Emerson Ovation

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Emerson Equipment : Ovation Vulnerabilities : Missing Authentication for Critical Function, Insufficient Verification of Data Authenticity CISA is aware of a public report, known as...

Schneider Electric PowerLogic ION7400 / PM8000 / ION8650 / ION8800 / ION9000 Power Meters

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: PowerLogic ION7400 / PM8000 / ION8650 / ION8800 / ION9000 Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this...

Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers Vulnerabilities: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION...

Schneider Electric EcoStruxure Control Expert, Process Expert, Modicon M340, M580 and M580 CPU (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: EcoStruxure Control Expert, EcoStruxure Process Expert, Modicon M340 CPU, Modicon M580 CPU, Modicon Momentum Unity M1E Processor, Modicon MC80 Vulnerability: Authentication Bypass by...

Honeywell Experion LX

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: Experion LX Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report known as “OT:ICEFALL” that details vulnerabilities found in multiple...

Honeywell ControlEdge

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: ControlEdge Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report known as “OT:ICEFALL” that details vulnerabilities found in multiple...

Honeywell Safety Manager

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: Safety Manager 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow for configuration and firmware manipulation or remote code execution. 3. TECHNICAL...

Honeywell Saia Burgess PG5 PCD

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable on adjacent network/low attack complexity Vendor: Honeywell Equipment: Saia Burgess PG5 PCD Vulnerabilities: Authentication Bypass, Use of a Broken or Risky Cryptographic Algorithm CISA is aware of a public report known as “OT:ICEFALL” that...

Bently Nevada ADAPT 3701/4X Series and 60M100

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Bently Nevada Equipment: 3701/4X series and 60M100 3701/60 Condition Monitoring System Vulnerabilities: Use of Hard-coded Credentials, Missing Authentication for Critical Function CISA is aware of a...

Motorola Solutions MOSCAD IP and ACE IP Gateways

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Motorola Solutions Equipment: MOSCAD IP Gateway and ACE IP Gateway Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in...

JTEKT TOYOPUC

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely Vendor: JTEKT Equipment: TOYOPUC Products Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in multiple operational technology OT...

Phoenix Contact ProConOS and MULTIPROG

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Phoenix Contact Equipment: ProConOS/ProConOS eCLR and MULTIPROG Vulnerability: Insufficient Verification of Data Authenticity CISA is aware of a public report, known as “OT:ICEFALL” that details...

ForeScout Technologies: DOM XSS at www.forescout.com in Microsoft Edge and IE Browser

Summary: I've found an DOM Based XSS on homepage Steps To Reproduce: 1.Go to this url and you'll see alert pop https://www.forescout.com/ But this will work just on ME/IE browsers because chrome and firefox have default encode system hash url And vulnerable code is on your directly source code...

ForeScout Technologies: HTML Injection & Content Spoofing

Summary: The Main Search Box of the site "www.forescout.com" is Vulnerable for HTML Injection & Content Spoofing Steps To Reproduce: 1. Visit example link 2. in The Search Box enter HTML Code test 3. in the Result Page, the HTML code Will be render Impact 1. enter the Next Code In The Search Box...