342 matches found
CVE-2018-0890
A security feature bypass vulnerability exists when Active Directory incorrectly applies Network Isolation settings, aka "Active Directory Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...
Microsoft Active Directory Security Bypass Vulnerability
Microsoft Windows 10, Windows Server 2016, and Windows Server Version 1709 are all products of Microsoft Corporation, U.S.A. Microsoft Windows 10 is a cross-platform operating system for PCs and laptops, tablets and devices such as cell phones.Windows Server 2016 and Windows Server Version 1709 a...
Active Directory Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Active Directory incorrectly applies Network Isolation settings. To exploit this vulnerability, an attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could bypass firewall policies appli...
KLA11221 Multiple vulnerabilities in Microsoft Windows
Multiple serious vulnerabilities have been found in Microsoft Windows . Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, cause denial of service and possibly to bypass security restrictions. Below is a complete list of...
Geutebruck IP Cameras
CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: Geutebrück Equipment: IP Cameras Vulnerabilities: Improper Authentication, SQL Injection, Cross-Site Request Forgery, Improper Access Control, Server-Side Request Forgery, Cross-site Scripting AFFECTED PRODUCTS...
Delta Electronics Delta Industrial Automation DOPSoft
CVSS v3 6.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Delta Electronics Equipment: Delta Industrial Automation DOPSoft Vulnerability: Stack-based Buffer Overflow AFFECTED PRODUCTS The following version of Delta Industrial Automation DOPSoft, a human machine interface HMI...
Securing IoT Networks
Q: How do you segment a mesh? A: You can’t. Legacy IoT devices, Industrial Control Systems with custom networking, are exceptionally difficult to secure. Typically, these devices contain only enough compute capabilities to support their primary operational function. They have limited memory, low...
Nortek Linear eMerge E3 Series
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Nortek Equipment: Linear eMerge E3 Series Vulnerability: Command Injection AFFECTED PRODUCTS The following Linear eMerge, an access control interface, versions are affected: Linear eMerge E3 series Versions V0.32-07e...
Schneider Electric StruxureOn Gateway
CVSS v3 7.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: StruxureOn Gateway Vulnerability: Unrestricted Upload of File with Dangerous Type AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the following versions of...
Fuji Electric V-Server VPR
CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Fuji Electric Equipment: V-Server VPR Vulnerability: Stack-based Buffer Overflow AFFECTED PRODUCTS The following versions of V-Server VPR, a data collection and management service, are affected: V-Server VPR 4.0.1.0 a...
Vocran NVR Remote Command Execution
The remote Vocran network video recorder is affected by a remote command execution vulnerability due to improper sanitization of user-supplied input passed via /board.cgi. An unauthenticated remote attacker can exploit this, via a specially crafted URL, to execute arbitrary commands on the device...
Optional Windows NTLM SSO authentication changes
Microsoft is releasing an optional security enhancement to NT LAN Manager NTLM, limiting which network resources various clients in the Windows 10 or the Windows Server 2016 operating systems can use NTLM Single Sign OnSSO as an authentication method. When you deploy the new security enhancement...
IoT Device Security At Home
My girlfriend read something that worried her about the security risks posed by Internet of Things IoT devices at home. She had recently purchased a new TV, and she has an older home security system. She asked if her privacy might be at risk. We talked about the kinds of problems an unprotected...
LOYTEC LVIS-3ME
CVSS v3 8.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: LOYTEC Equipment: LVIS-3ME Vulnerabilities: Relative Path Traversal, Insufficient Entropy, Cross-site Scripting, Insufficiently Protected Credentials AFFECTED PRODUCTS The following versions of LVIS-3ME, an HMI Touch...
Avoid the Liability Associated with Running End-of-Life Operating Systems (EOL)
Recent attacks such as WannaCry and NotPetya have demonstrated hackers are more familiar with the vulnerabilities of unsupported systems than many organizations themselves. When new patches are released, attackers easily reverse-engineer the updates and quickly find all the weaknesses in...
Schneider Electric Modicon M221 PLCs and SoMachine Basic
CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Schneider Electric Equipment: Modicon M221 PLCs and SoMachine Basic Vulnerability: Use of Hard-Coded Cryptographic Key, Protection Mechanism Failure AFFECTED PRODUCTS Schneider Electric...
ICSA-17-061-01_Eaton xComfort Ethernet Communication Interface
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Eaton Equipment: xComfort Ethernet Communication Interface Vulnerability: Improper Access Control AFFECTED PRODUCTS The following versions of xComfort Ethernet Communication Interface ECI, a building automation system...
Downloads Resources over HTTP
Overview Affected versions of mystem-wrapper insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executi...
FireEye Responds to Wave of Destructive Cyber Attacks in Gulf Region
In 2012, a suspected Iranian hacker group called the “Cutting Sword of Justice” used malware known as Shamoon – or Disttrack. In mid-November, Mandiant, a FireEye company, responded to the first Shamoon 2.0 incident against an organization located in the Gulf states. Since then, Mandiant has...
Sauter NovaWeb Web HMI Authentication Bypass Vulnerability
OVERVIEW Independent researcher Maxim Rupp has identified an authentication bypass vulnerability in Sauter’s NovaWeb web HMI application. Sauter has not produced a mitigation for this vulnerability. This product was discontinued in 2013 and is no longer supported. This vulnerability could be...