EUVD-2018-9676

Malware in sbrugna...

IoT Flaw Allows Hijacking of Connected Construction Cranes

A connected construction crane, from Telecrane, has a vulnerability that would allow cyberattackers to intercept its communications and take the equipment over. The internet of things IoT continues to add new types of objects to its footprint, as industries start leveraging connectivity to increa...

CVE-2018-17935

All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state...

Command injection

All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state...

CVE-2018-17935

All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state...

CVE-2018-17935

CVE-2018-17935 affects Telecrane F25 Series remote controls prior to firmware 00.0A. The root cause is fixed, reproducible authentication codes used in transmitter-receiver communications, enabling an authentication bypass by capture-replay. This can allow unauthorized users to view and replay co...

Telecrane F25 Replay Attack Vulnerability

This vulnerability allows remote attackers to issue commands on vulnerable installations of Telecrane equipment. Authentication is not required to exploit this vulnerability. The specific flaw exists with the communication between the transmitter and receiver pair. By using a fixed control code a...

Telecrane F25 Series Command Execution Vulnerability

The Telecrane F25 Series is an industrial remote control device from Telecrane. A security vulnerability exists in Telecrane F25 Series versions prior to 00.0A. An attacker could use this vulnerability to view and replay commands to control the device or cause the device to stop functioning...

Telecrane F25 Series

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Low skill level to exploit Vendor: Telecrane Equipment: F25 Series Vulnerability: Authentication Bypass by Capture-Replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized users to view commands, replay commands,...