Cisco Prime Infrastructure and Evolved Programmable Network Manager XML Injection Vulnerability

A vulnerability in the web-based user interface of Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execution. The attacker mu...

Cisco Prime Infrastructure and Evolved Programmable Network Manager DOM Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM could allow an unauthenticated, remote attacker to conduct a Document Object Model DOM based environment or client-side cross-site scripting XSS attack against a us...

Cisco Prime Infrastructure and Evolved Programmable Network Manager Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an...

Information Disclosure Vulnerability in Multiple Rockwell Automation Products

Rockwell Automation Allen-Bradley MicroLogix 1100 1763-L16AWA Series A and others are programmable logic controller PLC products from Rockwell Automation. An information disclosure vulnerability exists in multiple Rockwell Automation products. An attacker could exploit this vulnerability to recov...

Unspecified Vulnerability in Multiple Rockwell Automation Products (CNVD-2017-08713)

Rockwell Automation Allen-Bradley MicroLogix 1100 1763-L16AWA Series A and others are programmable logic controller PLC products from Rockwell Automation. A security vulnerability exists in several Rockwell Automation products. An attacker could exploit the vulnerability to capture and respond to...

BSA-2017-288

Security Advisory ID : BSA-2017-288 Component : NTP Revision : 1.0: Interim There is a potential for a buffer overflow in the legacy Datum Programmable Time Serverrefclockdriver. Here the packets are processed from the /dev/datum device and handled indatumptsreceive. Since an attacker would be...

Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Rockwell Automation Equipment: Allen-Bradley MicroLogix 1100 and 1400 Vulnerabilities: Predictable Value Range from Previous Values; Reusing a Nonce, Key Pair in Encryption; Information Exposure; Improper Restriction ...

The vulnerability of the Cisco Prime Infrastructure lifecycle management software and the Cisco Evolved Programmable Network Manager network service management software allows a hacker to gain access to confidential data.

The vulnerability of the Cisco Prime Infrastructure network lifecycle management software interface and the Cisco Evolved Programmable Network Manager network service management software is related to the lack of protection for operational data. Exploiting this vulnerability can allow a malicious...

Schneider Electric Modicon PLC Multiple Authentication Bypass Vulnerability

Modicon PLCs are programmable controller products used in industries such as dams, energy, food and agriculture, and more. A multiple authentication bypass vulnerability exists in the Schneider Electric Modicon PLC, where once a session key is obtained for plaintext transmission, an attacker can...

Schneider Electric Modicon PLC Multiple Authentication Bypass Vulnerability (CNVD-2017-04918)

Modicon PLCs are programmable controller products used in industries such as dams, energy, food and agriculture, and more. A multiple authentication bypass vulnerability exists in the Schneider Electric Modicon PLC, where an attacker accessing the OT network could intercept traffic to the target...

Multiple Cisco Product Information Disclosure Vulnerabilities

Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager are both products of the United States Cisco Cisco. The former is a set of Cisco Prime LAN Management Solution LMS and Cisco Prime Network Control System NCS technology for wireless management solutions; the latter i...

Rockwell Automation ControlLogix 5580 and CompactLogix 5380

CVSS v3 6.8 ATTENTION: Remotely exploitable. Vendor: Rockwell Automation Equipment: ControlLogix 5580 and CompactLogix 5380 Vulnerability: Resource Exhaustion REPOSTED INFORMATION This advisory was originally posted to the NCCIC Portal on April 4, 2017, and is being released to the NCCIC/ICS-CERT...

Buffer overflow

Buffer overflow in the legacy Datum Programmable Time Server DPTS refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device...

CVE-2017-6462

Buffer overflow in the legacy Datum Programmable Time Server DPTS refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device...

CVE-2017-6462

Buffer overflow in the legacy Datum Programmable Time Server DPTS refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device...

This Ransomware Malware Could Poison Your Water Supply If Not Paid

Ransomware has been around for a few years, but in last two years, it has become an albatross around everyone's neck, targeting businesses, hospitals, financial institutions and personal computers worldwide and extorting millions of dollars. Ransomware is a type of malware that infects computers...

CVE-2016-9343

An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 excluding all firmware versions prior to FRN 16.00, which are not affected. By sending malformed common industrial protocol CIP packet, an attacker may be able to overflow a...

CVE-2016-9343

An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 excluding all firmware versions prior to FRN 16.00, which are not affected. By sending malformed common industrial protocol CIP packet, an attacker may be able to overflow a...

CVE-2016-9343

CVE-2016-9343 affects Rockwell Automation Logix5000 controllers (FRN 16.00–21.00; earlier FRN 16.00+ excluded) via malformed CIP packets that overflow a stack-based buffer, enabling potential code execution or a nonrecoverable fault causing denial of service. The vulnerability is a stack-based bu...

The vulnerability of the embedded software of the programmable logic controller OVEEN PLK110 allows a intruder to overwrite data stored in the stack or execute arbitrary code.

The vulnerability of the embedded software of the OVEEN PLC110 programmable logic controller lies in the lack of checks for the length of the file name during the generation of the error message when processing a read or write request for the file. This leads to buffer overflows in the stack...