Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit/information related to these vulnerabilities is publicly available Vendor: Hangzhou Xiongmai Technology Co., Ltd Equipment: XMeye P2P Cloud Server Vulnerabilities: Predictable From Observable State, Hidden...

Philips Alice 6 Vulnerabilities (Update B)

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Philips Equipment: Philips Alice 6 System product Vulnerabilities: Improper Authentication, Missing Encryption of Sensitive Data 2. UPDATE INFORMATION This updated...

Schneider Electric Pelco VideoXpert Missing Encryption Of Sensitive Information

Summary VideoXpert is a video management solution designed for scalability, fitting the needs surveillance operations of any size. VideoXpert Ultimate can also aggregate other VideoXpert systems, tying multiple video management systems into a single interface. Description The software transmits...

ICSMA-17-292-01_Boston Scientific ZOOM LATITUDE PRM Vulnerabilities

OVERVIEW Researchers Jonathan Butts and Billy Rios of Whitescope have identified two vulnerabilities in Boston Scientific’s ZOOM LATITUDE Programmer/Recorder/Monitor PRM – Model 3120. Boston Scientific has provided compensating controls to reduce the risk of exploitation. AFFECTED PRODUCTS The...

ICSMA-17-241-01_Abbott Laboratories ' Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI Pacemaker Vulnerabilities

OVERVIEW MedSec Holdings Ltd has identified vulnerabilities in Abbott Laboratories’ formerly St. Jude Medical pacemakers. Abbott has produced a firmware patch to help mitigate the identified vulnerabilities in their pacemakers that utilize radio frequency RF communications. A third-party security...

Schneider Electric Pelco VideoXpert Missing Encryption

Schneider Electric Pelco VideoXpert Missing Encryption Of Sensitive Information Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: 2.0.41 1.14.7 1.12.105 Summary: VideoXpert is a video management solution designed for scalability, fitting the needs surveillanc...

Lenovo ShareIT Information Disclosure / Hardcoded Password

Advisory Information Title: Lenovo ShareIT Multiple Vulnerabilities Advisory ID: CORE-2016-0002 Advisory URL: http://www.coresecurity.com/advisories/lenovo-shareit-multiple-vulnerabilities Date published: 2016-01-25 Date of last update: 2016-01-22 Vendors contacted: Lenovo Release mode:...

RSI Video Technologies Videofied security system Frontel software uses an insecure custom protocol

Overview RSI Video Technologies' Videofied security system uses a software named Frontel to monitor alarm status. Frontel uses an insecure custom protocol to communicate with its Frontel server. Description Frontel uses a custom protocol running on TCP port 888. The protocol performs an...

Dedicated Micros DVR products use plaintext protocols and require no password by default

Overview Dedicated Micros DVR products, including the DV-IP Express, SD Advanced, SD, EcoSense, and DS2, by default use plaintext protocols and require no password. Description CWE-311: Missing Encryption of Sensitive Data Dedicated Micros DVR products by default use HTTP, telnet, and FTP rather...

Siemens WinCC 7.0 SP3 Multiple Vulnerabilities

Overview This advisory provides mitigation details for vulnerabilities that impact the Siemens SIMATIC WinCC. Positive Technologies and Siemens ProductCERT have identified multiple vulnerabilities in the Siemens SIMATIC WinCC, which is used to configure SIMATIC operator devices. Siemens has...

SA-CONTRIB-2013-088 - Secure Pages - Missing Encryption of Sensitive Data

The Secure Pages module manages redirects between HTTP and HTTPS pages. A flaw in the URL path matching could lead some pages and forms to be transmitted via plain HTTP, even if the administrator intended those pages to use HTTPS. This flaw may surface either due to a malicious user enticing a us...