EUVD-2021-16049

Malware in sbrugna...

EUVD-2022-29912

Malicious code in bioql PyPI...

Schneider Electric Wiser Home Automation

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Passwords should include upper case, lower case, number and special characters, a length of 20 characters is ideal. A default Admin password must be changed immediately when first received...

CVE-2022-25213

Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell...

CVE-2021-29414

STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect physical access control...

Schneider Electric Modicon

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

Making sure your door access control system is secure: Top 5 things to check

Your door access control system aka a physical access control system or PACS, also referred to as RFID cards or ‘swipe’ cards often have a poor reputation for being vulnerable to cloning attacks. Here’s the thing: it’s generally possible to configure your system to be very resistant to card...

CVE-2024-39512

An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account. When the console cable is disconnected, the logged in user is not logged out. This allows a...

CVE-2024-39512 Junos OS Evolved: User is not logged out when the console cable is disconnected

An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account. When the console cable is disconnected, the logged in user is not logged out. This allows a...

CVE-2024-39512

The CVE-2024-39512 issue affects Junos OS Evolved consoles. Root cause: improper physical access control where disconnecting the console cable leaves the session active, enabling a local attacker with physical access to resume a prior session and potentially gain administrative privileges. Affect...

Juniper Junos OS Vulnerability (JSA82977)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA82977 advisory. - An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to...

AXIS A1001 Network Door Controller Flaw Exposes Secure Facilities

By Deeba Ahmed The new discovery could have far-reaching implications for Physical Access Control Systems and sensitive facilities. This is a post from HackRead.com Read the original post: AXIS A1001 Network Door Controller Flaw Exposes Secure Facilities...

Moxa UC Series

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Low attack complexity Vendor: Moxa Equipment: UC Series Vulnerability: Improper Physical Access Control 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-22-333-04 Moxa UC Series that was published November...

Report: Brazil must do more to encrypt, back up data

Federal government organisations in Brazil may need to reassess their approach to cyberthreats, according to a new report by the countrys Federal Audit Court. It outlines multiple key areas of concern across 29 key areas of risk. One of the biggest problems in the cybercrime section of the report...

Hardcoded credentials

Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell...

CVE-2022-25213

Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell...

CVE-2022-25213

CVE-2022-25213 describes improper physical access control and hard-coded credentials in /etc/passwd that allow an attacker with physical access to obtain a root shell via an unprotected UART port, which also exposes an unauthenticated Das U-Boot BIOS shell. The description applies to devices with...

CVE-2021-33881

CVE-2021-33881 affects NXP MIFARE Ultralight and NTAG RFID cards. The issue allows an attacker to interrupt a write operation (a “tear off”/rip-off attack) to bypass the monotonic counter protection mechanism. Impact depends on usage of the anti tear-off feature in specific applications, such as ...

Unspecified Vulnerability in STMicroelectronics STM32L4

The STMicroelectronics STM32L4 is a series of ultra-low power microcontrollers from STMicroelectronics, an Italian and French company. A security vulnerability exists in STMicroelectronics STM32L4 devices, which arises from having incorrect physical access control. No details of the vulnerability...

CVE-2021-29414

STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect physical access control...