EUVD-2026-32001

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient...

EUVD-2026-31998

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g.,...

PT-2026-5910

GreyNoise сообщает о детектировании скоординированной разведывательной кампании, нацеленной на инфраструктуру Citrix NetScaler, в которой задействовались десятки тысяч резидентных прокси-серверов для выявления панелей авторизации. Активность наблюдалась в период с 28 января по 2 февраля и также...

EUVD-2020-10673

Malware in sbrugna...

EUVD-2007-3663

Malware in sbrugna...

EUVD-2019-7837

Malware in sbrugna...

EUVD-2020-10676

Malware in sbrugna...

NetScaler-13.1-EPA scan failed with "Error while parsing client security configuration"

EPA scan failed with "Error while parsing client security configuration" in EPA log. ---------------------------- 2025-02-19 09:03:50.706 | 21708 | DEBUG | D | PRE AUTH EPA | token: |^M 2025-02-19 09:03:50.706 | 21708 | DEBUG | D | PRE AUTH EPA | Policy MACADDRanyofF8BXXXXXX28A returned 2004 |^M...

CVE-2020-18759

An information disclosure vulnerability exists in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100...

CVE-2020-18756

An arbitrary memory access vulnerability in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to read the contents of any variable area...

CVE-2019-17446

An issue was discovered in Eracent EPA Agent through 10.2.26. The agent executable, when installed for non-root operations scanning, can be used to start external programs with elevated permissions because of an Untrusted Search Path...

EPA Client Removed When Workspace App is Upgraded from 2402 to 2402 CU1

Endpoints have Workspace app 2402 installed along with EPA Client Endpoints have been upgraded to Workspace app 2402 CU1 After upgrade, the EPA client has been removed...

Cybersecurity Flaws in US Drinking Water Systems Put 26 Million at Risk

The U.S. Environmental Protection Agency EPA Report Exposes Cybersecurity Risks in US Water Systems: Vulnerabilities in Critical Drinking…...

[NetScaler-AAA] MAC address EPA scan on macOS 15 may fail

If you have EPA policies to scan Gateway clients MAC address, it may fail after end users upgrading macOS to version 15. Log says, the MAC address predefined in EPA policy cannot be found. Log sample: 2024-09-26 15:54:30 Epa Failed2024-09-26 15:54:30 Case ID : 9fc302024-09-26 15:54:30 Epa log msg...

CISA is warning us (again) about the threat to critical infrastructure networks

Government-run water systems and other critical infrastructure are still at risk from state-sponsored actors, according to a renewed warning from the U.S. Cybersecurity and Infrastructure Security Agency. CISA released an advisory last week on the matter of days after a small water treatment...

Citrix ADC - EPA Scans failing after library upgrade for CWA version check

EPA libraries from Jan 18 OPSWAT version 4.3.3906.0 failing EPA checks for CWA version. If the EPA library version is downgraded to the Nov 2023 libraries OPSWATversion 4.3.3801.0, EPA check is working as expected...

U.S. EPA Forms Task Force to Protect Water Systems from Cyberattacks

The U.S. Environmental Protection Agency EPA said it's forming a new "Water Sector Cybersecurity Task Force" to devise methods to counter the threats faced by the water sector in the country. "In addition to considering the prevalent vulnerabilities of water systems to cyberattacks and the...

How to check installed EPA library checksum on NetScaler

How to check installed EPA library checksum on NetScaler...

Expression for EPA scan to check for version Win 11

Run EPA scan to check Win 11...

EPA Won’t Force Water Utilities to Audit Their Cybersecurity

The industry pushed back: Despite the EPAs willingness to provide training and technical support to help states and public water system organizations implement cybersecurity surveys, the move garnered opposition from both GOP state attorneys and trade groups. Republican state attorneys that were...