Memory Corruption Vulnerability in Multiple Siemens Products

Siemens SIMATIC WinCC OA Open Architecture is a SCADA system from Siemens, Germany, and a component of the HMI series. The system is mainly used in industries such as rail transportation, building automation and public power supply.Information Server is used to report and visualize process data...

A Hands-On Introduction to Mandiant's Approach to OT Red Teaming

Operational technology OT asset owners have historically considered red teaming of OT and industrial control system ICS networks to be too risky due to the potential for disruptions or adverse impact to production systems. While this mindset has remained largely unchanged for years, Mandiant's...

Advantech iView

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: iView Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read/modify information, execute arbitrary code,...

The vulnerability of the Information Manager component of the distributed ABB System 800xA control system allows a intruder to execute arbitrary code.

The vulnerability of the Information Manager component in the distributed control system ABB System 800xA exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary codes remotely...

Security Bulletin: vulnerabilities in in IBM® Runtime Environment Java™ Version 8 affect IBM WIoTP MessageGateway (CVE-2020-2805, CVE-2020-2803, CVE-2020-2781, CVE-2020-2755, CVE-2020-2754)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 that affect IBM WIoTP MessageGateway Vulnerability Details CVEID: CVE-2020-2805 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated...

Debian DLA-2293-1 : mercurial security update

Several vulnerabilities were discovered in mercurial, an easy-to-use, scalable distributed version control system. CVE-2017-17458 In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a...

Directory Traversal Vulnerability in Intelligent Meter Collective Reading Management System of Qingdao Automation Instrumentation Co.

Intelligent meter cluster management system is an industrial control management system that controls statistics and manages some of the data in the energy industry. There is a directory traversal vulnerability in the Intelligent Meter Management System of Qingdao Automation Instrumentation Co.,...

ABB IRC5 FTP server Access Control Error Vulnerability

The ABB IRC5 is a robot control system. An Access Control Error vulnerability exists in the ABB IRC5 FTP server, which can be exploited by a remote attacker to submit a specially crafted request for unauthorized access to the system...

ABB IRC5 Trust Management Issue Vulnerability

The ABB IRC5 is a robot control system. ABB IRC5 suffers from a trust management issue vulnerability that can be exploited by a remote attacker to submit a special request for unauthorized access to the system...

SAP Disclosure Management Code Issue Vulnerability (CNVD-2020-40777)

SAP Disclosure Management is an automated financial disclosure management system from SAP. The system provides a collaborative financial disclosure process across teams, geographies, systems and data sources. A code issue vulnerability exists in SAP Disclosure Management, which could be exploited...

SAP Disclosure Management Code Issue Vulnerability

SAP Disclosure Management is an automated financial disclosure management system from SAP. The system provides a collaborative financial disclosure process across teams, geographies, systems and data sources. A code issue vulnerability exists in SAP Disclosure Management. An attacker could exploi...

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

Unspecified Vulnerability in GitLab (CNVD-2021-19404)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in the mirroring logic in...

The vulnerability of the SCADA platform for remote oil and gas applications from Emerson’s OpenEnterprise, related to the improper implementation of authentication mechanisms, allows attackers to trigger a service failure.

The vulnerability of the SCADA platform for remote oil and gas applications from Emerson’s OpenEnterprise platform is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

GitLab Input Validation Error Vulnerability (CNVD-2021-31224)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An input validation error vulnerability exists in GitLab...

Advantech WebAccess Node

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess Node Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the application being accessed; a buffer...

SWARCO CPU LS4000

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: SWARCO TRAFFIC SYSTEMS Equipment: CPU LS4000 Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow access to the device and disturb...

The vulnerability of the ClientConnection::ReadString function in the VNC client component of the UltraVNC software, which is part of the monitoring, control, and remote maintenance module for commercial cold production equipment of TelevisGo, allows a perpetrator to execute arbitrary code.

The vulnerability of the ClientConnection::ReadString function in the VNC component of the UltraVNC software for remote desktop management systems, which is part of the monitoring, control, and remote maintenance module for commercial cold production equipment like TelevisGo, is related to a...

SQL Injection Vulnerability in Haiwell's Cloud SCADA Cloud Configuration Software

Haiwell Haiwell cloud configuration software Cloud SCADA is an industrial automation monitoring and management platform software developed by Xiamen Haiwell Technology Co. A SQL injection vulnerability exists in Haiwell Cloud SCADA, which can be exploited by an attacker to obtain sensitive...

CloudBees Jenkins CVS Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . CVS Plugin is used in one of the CVS...