PHOENIX CONTACT RAD-80211-XD

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Phoenix Contact Equipment: RAD-80211-XD Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute system level commands...

ABB IP Gateway

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: IP Gateway Vulnerabilities: Improper Authentication, Cross-site Request Forgery, Unprotected Storage of Credentials 2. RISK EVALUATION Successful exploitation of these...

Ctek, Inc. SkyRouter

CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Ctek, Inc. Equipment: SkyRouter Vulnerability: Improper Authentication AFFECTED PRODUCTS The following versions of SkyRouter, a wireless and automation solution, are affected: SkyRouter Series 4200 and 4400 all versio...

Newport XPS-Cx, XPS-Qx

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Newport Equipment: XPS-Cx, XPS-Qx Vulnerability: Improper Authentication AFFECTED PRODUCTS The following versions of XPS-Cx and XPS-Qx, a universal motion controller, are affected: XPS-Cx all versions, and XPS-Qx all...

Detcon SiteWatch Gateway

CVSS v3 9.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Detcon Equipment: SiteWatch Gateway Vulnerabilities: Improper Authentication, Plaintext Storage of a Password AFFECTED PRODUCTS The following versions of Detcon SiteWatch Gateway, an Ethernet Notification System, are...

Trane Tracer SC Sensitive Information Exposure Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified an information exposure vulnerability in Trane U.S. Inc.’s Tracer SC field panel. Trane U.S. Inc. has produced an update to mitigate this vulnerability. Maxim Rupp has tested the update to validate that it resolves the vulnerability. This...

Rexroth Bosch BLADEcontrol-WebVIS Vulnerabilities

OVERVIEW Independent researcher Maxim Rupp has identified a SQL injection vulnerability and a cross-site scripting vulnerability in the Rexroth Bosch BLADEcontrol-WebVIS. Rexroth Bosch has produced a new version to mitigate these vulnerabilities. These vulnerabilities could be exploited remotely...

Chiyu Technology fingerprint access control contains multiple vulnerabilities

Overview Multiple models of Chiyu Technology fingerprint access control devices contain a cross-site scripting XSS vulnerability and an authentication bypass vulnerability. Description CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS- CVE-2015-2870According to t...

Plaintext Credentials Threaten RLE Wind Turbine HMI

A week after disclosing a cross-site request forgery vulnerability in small wind turbines manufactured by a company called XZERES, a security researcher has discovered a serious bug in the human-machine interface for turbines made by German company RLE International GmbH. Researcher Maxim Rupp...