19 matches found
EUVD-2023-34207
Malicious code in bioql PyPI...
Rockwell Automation Enhanced HIM Cross-Site Request Forgery Vulnerability
The Rockwell Automation Enhanced HIM is an advanced human interface module from Rockwell Automation. It is a device used to interact with Rockwell Automation control systems, providing a more intuitive and convenient interface for operation and monitoring. A cross-site request forgery vulnerabili...
CVE-2023-2746
The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing CORS settings and, as a result, is vulnerable to a Cross Site Request Forgery CSRF attack. To exploit this vulnerability, a...
CVE-2023-2746
The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing CORS settings and, as a result, is vulnerable to a Cross Site Request Forgery CSRF attack. To exploit this vulnerability, a...
Cross site request forgery (csrf)
The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing CORS settings and, as a result, is vulnerable to a Cross Site Request Forgery CSRF attack. To exploit this vulnerability, a...
CVE-2023-2746 Rockwell Automation Enhanced HIM Vulnerable to Cross-Site Request Forgery Attack
The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing CORS settings and, as a result, is vulnerable to a Cross Site Request Forgery CSRF attack. To exploit this vulnerability, a...
CVE-2023-2746
Rockwell Automation Enhanced HIM is affected by CSRF due to an API that is not sufficiently protected and incorrect CORS settings. Exploitation could lead to sensitive information disclosure and full remote access to affected products. Judgment from multiple sources (ICS advisory ICSA-23-192-01, ...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on July 11, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-192-01 Rockwell Automation Enhanced HIM ICSA-23-192-02 Sensormatic Electronics iSTAR...
PT-2023-4080 · Rockwell Automation · Rockwell Automation Enhanced Him
Name of the Vulnerable Software and Affected Versions: Rockwell Automation Enhanced HIM affected versions not specified Description: The issue is related to the implementation of the application programming interface in the Rockwell Automation Enhanced HIM software, which is vulnerable to Cross...
Rockwell Automation Enhanced HIM 跨站请求伪造漏洞
The Rockwell Automation Enhanced HIM is an advanced human interface module from Rockwell Automation. It is a device used to interact with Rockwell Automation control systems, providing a more intuitive and convenient interface for operation and monitoring. A cross-site request forgery vulnerabili...
Rockwell Automation Enhanced HIM
1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Enhanced HIM Vulnerability: Cross-site Request Forgery 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to sensitive information disclosure and...
Rockwell Products Impacted by Chromium Type Confusion
1. EXECUTIVE SUMMARY CVSS v3 4.0 ATTENTION: Low attack complexity/public exploits are available Vendor: Rockwell Automation Equipment: FactoryTalk Software, Enhanced HIM for PowerFlex, Connected Components Workbench Vulnerability: Type Confusion 2. RISK EVALUATION Successful exploitation of this...
Unauthorized Access Vulnerability in HIM Basic Platform Management System of Beijing Zhongchuang Vision Technology Co., Ltd (CNVD-2021-56793)
Ltd. is a high-tech company specializing in the research and development of video conference system hardware and software. An unauthorized access vulnerability exists in the management system of the HIM infrastructure platform of Beijing CCTV Technology Co. Ltd, which can be exploited by attacker...
Weak Password Vulnerability in HIM Basic Platform Management System of Beijing Zhongchuang Vision Technology Co.
Ltd. is a company specializing in the research and development of video conference system hardware and software. A weak password vulnerability exists in the management system of the HIM base platform of Beijing Zhongchuang Vision Technology Co. Ltd, which can be exploited by attackers to obtain...
Catalog Traversal Vulnerability in HIM Basic Management Platform of Beijing Zhongchuang Vision Technology Co.
Ltd. is a high-tech company specializing in the research and development of video conference system hardware and software. There is a directory traversal vulnerability in the HIM base management platform of Beijing CCTV Technology Co., Ltd. that can be exploited by an attacker to traverse any...
The Furious Hunt for the MAGA Bomber
Scarred by trauma and devoted to Trump, a man began mailing explosives to the president’s critics on the eve of an election. Inside the race to catch him...
Physician, protect thyself: An ounce of prevention is worth a pound of cure
In part one of our Physician, protect thyself series, we recognized significant security problems within the healthcare industry that need addressing. Health organizations moving from the paper to the 'puter—a shift meant to improve care and overall patient experience—inadvertently introduced...
him-bv.nl XSS vulnerability
Open Bug Bounty ID: OBB-186730 Description| Value ---|--- Affected Website:| him-bv.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Nicolas Sarkozy's official Elysee Palace website Hacked for 'Get Him Out' Game
Nicolas Sarkozy 's official Elysee Palace website Hacked for 'Get Him Out ' Game Hackers have attacked Nicolas Sarkozy's official Elysee Palace website to create a game video game called 'Get Him Out '. Under the formal banner introducing the site, a cartoon image of the French president was...