago, it wasn’t easy getting executives on board with the concept of operational technology OT security. Having finally come around to acknowledging the need for information technology IT security, boards and C-suite executives at industrial enterprises were then faced with the...

0.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2018/11/13 2:41 a.m.4 views

git: arbitrary code execution via .gitmodules

An option injection flaw has been discovered in git when it recursively clones a repository with sub-modules. A remote attacker may configure a malicious repository and trick a user into recursively cloning it, thus executing arbitrary commands on the victim's machine...

9.8CVSS7.5AI score0.97356EPSS
Exploits12References4
n0where
n0where
added 2018/11/08 4:24 a.m.70 views

Security Analysis Toolkit for Proprietary Car Protocols: CANalyzat0r

While car manufacturers steadily refine and advance vehicle systems, requirements of the underlying networks increase even further. Striving for smart cars, a fast-growing amount of components are interconnected within a single car. This results in specialized and often proprietary car protocols...

Exploits0References1
RedHat Linux
RedHat Linux
added 2018/10/30 5:8 p.m.371 views

Important: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

9.8CVSS7.2AI score0.97356EPSS
Exploits12References2
OSV
OSV
added 2018/10/17 10:29 p.m.3 views

CVE-2018-0417

A vulnerability in TACACS authentication with Cisco Wireless LAN Controller WLC Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific...

7.8CVSS5.9AI score0.03163EPSS
Exploits0References3
ICS
ICS
added 2018/10/09 12:0 a.m.583 views

Siemens SIMATIC S7-1200 CPU Family Version 4

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC S7-1200 CPU Family Version 4 Vulnerability: Cross-Site Request Forgery CSRF 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a CSRF attack if an unsuspecting user is...

7.3CVSS7.6AI score0.00626EPSS
Exploits0References9
ICS
ICS
added 2018/10/09 12:0 a.m.524 views

GE iFix

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: Gigasoft component of iFix Vulnerability: Unsafe ActiveX Control Marked Safe For Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a buffer...

4.8CVSS5.7AI score0.00304EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2018/10/09 12:0 a.m.38 views

Debian DSA-4311-1 : git - security update

joernchen of Phenoelit discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability via a specially crafted .gitmodules file in a project cloned with --recurse-submodules. C Tenable Network Security, Inc. The descriptive text an...

9.8CVSS7.1AI score0.97356EPSS
Exploits12References4
ICS
ICS
added 2018/09/27 12:0 a.m.513 views

Fuji Electric Alpha5 Smart Loader (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Fuji Electric Equipment: Alpha5 Smart Loader Vulnerabilities: Classic Buffer Overflow, Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a...

5.3CVSS8.1AI score0.01395EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2018/09/17 1:44 p.m.25 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Functional Tester (CVE-2018-2633, CVE-2018-2634, CVE-2018-2603, CVE-2018-2602, CVE-2018-2579)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and 8 that is used by Rational Functional Tester. These issues were disclosed as part of the IBM Java SDK updates in January 2018. Vulnerability Details If you run your own Java code using the IBM Java...

8.3CVSS1.3AI score0.06905EPSS
Exploits0Affected Software1
ICS
ICS
added 2018/09/06 12:0 p.m.23 views

Ecava IntegraXor Directory Traversal

Overview This advisory is a follow-up to ICS-ALERT-10-355-01 - Ecava IntegraXor Directory Traversal, published on the ICS-CERT Web page on December 21, 2010. ICS-CERT has become aware of a directory traversal vulnerability in the Ecava IntegraXor Human-Machine Interface HMI product that could all...

7.3AI score
Exploits0References19
ICS
ICS
added 2018/09/06 12:0 p.m.73 views

ABB NETCADOPS HELP SYSTEM VULNERABILITY

Overview A cross-site scriptinghttp://www.owasp.org/index.php/Cross-siteScriptingXSS vulnerability exists in the system used by the ABB Electrical Distribution Management System DMS product netCADOPS to generate online Help. Affected Products All releases of the ABB netCADOPS product. The ABB...

7AI score
Exploits0References17
ICS
ICS
added 2018/09/05 12:0 p.m.52 views

Beijer Electronics ADP and H-Designer Buffer Overflow Vulnerability

Overview This advisory provides details about a buffer overflow vulnerability in multiple Beijer Electronics ADP and H-designer products. Independent researcher Kuang-Chun Hung of Information and Communication Security Technology Center ICST has identified a buffer overflow vulnerability in Beije...

8.6AI score
Exploits0References17
ThreatPost
ThreatPost
added 2018/08/29 5:55 p.m.25 views

High-Severity Flaws Patched in Schneider Electric Products

Schneider Electric has released fixes for a slew of vulnerabilities that can be exploited remotely in two of its industrial control system products. The two flaws, which exist in Schneider Electric’s power management system, PowerLogic PM5560, and its programmable logic controller, Modicon M221,...

7.5CVSS2.2AI score0.02478EPSS
Exploits0References4
ICS
ICS
added 2018/08/28 12:0 a.m.164 views

Schneider Electric Modicon M221

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Modicon M221 Vulnerabilities: Information Management Errors, Permissions, Privileges, and Access Controls 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow...

9.8CVSS9.4AI score0.02478EPSS
Exploits0References5
Rows per page
Query Builder