The vulnerability of the authenticated user authentication mechanism in the Yokogawa CENTUM VP SCADA system allows a intruder to disclose the protected information.

The vulnerability of the predefined user authentication mechanism in the Yokogawa CENTUM VP SCADA system is related to deficiencies in the authentication procedures. Exploiting this vulnerability could allow an attacker, operating remotely, to disclose the protected information...

Rockwell Automation Allen-Bradley CompactLogix Reflective Cross-Site Scripting (CVE-2016-2279)

Cross-site scripting XSS vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This plugin only works with Tenable.ot. Please visit...

ABB Relion 650 and 670 Series Improper Input Validation (CVE-2019-18247)

An attacker may use a specially crafted message to force Relion 650 series versions 1.3.0.5 and prior or Relion 670 series versions 1.2.3.18, 2.0.0.11, 2.1.0.1 and prior to reboot, which could cause a denial of service. This plugin only works with Tenable.ot. Please visit...

Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Archive Enterprise Edition (CVE-2021-44228)

Summary A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect the IBM Spectrum Archive Enterprise Edition EE. The below fix package includes Apache Log4j 2.15. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache...

Security Bulletin: Log4JShell Vulnerability affects Watson Knowledge Catalog InstaScan (CVE-2021-44228)

Summary There is a vulnerability in the version of Apache Log4j that was included in Watson Knowledge Catalog InstaScan. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...

CVE-2021-42839 Grand Vice info Co. webopac7 - Arbitrary File Upload

Grand Vice info Co. webopac7 file upload function fails to filter special characters. While logging in with general user’s permission, remote attackers can upload malicious script and execute arbitrary code to control the system or interrupt services...

Schneider Electric EcoStruxure and SCADAPack

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Control Expert, EcoStruxure Process Expert, SCADAPack RemoteConnect for x70 Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could...

Advantech WebAccess/NMS

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess/NMS Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the exposure of resources or functionality and...

LCDS LAquis SCADA

1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: LCDS—Leão Consultoria e Desenvolvimento de Sistemas Ltda ME Equipment: LAquis SCADA Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an...

Logic Flaw Vulnerability in Microplants Industries Access Control Expert System

Shenzhen Weikeng Industrial Co., Ltd. is a professional manufacturer and developer of access control systems, access control equipment and access control software in China. There is a logic flaw vulnerability in Weikeng Industrial's access control expert system, which can be exploited by an...

Advantech iView

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: iView Vulnerabilities: Missing Authentication for Critical Function, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to...

Information Leakage Vulnerability in the Control System of Beijing Zhongke NetWizard Next-Generation Firewall System

Ltd. is a high-tech enterprise specializing in the research, development and sales of network information security products, providing network information security overall solutions and security services. An information leakage vulnerability exists in the control system of Beijing ZKNW Next...

Weak Password Vulnerability in Control System of ZKNW Next-Generation Firewall

Ltd. is a high-tech enterprise specializing in the research, development and sales of network information security products, providing network information security overall solutions and security services. A weak password vulnerability exists in the control system of ZKNW's next-generation firewal...

Mitigate OT security threats with these best practices

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Chris Sistrunk, Technical Manager in...

SQL Injection Vulnerability in ECS Production, Supply, and Marketing Management and Control Integration System

Ltd. is an Internet software development and system integration enterprise relying on Internet information and Internet of Things IoT technology to provide enterprises with complete smart factory solutions. A SQL injection vulnerability exists in Easys' integrated production, supply, and marketin...

Horner Automation Cscape

1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low attack complexity Vendor: Horner Automation Equipment: Cscape Vulnerabilities: Improper Input Validation, Improper Access Controls 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow code execution in the context of the...

Delta Industrial Automation COMMGR

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Delta Industrial Automation Equipment: COMMGR Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow for remote code execution or cause...

Advantech WebAccessSCADA

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess/SCADA Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

Hitachi ABB Power Grids AFS Series

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Low skill level to exploit Vendor: Hitachi ABB Power Grids Equipment: AFS Series Vulnerability: Infinite Loop 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition on one of the ports in a HSR ring...

Horner Automation Cscape

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Horner Automation Equipment: Cscape Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability may allow code execution in the context of the current process. 3. TECHNICAL...