The vulnerability of the Data Server database in the interactive graphical SCADA system, allowing a intruder to execute arbitrary code.

The vulnerability of the Data Server database in the Interactive Graphical SCADA System IGSS involves copying buffers without checking the size of the input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted messages...

The vulnerability of the Data Server database in the interactive graphical SCADA system allows a intruder to gain access to read, modify, or delete files.

The vulnerability of the Data Server database in the Interactive Graphical SCADA System IGSS is related to the absence of authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain access to read, modify, or delete files by sending specially crafted messages...

CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report

CISA is aware that Forescout researchers have released OT:ICEFALL, a report on 56 vulnerabilities caused by insecure-by-design practices in operational technology across multiple vendors. The vulnerabilities are divided into four main categories: insecure engineering protocols, weak cryptography ...

PT-2022-3160 · Emerson · Emerson Deltav Distributed Control System

Name of the Vulnerable Software and Affected Versions: Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 Description: The issue is related to the misuse of passwords and the use of hardcoded credentials in the TELNET service on port 18550, which provides...

Emerson DeltaV Distributed Control System Use of Hard-Coded Credentials (CVE-2022-29962, CVE-2022-29963, CVE-2022-29964, CVE-2022-29965, CVE-2022-30261, CVE-2022-30263, CVE-2022-30266)

The device may be vulnerable to flaws related to OT:ICEFALL. These vulnerabilities identify the insecure-by-design nature of OT devices and may not have a clear remediation path. As such, Nessus is unable to test specifically for these vulnerabilities but has identified the device to be one that...

MAL-2022-454 Malicious code in @nerv-hq/control-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 20a7e7877cb0a7188b9fdc4feb0645afa1aa7cd1998ce9a61e3c170eb714cf35 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Trellix Threat Labs Uncovers Critical Flaws in Widely Used Building Access Control System

Trellix Threat Labs Uncovers Critical Flaws in Widely Used Building Access Control System By Trellix · June 9, 2022 This story was also written by Steve Povolny and Sam Quinn. Today at the Hardwear.io Security Trainings and Conference, Trellix Threat Labs is sharing new research into...

subversion:1.14 security update

An update is available for subversion, utf8proc, libserf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Subversion SVN is a concurrent version control system...

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software lies in the improper limitation of the path name to the restricted access directory. This allows a malicious actor to load any file into any directory of the file system.

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to download any file into any directory of the file system b...

The vulnerability of the SCADA system “SKADA-NEV” is related to insufficient restrictions on authentication attempts, allowing a intruder to gain access to the user account.

The vulnerability of the SCADA system “SKADA-NEV” is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the user account by force...

Horner Automation Cscape Csfont Out-of-Bounds Write Vulnerability (CNVD-2022-64133)

Horner Automation Cscape is a programming software for industrial control system development from Horner Automation, Inc. An out-of-bounds write vulnerability exists in Horner Automation Cscape Csfont, which can be exploited by attackers to execute arbitrary code...

Horner Automation Cscape Csfont Out-of-Bounds Reading Vulnerability

Horner Automation Cscape is a programming software for industrial control system development from Horner Automation, Inc. An out-of-bounds read vulnerability exists in Horner Automation Cscape Csfont, which can be exploited by attackers to execute arbitrary code...

Horner Automation Cscape Csfont Out-of-Bounds Writing Vulnerability

Horner Automation Cscape is a programming software for industrial control system development from Horner Automation, Inc. An out-of-bounds write vulnerability exists in Horner Automation Cscape Csfont, which can be exploited by attackers to execute arbitrary code...

Horner Automation Cscape Csfont Buffer Overflow Vulnerability

Horner Automation Cscape is a set of programming software for industrial control system development from Horner Automation, Inc. A buffer overflow vulnerability exists in Horner Automation Cscape Csfont, which can be exploited by attackers to execute arbitrary code...

vulhub

This repository is an offensive tool for web application security training and testing. It is a collection of vulnerable web applications and tools for testing and training purposes. The repository contains a variety of vulnerable applications, including web servers, databases, and other web-base...

Keysight N6854A Geolocation server and N6841A RF Sensor software

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Keysight Technologies, Inc. Equipment: N6854A Geolocation server and N6841A RF Sensor software Vulnerabilities: Relative Path Traversal, Deserialization of Untrusted Data 2. RISK EVALUATION Successful...

subversion security update

An update is available for subversion. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Subversion SVN is a concurrent version control system which enables one or...

CVE-2021-33021

xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘edate’ of the resource xhisalarm.htm, which may allow an unauthorized attacker to execute arbitrary code...

Important: Red Hat Security Advisory: subversion:1.10 security update

An update for the subversion:1.10 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

Siemens Desigo PXC and DXR Devices have unspecified vulnerabilities

Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA Total Room Automation applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use...