226 matches found
Schneider Electric Modicon Ethernet Serial RTU
1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Modicon BMXNOR0200H Vulnerabilities: Improper Check for Unusual or Exceptional Conditions, Improper Access Control 2. RISK EVALUATION Successful exploitation of these...
Schneider Electric Magelis HMI Panels
1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Magelis HMI Panel Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a...
What the continued escalation of tensions in the Middle East means for security
Cisco Talos works with many organizations around the world, monitoring and protecting against sophisticated threats every day. As such, we are watching the current state of events in the Middle East very closely for our customers and partners who may be impacted by the ongoing situation. We are...
Leprechaun - Tool Used To Map Out The Network Data Flow To Help Penetration Testers Identify Potentially Valuable Targets
The purpose of this tool is to help penetration testers identify potentially valuable targets on the internal network environment. By aggregating netstat routes from multiple hosts, you can easily figure out what's going on within. Getting Started These instructions will get you a copy of the...
A New Playground for Cybercrime: Why Supply Chain Security Must Cover Software Development
Most organisations see supply chains as providers of physical goods and services. The supply chain management function in these companies usually provides the governance framework to reduce third-party risks and prevent hackers from stealing data, disrupting daily operations and affecting busines...
FBI Releases Article on Defending Against E-Skimming
The Federal Bureau of Investigation FBI has released an article to raise awareness on e-skimming threats. E-skimming occurs when an attacker injects malicious code onto a website to capture credit or debit card data or personally identifiable information PII. The Cybersecurity and Infrastructure...
10 Steps for Ransomware Protection
Just the thought of ransomware is enough to keep CISOs and security teams up at night. Victims are caught in an awful choice between paying a ransom to a criminal who may or may not release their captured network and data, or potentially spending millions of dollars to remove the ransomware on...
ARP Spoofing in Zingbox Inspector
A security vulnerability exists in Zingbox Inspector that allows for the Inspector to be susceptible to ARP spoofing. Ref: CVE-2019-15022 The vulnerability allows for an attacker to perform ARP spoofing attacks against the Zingbox Inspector. This issue affects Zingbox Inspector, versions 1.294 an...
PT-2019-3610 · Zingbox · Zingbox Inspector
Name of the Vulnerable Software and Affected Versions: Zingbox Inspector versions 1.294 and earlier Description: A security issue exists due to the lack of protection against ARP spoofing, allowing a remote attacker to potentially elevate their privileges. The issue makes the Inspector susceptibl...
Bug in Anesthesia Respirators Allows Cyber-Tampering
A vulnerability in GE Healthcare’s Aestiva and Aespire anesthesia devices would allow an unauthenticated cybercriminal on the same network as the device to modify gas composition parameters within the devices’ respirator function, thus changing sensor readings for gas density. According to GE...
GE Aestiva and Aespire Anesthesia (Update A)
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: Aestiva and Aespire Anesthesia Vulnerability: Improper Authentication 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSMA-19-190-01 GE...
U.S. Coast Guard Releases Cybersecurity Measures for Commercial Vessels
The U.S. Coast Guard has released a Safety Alert with recommended cybersecurity best practices for commercial vessels. With a dynamic cybersecurity threat landscape and growing reliance on technology to support vessels, the maritime community can help strengthen their defenses by implementing the...
Schneider Electric Modicon Controllers
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Modicon Controllers Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could result...
Schneider Electric Modicon Controllers
1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Modicon M580, Modicon M340, Modicon Premium, and Modicon Quantum Vulnerability: Use of Insufficiently Random Values 2. RISK EVALUATION Successful exploitation of this...
PT-2019-2342 · Schneider Electric · Modicon M580 +4
Name of the Vulnerable Software and Affected Versions: Modicon M580 versions prior to V2.50 Modicon M340 versions prior to V3.01 BMxCRA312xx versions prior to V2.40 Modicon Premium all firmware versions 140CRA312xxx all firmware versions Description: The issue is related to buffer errors in the...
Authentication Bypass in PAN-OS Management Web Interface
An Authentication Bypass vulnerability exists in the PAN-OS Management Web Interface. Ref PAN-113675, CVE-2019-1572 Successful exploitation of this issue may allow an unauthenticated remote user to access php files. This issue affects Only PAN-OS 9.0.0 Work around: This issue affects the web-base...
Does Zero Trust Security Have to be Hard to be Effective?
The short answer is no. As expected, the long answer is a little more nuanced. But first, a quick refresher on Zero Trust security for those who haven't jumped on the bandwagon yet. For those who have, feel free to skip the next section. Zero Trust Security Recap We know that the defensible netwo...
Dräger Infinity Delta
1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low skill level to exploit Vendor: Dräger Equipment: Infinity Delta Vulnerabilities: Improper Input Validation, Information Exposure Through Log Files, Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities...
ABB GATE-E2
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: GATE-E2 Vulnerabilities: Missing Authentication for Critical Function, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...
Managing the Risk of IT-OT Convergence
A few years ago, it wasn’t easy getting executives on board with the concept of operational technology OT security. Having finally come around to acknowledging the need for information technology IT security, boards and C-suite executives at industrial enterprises were then faced with the...