Lucene search
+L

226 matches found

ICS
ICS
added 2020/02/13 12:0 a.m.92 views

Schneider Electric Modicon Ethernet Serial RTU

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Modicon BMXNOR0200H Vulnerabilities: Improper Check for Unusual or Exceptional Conditions, Improper Access Control 2. RISK EVALUATION Successful exploitation of these...

8.8CVSS9AI score0.02084EPSS
Exploits0References5
ICS
ICS
added 2020/02/13 12:0 a.m.73 views

Schneider Electric Magelis HMI Panels

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Magelis HMI Panel Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a...

6.5CVSS6.8AI score0.01049EPSS
Exploits1References5
Talos Blog
Talos Blog
added 2020/01/09 10:13 a.m.139 views

What the continued escalation of tensions in the Middle East means for security

Cisco Talos works with many organizations around the world, monitoring and protecting against sophisticated threats every day. As such, we are watching the current state of events in the Middle East very closely for our customers and partners who may be impacted by the ongoing situation. We are...

6.8CVSS8.1AI score0.96274EPSS
Exploits13
Kitploit
Kitploit
added 2019/11/23 9:30 p.m.108 views

Leprechaun - Tool Used To Map Out The Network Data Flow To Help Penetration Testers Identify Potentially Valuable Targets

The purpose of this tool is to help penetration testers identify potentially valuable targets on the internal network environment. By aggregating netstat routes from multiple hosts, you can easily figure out what's going on within. Getting Started These instructions will get you a copy of the...

7AI score
Exploits0References2
Trend Micro Simply Security
Trend Micro Simply Security
added 2019/10/24 4:35 p.m.46 views

A New Playground for Cybercrime: Why Supply Chain Security Must Cover Software Development

Most organisations see supply chains as providers of physical goods and services. The supply chain management function in these companies usually provides the governance framework to reduce third-party risks and prevent hackers from stealing data, disrupting daily operations and affecting busines...

0.1AI score
Exploits0
CISA
CISA
added 2019/10/23 12:0 a.m.9 views

FBI Releases Article on Defending Against E-Skimming

The Federal Bureau of Investigation FBI has released an article to raise awareness on e-skimming threats. E-skimming occurs when an attacker injects malicious code onto a website to capture credit or debit card data or personally identifiable information PII. The Cybersecurity and Infrastructure...

6.6AI score
Exploits0References7
ThreatPost
ThreatPost
added 2019/10/16 8:12 p.m.106 views

10 Steps for Ransomware Protection

Just the thought of ransomware is enough to keep CISOs and security teams up at night. Victims are caught in an awful choice between paying a ransom to a criminal who may or may not release their captured network and data, or potentially spending millions of dollars to remove the ransomware on...

0.3AI score
Exploits0References5
Palo Alto Networks
Palo Alto Networks
added 2019/10/01 7:0 a.m.10 views

ARP Spoofing in Zingbox Inspector

A security vulnerability exists in Zingbox Inspector that allows for the Inspector to be susceptible to ARP spoofing. Ref: CVE-2019-15022 The vulnerability allows for an attacker to perform ARP spoofing attacks against the Zingbox Inspector. This issue affects Zingbox Inspector, versions 1.294 an...

7.5CVSS7AI score0.01069EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/10/01 12:0 a.m.4 views

PT-2019-3610 · Zingbox · Zingbox Inspector

Name of the Vulnerable Software and Affected Versions: Zingbox Inspector versions 1.294 and earlier Description: A security issue exists due to the lack of protection against ARP spoofing, allowing a remote attacker to potentially elevate their privileges. The issue makes the Inspector susceptibl...

7.8CVSS7.4AI score0.01069EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2019/07/10 9:15 p.m.124 views

Bug in Anesthesia Respirators Allows Cyber-Tampering

A vulnerability in GE Healthcare’s Aestiva and Aespire anesthesia devices would allow an unauthenticated cybercriminal on the same network as the device to modify gas composition parameters within the devices’ respirator function, thus changing sensor readings for gas density. According to GE...

5CVSS0.8AI score0.01336EPSS
Exploits0References6
ICS
ICS
added 2019/07/09 12:0 a.m.40 views

GE Aestiva and Aespire Anesthesia (Update A)

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: Aestiva and Aespire Anesthesia Vulnerability: Improper Authentication 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSMA-19-190-01 GE...

5.3CVSS5.3AI score0.01336EPSS
Exploits0References4
CISA
CISA
added 2019/07/08 12:0 a.m.20 views

U.S. Coast Guard Releases Cybersecurity Measures for Commercial Vessels

The U.S. Coast Guard has released a Safety Alert with recommended cybersecurity best practices for commercial vessels. With a dynamic cybersecurity threat landscape and growing reliance on technology to support vessels, the maritime community can help strengthen their defenses by implementing the...

6.8AI score
Exploits0References2
ICS
ICS
added 2019/07/02 12:0 a.m.50 views

Schneider Electric Modicon Controllers

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Modicon Controllers Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could result...

7.5CVSS8AI score0.01129EPSS
Exploits0References4
ICS
ICS
added 2019/05/16 12:0 a.m.197 views

Schneider Electric Modicon Controllers

1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Modicon M580, Modicon M340, Modicon Premium, and Modicon Quantum Vulnerability: Use of Insufficiently Random Values 2. RISK EVALUATION Successful exploitation of this...

6.5CVSS6.8AI score0.0193EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/05/14 12:0 a.m.9 views

PT-2019-2342 · Schneider Electric · Modicon M580 +4

Name of the Vulnerable Software and Affected Versions: Modicon M580 versions prior to V2.50 Modicon M340 versions prior to V3.01 BMxCRA312xx versions prior to V2.40 Modicon Premium all firmware versions 140CRA312xxx all firmware versions Description: The issue is related to buffer errors in the...

6.8CVSS7.6AI score0.01189EPSS
Exploits0References4
Palo Alto Networks
Palo Alto Networks
added 2019/03/28 8:5 p.m.96 views

Authentication Bypass in PAN-OS Management Web Interface

An Authentication Bypass vulnerability exists in the PAN-OS Management Web Interface. Ref PAN-113675, CVE-2019-1572 Successful exploitation of this issue may allow an unauthenticated remote user to access php files. This issue affects Only PAN-OS 9.0.0 Work around: This issue affects the web-base...

1.5AI score0.02469EPSS
Exploits0References1Affected Software1
Akamai Blog
Akamai Blog
added 2019/03/04 11:0 a.m.61 views

Does Zero Trust Security Have to be Hard to be Effective?

The short answer is no. As expected, the long answer is a little more nuanced. But first, a quick refresher on Zero Trust security for those who haven't jumped on the bandwagon yet. For those who have, feel free to skip the next section. Zero Trust Security Recap We know that the defensible netwo...

7.3AI score
Exploits0
ICS
ICS
added 2019/01/22 12:0 a.m.47 views

Dräger Infinity Delta

1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low skill level to exploit Vendor: Dräger Equipment: Infinity Delta Vulnerabilities: Improper Input Validation, Information Exposure Through Log Files, Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

7.8CVSS8.1AI score0.0078EPSS
Exploits0References5
ICS
ICS
added 2018/12/18 12:0 a.m.56 views

ABB GATE-E2

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: GATE-E2 Vulnerabilities: Missing Authentication for Critical Function, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

9.8CVSS8.2AI score0.02646EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2018/11/15 5:34 p.m.12 views

Managing the Risk of IT-OT Convergence

A few years ago, it wasn’t easy getting executives on board with the concept of operational technology OT security. Having finally come around to acknowledging the need for information technology IT security, boards and C-suite executives at industrial enterprises were then faced with the...

0.4AI score
Exploits0
Rows per page
Query Builder