109 matches found
CVE-2017-12737
The CVE-2017-12737 entry applies to Siemens SICAM RTUs SM-2556 COM Modules (firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, DNPi00). The vulnerability arises from a missing authentication for a critical function: the integrated web server (port 80) could allow unauthenticated remote acces...
Siemens SICAM RTUs SM-2556 COM Modules XSS / Bypass / Code Execution Vulnerabilities
Siemens SICAM RTUs SM-2556 COM modules firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00 suffer from authentication bypass, code execution, and cross site scripting vulnerabilities. ======================================================================= title: Authentication...
Siemens SICAM RTUs SM-2556 COM Modules XSS / Bypass / Code Execution
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authentication bypass, cross-site scripting & code execution product: Siemens SICAM RTUs SM-2556 COM Modules firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00 and...
Information disclosure
Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-500-S01, and LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs with firmware before C3414-500-S02J2, allow remote attackers to obtain sensitive information from device memory by reading a padding field...
CVE-2015-6485
Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-500-S01, and LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs with firmware before C3414-500-S02J2, allow remote attackers to obtain sensitive information from device memory by reading a padding field...
CVE-2015-6485
CVE-2015-6485 corresponds to an ICS vulnerability in Schneider Electric Telvent SAGE RTUs caused by an IEEE Ethernet frame padding issue (CWE-226). The weakness allows an attacker on the network to elicit information leakage from device memory by reading a specially padded Ethernet frame. Affecte...
Wind River VXWorks TCP Predictability Vulnerability in ICS Devices (Update B)
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-169-01A Wind River VxWorks TCP Predictability Vulnerability in ICS Devices that was published November 5, 2015, on the NCCIC/ICS-CERT web site. Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech, via a...
SCADA Trojans: Attacking the Grid + Advantech vulnerabilities
Hi! You can download the slides of the research I was presenting at RootedCon'11 in Madrid "SCADA Trojans: Attacking the grid". A journey into attacking the power grid. I presented: - 0days in Advantech/BroadWin WebAccess SCADA product - Weak Design/Vulnerabilities in CSE-Semaphore TBOX RTUs -...
ABB PCU400 vulnerable to buffer overflow
Overview ABB PCU400 contains a vulnerability which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The ABB PCU400 application serves as a communication gateway between RTUs that use the IEC-870-5-104 protocol and the SCADA server. The...