EUVD-2019-16098

Malware in sbrugna...

Protect Against Romance Scams

The Federal Trade Commission FTC has released a short video to help users spot and defend against romance scams. In this type of fraud, cyber criminals gain the confidence of their victims and trick them into sending money. The video includes stories that romance scammers tell to online daters to...

Philips Holter 2010 Plus

1. EXECUTIVE SUMMARY CVSS v3 1.9 Vendor : Philips Equipment : Philips Holter 2010 Vulnerability : Use of Obsolete Function 2. RISK EVALUATION Successful exploitation of this vulnerability under certain conditions can lead to a product feature escalation. 3. TECHNICAL DETAILS 3.1 AFFECTED...

Schneider Electric Interactive Graphical SCADA System

1. EXECUTIVE SUMMARY CVSS v3 7.0 Vendor: Schneider Electric Equipment: Interactive Graphical SCADA System IGSS Vulnerability: Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve arbitrary code execution or crash the software. 3...

AVEVA Vijeo Citect and Citect SCADA Floating License Manager

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : AVEVA Equipment : Vijeo Citect and Citect SCADA Floating License Manager Vulnerabilities : Improper Input Validation, Memory Corruption 2. RISK EVALUATION These vulnerabilities could allow an...

Delta Industrial Automation CNCSoft ScreenEditor

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Delta Electronics Equipment: CNCSoft ScreenEditor Vulnerabilities: Heap-based Buffer Overflow, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause...

Schneider Electric Floating License Manager

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Floating License Manager Vulnerabilities: Improper Input Validation, Memory Corruption 2. RISK EVALUATION These vulnerabilities could allow an attacker to deny the...

Rockwell Automation PanelView 5510

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: PanelView 5510 Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated user to gain root privileges on the...

ICSA-19-192-04 Siemens SIMATIC RF6XXR

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION : Exploitable remotely/public exploits are available Vendor : Siemens Equipment : SIMATIC RF6XXR Vulnerabilities : Improper Input Validation, Cryptographic Issues 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow access to...

ICSA-19-192-03 Siemens TIA Administrator (TIA Portal)

1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION : Low skill level to exploit Vendor : Siemens Equipment : TIA Administrator TIA Portal Vulnerability : Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an execution of some commands without proper...

Schneider Electric Zelio Soft 2

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Zelio Soft 2 Vulnerability: Use After Free 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote code execution through the opening of a...

Quest KACE Systems Management Appliance

1. EXECUTIVE SUMMARY CVSS v3 2.7 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Quest Equipment : KACE Systems Management Appliance SMA Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an administrative...

Advantech WebAccess/SCADA

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess/SCADA Vulnerabilities: Path Traversal, Stack-based Buffer Overflow, Heap-based Buffer Overflow, Out-of-bounds Read, Out-of-bounds Write, Untrusted Pointer Dereference...

ABB CP635 HMI

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable from adjacent network/low skill level to exploit Vendor: ABB Equipment: CP635 HMI Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to prevent legitimate...

ABB CP651 HMI

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable from adjacent network/low skill level to exploit Vendor: ABB Equipment: CP651 HMI Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to prevent legitimate...

BD Alaris Gateway Workstation

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: BD Becton, Dickinson and Company Equipment: Alaris Gateway Workstation Vulnerabilities: Improper Access Control, Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Exploitation of...

Johnson Controls exacqVision Enterprise System Manager

1. EXECUTIVE SUMMARY CVSS v3 6.7 Vendor: Johnson Controls Equipment: exacqVision Enterprise System Manager ESM Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow malicious code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS...

WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : WAGO Equipment : Industrial Managed Switches 852-303, 852-1305, and 852-1505 Vulnerabilities : Use of Hard-coded Credentials, Use of Hard-coded Cryptographic Key, Using Components with Known...

ICSA-19-162-01 Siemens Siveillance VMS

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Siveillance VMS Vulnerabilities: Improper Authorization, Incorrect User Management, Missing Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

Panasonic Control FPWIN Pro

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: Panasonic Equipment: Control FPWIN Pro Vulnerabilities: Heap-based Buffer Overflow, Type Confusion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device and allow remote code...