Lucene search
K

2888 matches found

CISA
CISA
added 2023/07/20 12:0 p.m.10 views

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems ICS advisory on July 20, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-201-01 Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation...

7AI score
Exploits0References1
Samba
Samba
added 2023/07/19 12:0 a.m.41 views

SMB2 packet signing not enforced

Description SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. SMB2 packet signing is a mechanism that ensures the integrity and authenticity of data exchanged between a clien...

5.9CVSS6.4AI score0.0039EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/07/19 12:0 a.m.8 views

PT-2023-8786 · Samba +8 · Samba +8

Name of the Vulnerable Software and Affected Versions: Samba affected versions not specified Description: A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domai...

9.8CVSS7AI score0.62606EPSS
Exploits5References129
OSV
OSV
added 2023/07/19 12:0 a.m.3 views

UBUNTU-CVE-2023-3347

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...

5.9CVSS6.7AI score0.0039EPSS
Exploits0References4
NCSC
NCSC
added 2023/07/18 12:0 a.m.8 views

Vulnerabilities fixed in Zyxel products

Zyxel has fixed vulnerabilities in the firmware of several USG, ATP and VPN products. An unauthenticated malicious person can exploit the vulnerabilities from the LAN side to exploit them to cause a denial-of-service, or to execute commands on the underlying operating system. As far as is known,...

8.8CVSS7.5AI score0.1014EPSS
Exploits2
Citrix
Citrix
added 2023/07/13 12:0 a.m.11 views

MS KB5014754 - Audit events found for FAS

As Per the Microsoft KB linked below, we have found audit events on our domain controllers that indicate we will be impacted when this change is enforced. We need the remediation steps, so we can implement them before we're impacted...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/07/10 12:0 a.m.4 views

The vulnerability of the microprogramming software used in STARDOM FCJ, FCN-100, FCN-RTU, and FCN-500 programmable logic controllers allows a intruder to execute arbitrary code.

The vulnerability of Yokogawa STARDOM FCJ, FCN-100, FCN-RTU, and FCN-500 controllers is related to the use of rigidly encoded account data. Exploiting this vulnerability allows a malicious actor, who has not undergone identity verification, to execute arbitrary commands...

10CVSS8.1AI score0.06939EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/07/04 12:0 a.m.6 views

The vulnerability of motion controllers and motion control systems like SIMOTION allows a intruder to disclose the protected information.

The vulnerability of SIMOTION motion controllers and motion control systems lies in the lack of protection for mission-critical data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

4.9CVSS5.7AI score0.00276EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/06/29 12:0 a.m.17 views

Schneider Electric Modicon Exposure of Sensitive Information to an Unauthorized Actor (CVE-2019-6852)

A CWE-200: Information Exposure vulnerability exists in Modicon Controllers M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions, which could cause the disclosure of FTP...

7.5CVSS7.4AI score0.01379EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/06/28 12:0 a.m.8 views

The vulnerabilities of microprogrammed logic controllers such as Modicon M580, Modicon M340, Modicon MC80, Modicon Momentum Ethernet, Modicon Quantum, Modicon Premium, and the programming software for these controllers—EcoStruxure Control Expert and EcoStruxure Process Expert—allow attackers to induce malfunctions in the equipment.

The vulnerability of microprogrammed logic controllers such as Modicon M580, Modicon M340, Modicon MC80, Modicon Momentum Ethernet, Modicon Quantum, Modicon Premium, and the programming software for these controllers—EcoStruxure Control Expert and EcoStruxure Process Expert—is related to the...

6.8CVSS7.3AI score0.00832EPSS
Exploits0References3Affected Software3
BDU FSTEC
BDU FSTEC
added 2023/06/28 12:0 a.m.8 views

The vulnerabilities of microprogrammed logic controllers such as Modicon M580, Modicon M340, Modicon MC80, Modicon Momentum Ethernet, Modicon Quantum, Modicon Premium, and the programming software for these controllers—EcoStruxure Control Expert and EcoStruxure Process Expert—allow a hacker to trigger malfunctions during maintenance operations.

The vulnerability of microprogrammed logic controllers such as Modicon M580, Modicon M340, Modicon MC80, Modicon Momentum Ethernet, Modicon Quantum, Modicon Premium, and the programming software for these controllers—EcoStruxure Control Expert and EcoStruxure Process Expert—is related to reading...

6.8CVSS7.2AI score0.00832EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/06/26 12:0 a.m.6 views

The vulnerability of microprogramming software for logic controllers used in building and facility management systems from Schneider Electric—such as spaceLYnk, Wiser for KNX (formerly homeLYnk), and FellerLYnk—is related to the lack of protective measures for the website structure. This allows attackers to execute arbitrary code.

The vulnerability of microprogramming software for logic controllers used in building and facility management by Schneider Electric, such as spaceLYnk and Wiser for KNX formerly homeLYnk and fellerLYnk, is related to the lack of measures taken to protect the website structure. Exploiting this...

9.3CVSS6.7AI score0.00604EPSS
Exploits0References3Affected Software3
Kitploit
Kitploit
added 2023/06/24 12:30 p.m.23 views

msLDAPDump - LDAP Enumeration Tool

msLDAPDump simplifies LDAP enumeration in a domain environment by wrapping the lpap3 library from Python in an easy-to-use interface. Like most of my tools, this one works best on Windows. If using Unix, the tool will not resolve hostnames that are not accessible via eth0 currently. Binding...

7.3AI score
Exploits0References4
NVD
NVD
added 2023/06/21 8:15 p.m.25 views

CVE-2023-0971

A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered...

9.6CVSS9.5AI score0.0025EPSS
Exploits0References1
CVE
CVE
added 2023/06/21 7:42 p.m.38 views

CVE-2023-0971

SiLabs Z/IP Gateway SDK 7.18.02 and earlier are affected by a logic error that allows authentication bypass, enabling remote administration of Z‑Wave controllers and recovery of S0/S2 encryption keys. The Red Hat/NVD/CVE entries corroborate this description, with no exploitation details provided ...

9.6CVSS9.2AI score0.0025EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2023/06/20 7:8 p.m.5 views

Researchers Expose New Severe Flaws in Wago and Schneider Electric OT Products

Three security vulnerabilities have been disclosed in operational technology OT products from Wago and Schneider Electric. The flaws, per Forescout, are part of a broader set of shortcomings collectively called OT:ICEFALL , which now comprises a total of 61 issues spanning 13 different vendors...

9.8CVSS7.1AI score0.0085EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/06/20 12:0 a.m.5 views

The vulnerability of the microprogramming software for Rockwell Automation’s ArmorStart ST controllers, related to deficiencies in the validation of user-input data, allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of Rockwell Automation’s ArmorStart ST engine controllers is related to deficiencies in the validation of user input data. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting XSS attacks remotely...

7.5CVSS6.8AI score0.0049EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/06/20 12:0 a.m.4 views

The vulnerability of the microprogramming software for Rockwell Automation’s ArmorStart ST controllers, related to insufficient validation of input data, allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of the microprogramming software for Rockwell Automation’s ArmorStart ST distributed controllers is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting XSS attacks remotely...

5.9CVSS5.9AI score0.0062EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/06/20 12:0 a.m.7 views

PT-2023-3435 · Wago · Wago

Name of the Vulnerable Software and Affected Versions: WAGO devices affected versions not specified Description: The issue is related to insufficient input validation in the software of WAGO programmable logic controllers, which may allow an authenticated remote attacker with high privileges to...

6.1CVSS6.8AI score0.00787EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/06/20 12:0 a.m.6 views

PT-2023-3455 · Wago · Wago 750

Name of the Vulnerable Software and Affected Versions: WAGO 750 versions affected versions not specified Description: The issue is related to insufficient input validation in the software of WAGO 750 programmable logic controllers. It may allow a remote attacker to cause a denial of service using...

6.1CVSS6.7AI score0.0085EPSS
Exploits0References5
Rows per page
Query Builder