Trane HVAC Systems Controls Improper Neutralization of Input During Web Page Generation (CVE-2021-42534)

The affected product's web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Trane HVAC Systems Controls

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Trane Equipment: Building Automation Controllers Tracer SC Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to redirect a user...

Siemens Patches Insufficient Entropy Vulnerability in ICS Systems

German industrial giant Siemens has provided a firmware update addressing vulnerabilities that are found in a popular line of its Desigo PX industrial control hardware used in controlling primarily HVAC systems in commercial buildings . On Wednesday, Siemens, in coordination with ICS-CERT, issued...

Researcher Hacks Google Office Management System

Industrial control minded researchers from the security firm Cylance launched a custom exploit against a building management system deployed at Google’s Sydney, Australia office, gaining access to a configuration file containing device administration passwords that could be used to gain complete...