EUVD-2017-4246

Malware in sbrugna...

EUVD-2014-0783

Malware in sbrugna...

EUVD-2021-19677

Malware in sbrugna...

EUVD-2023-36871

Malicious code in bioql PyPI...

Sql injection

ARDEREG ?Sistema SCADA Central versions 2.203 and prior login page are vulnerable to an unauthenticated blind SQL injection attack. An attacker could manipulate the application's SQL query logic to extract sensitive information or perform unauthorized actions within the database. In this case, th...

Directory traversal

Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system...

CVE-2018-19000

LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data...

CVE-2018-18998

LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges...

Attacks Against Critical Infrastructure Seek Operational Intel

In most critical industries—petroleum refineries or energy utilities, for example—there is very little in the way of proprietary information. Refining crude oil into gasoline requires science, not a secret sauce. Same goes for power generation. So why are advanced attackers using the same data...

Researcher Releases Database of Known-Good ICS and SCADA Files

A prominent security researcher has put together a new database of hundreds of thousands of known-good files from ICS and SCADA software vendors in an effort to help users and other researchers identify legitimate files and home in on potentially malicious ones. The database, known as WhiteScope,...

Dennis Fisher and Mike Mimoso Discuss the Target Breach, SCADA Security and the NSA

Dennis Fisher and Mike Mimoso talk about the big security stories of the last couple of weeks, including the developments in the Target data breach, the president’s speech on NSA surveillance reforms and SCADA security woes...

Interactive Graphical SCADA System Remote Command Injection

This Metasploit module abuses a directory traversal flaw in Interactive Graphical SCADA System v9.00. In conjunction with the traversal flaw, if opcode 0x17 is sent to the dc.exe process, an attacker may be able to execute arbitrary system commands. This module requires Metasploit:...

Researchers Highlight Medical Device Security at Annual ICS Conference

Two popular industrial control system ICS researchers this week demonstrated how easily medical devices, including a Philips-branded machine that regularly interacts with x-ray machines and other hospital equipment, can be hacked. At Digital Bond’s annual SCADA Security Scientific Symposium S4...

The Hackers Conference 2012 Call For Papers #THC2012

We are extremely delighted to announce the Call for Papers for The Hackers Conference 2012 It is a unique event, where the elite of the hacker world, leaders in the information security industry and the Internet community meet face to face to join their efforts to cooperate in addressing the most...

Slideshow: Scenes from SAS 2012

VIEW SLIDESHOW Scenes from SAS 2012 At Kaspersky Lab’s Security Analyst Summit last week, over 100 researchers and law enforcement officials converged in Cancun, Mexico over the course of five days to network and discuss a veritable cornucopia of security topics. Topics such as privacy, SCADA and...

UPDATE: Looking For a 'FireSheep' Moment, Researchers Lay Bare Woeful SCADA Security

Miami, Florida – A no-holds barred presentation at the S4 Conference laid bare the woeful state of security for many industrial control systems that power the world’s critical infrastructure. Organizers have also cooperated with security scanning firms Rapid7 and Tenable to release modules for th...

Hacker Says Texas Town Used Three Character Password To Secure Internet Facing SCADA System

In an e-mail interview with Threatpost, the hacker who compromised software used to manage water infrastructure for South Houston, Texas, said the district had HMI human machine interface software used to manage water and sewage infrastructure accessible to the Internet and used a password that w...

Get Ready for Hacker Halted 2011, Miami 21-27 October

Get Ready for Hacker Halted 2011, Miami 21-27 October Hacker Halted returns to Miami for the 3rd year in a row. Following last year's success, we are expecting this year to be bigger and better. Hacker Halted will feature 4 focus tracks: 1.What's Hot – Featuring cutting-edge presentations on key...

Get Ready for Hacker Halted 2011, Miami 21-27 October

Get Ready for Hacker Halted 2011 , Miami 21-27 October Hacker Halted returns to Miami for the 3rd year in a row. Following last year's success, we are expecting this year to be bigger and better. Hacker Halted will feature 4 focus tracks: 1.What's Hot – Featuring cutting-edge presentations on key...

RealWin SCADA Server DATAC Login Buffer Overflow

This module exploits a stack buffer overflow in DATAC Control International RealWin SCADA Server 2.1 Build 6.0.10.10 or earlier. By sending a specially crafted OnFCCONNECTFCSLOGIN packet containing a long username, an attacker may be able to execute arbitrary code. This module requires Metasploit...