Weak Password Vulnerability in Tian Yue's O&M Security Gateway (CNVD-2021-58618)

Tian Yue O&M Security Gateway Cloud Fortress Machine is a compliance control system for controlling and auditing user O&M operations in business environment. There is a weak password vulnerability in Tian Yue Operations and Maintenance Security Gateway, which can be exploited by attackers to obta...

Logic Flaw Vulnerability in Microplants Industries Access Control Expert System

Shenzhen Weikeng Industrial Co., Ltd. is a professional manufacturer and developer of access control systems, access control equipment and access control software in China. There is a logic flaw vulnerability in Weikeng Industrial's access control expert system, which can be exploited by an...

Weak password vulnerability in ECMS

Changzhou Ruixin Technology is a manufacturer specializing in remote meter reading, energy consumption monitoring and energy control system construction. There is a weak password vulnerability in ECMS, which can be exploited by attackers to obtain sensitive information...

Gitlab Access Control Error Vulnerability (CNVD-2021-40764)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An access control error vulnerability exists in Gitlab th...

Command Execution Vulnerability in the Control System of Next-Generation Firewall of Shenzhen Zhongke NetWizard Technology Co. Ltd (CNVD-2021-44000)

ZKNETWORTH's next-generation firewall control system products are based on L2-7 layer access application control, integrating firewall, IPS intrusion detection, DDoS/DOS protection, AV virus protection; realizing comprehensive security protection for intranet, and providing security firewall...

IGSS Definition 缓冲区错误漏洞

The Schneider Electric Interactive Graphical SCADA System IGSS is an advanced SCADA system for monitoring and controlling industrial processes. A security vulnerability exists in the Definition module of Interactive Graphical SCADA System IGSS versions 15.0.0.21140 and earlier. The vulnerability...

Johnson Controls Metasys

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: Metasys Servers, Engines, and Tools Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could give an authenticated...

Advantech iView

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: iView Vulnerabilities: Missing Authentication for Critical Function, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to...

Understanding the threat landscape and risks of OT environments

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Chris Sistrunk, Technical Manager in...

A New Bug in Siemens PLCs Could Let Hackers Run Malicious Code Remotely

Siemens on Friday shipped firmware updates to address a severe vulnerability in SIMATIC S7-1200 and S7-1500 programmable logic controllers PLCs that could be exploited by a malicious actor to remotely gain access to protected areas of the memory and achieve unrestricted and undetected code...

Information Leakage Vulnerability in the Control System of Beijing Zhongke NetWizard Next-Generation Firewall System

Ltd. is a high-tech enterprise specializing in the research, development and sales of network information security products, providing network information security overall solutions and security services. An information leakage vulnerability exists in the control system of Beijing ZKNW Next...

Weak Password Vulnerability in Control System of ZKNW Next-Generation Firewall

Ltd. is a high-tech enterprise specializing in the research, development and sales of network information security products, providing network information security overall solutions and security services. A weak password vulnerability exists in the control system of ZKNW's next-generation firewal...

Weak Password Vulnerability in ZKNW Security Control System

Ltd. is a national high-tech enterprise, double soft enterprise; the earliest domestic VPN R & D manufacturers, professional network security products R & D manufacturers Weak password vulnerability exists in the security control system of ZKNW, which can be exploited by attackers to obtain...

Weak Password Vulnerability in Next-Generation Firewall Control System of Beijing Zhongke NetWizard Information Technology Co.

Ltd. is the predecessor of the Chinese Academy of Sciences in 1996 established the "Network Security Studio", is China's earlier engaged in the development of independently controllable network security products and technology enterprises. A weak password vulnerability exists in the control syste...

Mitigate OT security threats with these best practices

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Chris Sistrunk, Technical Manager in...

ALEA-2021:1813 new module: subversion:1.14

Subversion SVN is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. This enhancement update adds the subversion:1.14 module to AlmaLinux BZ1844947 For detail...

new module: subversion:1.14

Subversion SVN is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. This enhancement update adds the subversion:1.14 module to AlmaLinux BZ1844947 For detail...

JetBrains WebStrom Local Code Execution Vulnerability

JetBrains WebStorm is a JavaScript integrated development environment from Czech software development company JetBrains. versions prior to JetBrains WebStorm 2021.1 have a local code execution vulnerability that could be exploited by an attacker to make WebStrom execute local code when pulling co...

SQL Injection Vulnerability in ECS Production, Supply, and Marketing Management and Control Integration System

Ltd. is an Internet software development and system integration enterprise relying on Internet information and Internet of Things IoT technology to provide enterprises with complete smart factory solutions. A SQL injection vulnerability exists in Easys' integrated production, supply, and marketin...

CVE-2020-21999

iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script...