Lucene search
+L

6885 matches found

Huawei
Huawei
added 2014/04/23 12:0 a.m.25 views

Security Advisory-Improper Input Validation Vulnerability on Multiple Quidway Switch Products

Reported by the internal R&D engineers, several switch products does not validate the input properly. This vulnerability enables attacker to launch DoS attack by crafting and sending malformed packet to these vulnerable products Vulnerability ID: HWPSIRT-2014-0301. This Vulnerability has been...

7.8CVSS7.6AI score0.00924EPSS
Exploits0Affected Software7
ICS
ICS
added 2013/12/22 7:0 a.m.56 views

Siemens WinCC TIA Portal Vulnerabilities

Overview This advisory provides mitigation details for a vulnerability that impacts the Siemens WinCC TIA Totally Integrated Automation Portal HMI. Researchers Billy Rios and Terry McCorkle of Cylance; Gleb Gritsai, Sergey Bobrov, Roman Ilin, Artem Chaykin, Timur Yunusov, and Ilya Karpov from...

4.6CVSS6.4AI score0.02328EPSS
Exploits0References10
ICS
ICS
added 2013/12/10 7:0 a.m.49 views

Invensys Wonderware Win-XML Exporter Improper Input Validation Vulnerability

Overview This advisory was originally posted to the US-CERT secure Portal library on March 08, 2013, and is now being released to the ICS-CERT Web page. This advisory provides mitigation details for a vulnerability that impacts the Invensys Wonderware Win-XML Exporter. Researchers Timur Yunusov,...

9.3CVSS6.6AI score0.02078EPSS
Exploits0References10
ICS
ICS
added 2013/09/14 6:0 a.m.29 views

Cooper Power Systems Improper Input Validation Vulnerability

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the Cooper Power Systems SMP Gateway DNP3 protocol components. Cooper Power Systems has produced a new firmware version that mitigates this vulnerability. Coope...

6.2AI score
Exploits0References10
ICS
ICS
added 2013/09/05 6:0 a.m.36 views

Elecsys Director Gateway Improper Input Validation Vulnerability

OVERVIEW Adam Crain of Automatak and independent researchers Chris Sistrunk and Adam Todorski have identified an improper input validation in the Elecsys Director Gateway application. Elecsys has produced a patch that mitigates this vulnerability. Adam Todorski has tested the patch to validate th...

4.3CVSS6.6AI score0.01164EPSS
Exploits0References10
ICS
ICS
added 2013/07/27 6:0 a.m.34 views

GE Proficy DNP3 Improper Input Validation

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on October 24, 2013, and is now being released to the NCCIC/ICS-CERT Web site. General Electric GE Intelligent Platforms reported to NCCIC/ICS-CERT an improper input validation vulnerability in the DNP3 driver used...

6.1AI score
Exploits0References10
CERT
CERT
added 2013/07/26 12:0 a.m.25 views

TrustGo Antivirus & Mobile Security contains a denial-of-service vulnerability

Overview TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 contain a denial-of-service CWE-20 vulnerability. Description CWE-20:Improper Input Validation- CVE-2013-3580TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 crash if an intent is sent to...

4.3CVSS6.1AI score0.01273EPSS
Exploits0References2
ICS
ICS
added 2013/07/12 6:0 a.m.41 views

Alstom e-Terracontrol DNP3 Master Improper Input Validation (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-13-282-01, Alstom e‑terra control DNP3 Master Improper Input Validation, which was posted to the NCCIC/ICS‑CERT Web site October 09, 2013. Adam Crain of Automatak and independent researcher Chris Sistrunk have...

6.2AI score
Exploits0References10
ICS
ICS
added 2013/07/06 6:0 a.m.35 views

Invensys Wonderware InTouch Improper Input Validation Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on October 03, 2013, and is now being released to the NCCIC/ICS-CERT-Web page. This advisory provides mitigation details for a vulnerability that impacts the Invensys Wonderware InTouch application. Independent...

6.9CVSS6.4AI score0.00628EPSS
Exploits0References10
Mageia
Mageia
added 2013/07/01 7:9 p.m.25 views

Updated fail2ban packages fix CVE-2013-2178

Krzysztof Katowicz-Kowalewski discovered a vulnerability in Fail2ban, a log monitoring and system which can act on attack by preventing hosts to connect to specified services using the local firewall. When using Fail2ban to monitor Apache logs, improper input validation in log parsing could enabl...

5CVSS3.6AI score0.01763EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/06/17 12:0 a.m.30 views

Debian DSA-2708-1 : fail2ban - denial of service

Krzysztof Katowicz-Kowalewski discovered a vulnerability in Fail2ban, a log monitoring and system which can act on attack by preventing hosts to connect to specified services using the local firewall. When using Fail2ban to monitor Apache logs, improper input validation in log parsing could enabl...

5CVSS5.4AI score0.01763EPSS
Exploits0References4
ICS
ICS
added 2013/06/12 6:0 a.m.36 views

SUBNET Solutions Inc. SubSTATION Server DNP3 Outstation Improper Input Validation

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation in the SUBNET Solutions Inc. SubSTATION Server software application. SUBNET Solutions Inc. has produced a new version that mitigates this vulnerability. SUBNET Solutions Inc. ha...

4.3CVSS6.5AI score0.01164EPSS
Exploits0References10
0day.today
0day.today
added 2013/06/10 12:0 a.m.37 views

ZPanel 10.0.0.2 Remote Command Execution Vulnerability

ZPanel version 10.0.0.2 suffers from a remote root command execution vulnerability. One of our expert team members email protected who is assigned to do the security audit of ZPanel code has found the follwoing security vulnerability with ZPanel 10.0.0.2 which will allow anyone to escalate the ro...

7.3AI score
Exploits0
ICS
ICS
added 2013/05/25 6:0 a.m.35 views

Top Server OPC Improper Input Validation Vulnerability

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the Software Toolbox TOP Server DNP Master OPC product. Software Toolbox has produced a new version that mitigates this vulnerability. The researchers have test...

7.1CVSS6.2AI score0.0126EPSS
Exploits0References10
ICS
ICS
added 2013/05/10 6:0 a.m.44 views

Schweitzer Engineering Laboratories Improper Input Validation

Overview Adam Crain of Automatak and independent researcher Chris Sistrunk have identified improper DNP3 input validation in Schweitzer Engineering Laboratories’ real-time automation controllers RTAC. Schweitzer Engineering Laboratories SEL has produced updated firmware that mitigates this...

6.1AI score
Exploits0References10
OpenVAS
OpenVAS
added 2013/05/09 12:0 a.m.20 views

WeBid Local File Disclosure and SQL Injection Vulnerabilities

WeBid is prone to file disclosure and SQL Injection vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.4AI score
Exploits0References3
ICS
ICS
added 2013/05/04 6:0 a.m.36 views

MatrikonOPC SCADA DNP3 Master Station Improper Input Validation

OVERVIEW This updated advisory was originally posted to the US-CERT secure Portal library on August 02, 2013, and is now being released to the ICS-CERT Web page. Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in...

7.1CVSS6.3AI score0.0126EPSS
Exploits0References10
ICS
ICS
added 2013/05/04 6:0 a.m.35 views

IOServer Master Station Improper Input Validation

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the IOServer DNP3 Driver on the master station. IOServer has produced a new version that mitigates this vulnerability. The researchers have tested the new versi...

7.8CVSS6.7AI score0.01477EPSS
Exploits0References10
ICS
ICS
added 2013/03/22 6:0 a.m.51 views

GE Proficy HMI/SCADA CIMPLICITY WebView Improper Input Validation

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on June 19, 2013, and is now being released to the ICS-CERT-Web page. Independent researchers ZombiE and amisto0x07 have identified an improper input validation vulnerability in the GE CIMPLICITY WebView application...

9.3CVSS7.5AI score0.03769EPSS
Exploits0References10
ICS
ICS
added 2013/01/28 7:0 a.m.33 views

Galil RIO-47100 Improper Input Validation

Overview This advisory provides mitigation details for a vulnerability affecting the Galil RIO-47100 “Pocket PLC.” Researcher Jon Christmas of Solera Networks has identified an improper validation vulnerability in the Galil RIO-47100 PLC, which can result in a loss of availability. Galil has...

7.1CVSS6.3AI score0.02793EPSS
Exploits6References10
Rows per page
Query Builder