Lucene search
K
IcsMost viewed

4251 matches found

ICS
ICS
added 2020/02/25 12:0 a.m.71 views

Moxa EDS-G516E and EDS-510E Series Ethernet Switches

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: EDS-G516E series, and EDS-510E series Vulnerabilities: Stack-based Buffer Overflow, Use of a Broken or Risky Cryptographic Algorithm, Use of Hard-coded Cryptographic Key, Use of...

10CVSS8.7AI score0.0272EPSS
Exploits0References5
ICS
ICS
added 2020/02/11 12:0 a.m.71 views

Siemens SIMATIC CP 1543-1

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC CP 1543-1 Vulnerabilities: Improper Access Control, Loop with Unreachable Exit Condition 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

9.8CVSS10AI score0.57606EPSS
Exploits2References9
ICS
ICS
added 2019/12/12 12:0 a.m.71 views

Omron PLC CJ, CS and NJ Series

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Omron Equipment : PLC CJ, CS and NJ Series Vulnerability : Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...

9.8CVSS10AI score0.01307EPSS
Exploits0References5
ICS
ICS
added 2019/09/05 12:0 a.m.71 views

BD Pyxis (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Becton, Dickinson and Company BD Equipment: Pyxis Vulnerability: Session Fixation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-248-01 BD Pyxis...

8.8CVSS8.8AI score0.01288EPSS
Exploits0References5
ICS
ICS
added 2019/08/29 12:0 a.m.71 views

Philips HDI 4000 Ultrasound

1. EXECUTIVE SUMMARY CVSS v3 3.0 ATTENTION: Public exploits are available/exploitable from within the same local subnet Vendor: Philips Equipment: HDI 4000 Ultrasound Systems Vulnerability: Use of Obsolete Function 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to...

3.6CVSS4.1AI score0.00344EPSS
Exploits0References5
ICS
ICS
added 2018/03/27 12:0 a.m.71 views

Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200

CVSS v3 5.9 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: Schneider Electric Equipment: Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 Vulnerabilities: Stack-based Buffer Overflow, Use of Hard-coded Credentials, Use of a Broken or Risky Cryptographic...

10CVSS10AI score0.03818EPSS
Exploits0References5
ICS
ICS
added 2018/02/01 12:0 a.m.71 views

3S-Smart Software Solutions GmbH CODESYS Web Server

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: 3S-Smart Software Solutions GmbH Equipment: CODESYS Web Server Vulnerability: Stack-based Buffer Overflow AFFECTED PRODUCTS All Microsoft Windows also WinCE based CODESYS web servers running stand-alone Version 2.3, o...

9.8CVSS10AI score0.03116EPSS
Exploits0References5
ICS
ICS
added 2017/03/30 12:0 a.m.71 views

Schneider Electric Wonderware InTouch Access Anywhere

CVSS v3 8.8 ATTENTION: Remotely Exploitable/low skill level to exploit Vendor: Schneider Electric Equipment: Wonderware InTouch Access Anywhere Vulnerabilities: Cross-Site Request Forgery, Information Exposure, Inadequate Encryption Strength AFFECTED PRODUCTS The following Wonderware InTouch Acce...

9.8CVSS7.9AI score0.02419EPSS
Exploits0References3
ICS
ICS
added 2017/02/07 12:0 a.m.71 views

BD Alaris 8015 Insufficiently Protected Credentials Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSMA-17-017-02 BD Alaris 8015 Insufficiently Protected Credentials Vulnerabilities that was published February 7, 2017, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 4 -------- Researchers at...

5.3CVSS0.7AI score0.01004EPSS
Exploits0References17
ICS
ICS
added 2015/11/27 7:0 a.m.71 views

Kepware Resource Exhaustion Vulnerability

OVERVIEW Adam Crain of Automatak and Chris Sistrunk of Mandiant have identified a resource exhaustion vulnerability in the Kepware Technologies’ DNP Master Driver for the KEPServerEX Communications Platform. Kepware Technologies has produced a new version that mitigates this vulnerability. This...

5CVSS6.2AI score0.01384EPSS
Exploits0References10
ICS
ICS
added 2015/09/17 6:0 a.m.72 views

Adcon Telemetry A840 Vulnerabilities

OVERVIEW Independent researcher Aditya K. Sood has identified vulnerabilities in Adcon Telemetry’s A840 Telemetry Gateway Base Station. Adcon Telemetry has stated that the A840 is an obsolete product and is no longer supported. No patches or updates will be created for this product. Adcon Telemet...

10CVSS9AI score0.02521EPSS
Exploits0References10
ICS
ICS
added 2013/05/08 6:0 a.m.71 views

Schneider Electric Vijeo Citect, CitectSCADA, PowerLogic SCADA Vulnerability

Overview Schneider Electric has identified an XML external entity vulnerability in Vijeo Citect, CitectSCADA, and PowerLogic SCADA applications. Timur Yunusov, Alexey Osipov, and Ilya Karpov of Positive Technologies reported the vulnerability directly to Schneider Electric. Schneider Electric has...

6.9CVSS6.7AI score0.00732EPSS
Exploits0References10
ICS
ICS
added 2013/04/05 6:0 a.m.71 views

Monroe Electronics DASDEC Compromised Root SSH Key

OVERVIEW This advisory provides mitigation details for a vulnerability that impacts the Monroe Electronics DASDEC. Mike Davis, a researcher with IOActive, reported a compromised root SSH key vulnerability to CERT Coordination Center CERT/CC. This vulnerability is in Monroe Electronics DASDEC‑I an...

10CVSS9.5AI score0.13446EPSS
Exploits0References10
ICS
ICS
added 2012/09/22 6:0 a.m.71 views

Carlo Gavazzi EOS Box Multiple Vulnerabilities

Overview This advisory provides mitigation details for multiple vulnerabilities that impact the Carlo Gavazzi EOS-Box Photovoltaic Monitoring System. Carlo Gavazzi has identified two vulnerabilities in the Carlo Gavazzi EOS-Box Photovoltaic Monitoring System. Carlo Gavazzi has produced a firmware...

10CVSS7.6AI score0.0139EPSS
Exploits0References10
ICS
ICS
added 2024/03/14 6:0 a.m.70 views

Softing edgeConnector

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION : Low attack complexity Vendor : Softing Equipment : edgeConnector Vulnerabilities : Cleartext Transmission of Sensitive Information, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could create conditions...

8CVSS8AI score0.68611EPSS
Exploits0References10
ICS
ICS
added 2023/12/15 12:0 p.m.70 views

Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment

Actions to take today to harden your internal environment to mitigate follow-on activity after initial access. 1. Use phishing-resistant multi-factor authentication MFA for all administrative access. 2. Verify the implementation of appropriate hardening measures, and change, remove, or deactivate...

10CVSS9.7AI score0.99999EPSS
Exploits177References133
ICS
ICS
added 2023/07/18 6:0 a.m.70 views

Iagona ScrutisWeb

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Iagona Equipment: ScrutisWeb Vulnerabilities: Absolute Path Traversal, Authorization Bypass Through User-Controlled Key, Use of Hard-coded Cryptographic Key, Unrestricted Upload of File with Dangerous...

10CVSS8.1AI score0.01163EPSS
Exploits0References8
ICS
ICS
added 2023/06/29 6:0 a.m.70 views

Ovarro TBox RTUs

1. EXECUTIVE SUMMARY ​CVSS v3 7.2 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Ovarro ​Equipment: TBox RTUs ​Vulnerabilities: Missing Authorization, Use of Broken or Risky Cryptographic Algorithm, Inclusion of Functionality from Untrusted Control Sphere, Insufficient Entropy,...

7.2CVSS7.3AI score0.00698EPSS
Exploits0References8
ICS
ICS
added 2023/05/18 12:0 p.m.70 views

Rockwell Automation FactoryTalk Diagnostics (Update B)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk Diagnostics Vulnerabilities: Deserialization of Untrusted Data 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the original...

10CVSS9.9AI score0.05363EPSS
Exploits0References28
ICS
ICS
added 2023/03/14 12:0 a.m.70 views

Siemens SCALANCE Third-Party

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

9.8CVSS9.4AI score0.03379EPSS
Exploits1References11
ICS
ICS
added 2023/02/27 8:46 p.m.70 views

Mitsubishi Electric MELSOFT iQ AppPortal

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSOFT iQ AppPortal Vulnerabilities: HTTP Request Smuggling, Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of these...

9.8CVSS10AI score0.19008EPSS
Exploits2References4
ICS
ICS
added 2022/11/25 12:0 p.m.70 views

Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester

Summary From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch FCEB organization where CISA observed suspected advanced persistent threat APT activity. In the course of incident response activities, CISA determined that cyber...

10CVSS10AI score0.99999EPSS
Exploits352References108
ICS
ICS
added 2022/06/28 12:0 a.m.70 views

ABB e-Design

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: ABB Equipment: e-Design Vulnerabilities: Incorrect Default Permissions 2. RISK EVALUATION Exploitation of these vulnerabilities could allow privilege escalation or a denial-of service condition. 3. TECHNICAL DETAILS 3.1...

7.8CVSS7.1AI score0.00321EPSS
Exploits0References4
ICS
ICS
added 2022/06/21 12:0 a.m.70 views

Phoenix Contact Classic Line Industrial Controllers

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Phoenix Contact Equipment: ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ETH/XC, ILC 171 ETH 2TX, ILC 191 ETH 2TX, ILC 191 ME/AN, and AXC 1050 Vulnerability: Missing Authentication for Critical...

9.8CVSS10AI score0.03079EPSS
Exploits1References4
ICS
ICS
added 2022/02/22 12:0 a.m.70 views

GE Proficy CIMPLICITY-Cleartext

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: GE Equipment: Proficy CIMPLICITY Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to capture a...

9.8CVSS8.9AI score0.00603EPSS
Exploits0References5
ICS
ICS
added 2021/11/02 12:0 a.m.70 views

Sensormatic Electronics VideoEdge

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls, Inc. Equipment: VideoEdge Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...

6.9CVSS7.4AI score0.8383EPSS
Exploits6References5
ICS
ICS
added 2021/09/14 12:0 a.m.70 views

Siemens LOGO! CMR and SIMATIC RTU 3000

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: LOGO! CMR2020, LOGO! CMR2040 and SIMATIC RTU 3000 family Vulnerabilities: Incorrect Calculation of Buffer Size, Improper Certificate Validation 2. RISK EVALUATION Successful...

7.5CVSS8.7AI score0.0197EPSS
Exploits1References5
ICS
ICS
added 2021/09/09 12:0 a.m.70 views

Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Europe B.V. Equipment: smartRTU and INEA ME-RTU Vulnerabilities: OS Command Injection, Improper Access Control, Cross-site Scripting, Use of Hard-coded Credentials, Unprotected...

10CVSS9.9AI score0.5766EPSS
Exploits11References5
ICS
ICS
added 2021/07/13 12:0 a.m.70 views

Siemens Teamcenter Active Workspace

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Siemens Equipment : Teamcenter Active Workspace Vulnerabilities : Generation of Error Message Containing Sensitive Information, Cross-site Scripting, Exposure of Sensitive Information to an...

6.1CVSS6.4AI score0.00897EPSS
Exploits0References11
ICS
ICS
added 2021/06/24 12:0 a.m.70 views

FATEK Automation WinProladder

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: FATEK Automation Equipment: WinProladder Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these...

9.8CVSS10AI score0.01752EPSS
Exploits0References5
ICS
ICS
added 2021/06/08 12:0 a.m.70 views

Siemens SIMATIC NET CP 443-1 OPC UA

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC NET CP 443-1 OPC UA Vulnerabilities: Improper Input Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, Incorrect Calculation, Classic Buffer...

9.8CVSS9.4AI score0.17245EPSS
Exploits2References11
ICS
ICS
added 2021/05/25 12:0 a.m.70 views

Datakit Libraries bundled in Luxion KeyShot

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Datakit Equipment: Software libraries embedded in Luxion KeyShot software Vulnerabilities: Out-of-bounds Write, Exposure of Sensitive Information to an Unauthorized Actor, Stack-Based buffer Overflow, Untrusted Pointer...

7.8CVSS7.7AI score0.02203EPSS
Exploits0References5
ICS
ICS
added 2021/04/13 12:0 a.m.70 views

Siemens Solid Edge File Parsing (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Solid Edge Vulnerabilities: Out-of-bounds Write, Improper Restriction of XML External Entity Reference, Out-of-bounds Read 2. UPDATE INFORMATION This updated advisory is a follow-up to the original...

7.8CVSS8.3AI score0.02303EPSS
Exploits0References11
ICS
ICS
added 2020/11/10 12:0 a.m.70 views

Schneider Electric PLC Simulator for EcoStruxure Control Expert

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: PLC Simulator for EcoStruxure Control Expert Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this...

7.5CVSS7.8AI score0.01272EPSS
Exploits0References5
ICS
ICS
added 2020/10/24 12:0 p.m.70 views

APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations

Summary This joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. Note: the analysis in this joint cybersecurity advisory is ongoing, and the...

10CVSS9.5AI score0.99999EPSS
Exploits229References90
ICS
ICS
added 2020/09/10 12:0 a.m.70 views

FATEK Automation PLC WinProladder

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: FATEK Automation Equipment: PLC WinProladder Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being accessed; a buffer overflow...

7.8CVSS8.4AI score0.01299EPSS
Exploits0References6
ICS
ICS
added 2020/06/09 12:0 a.m.70 views

Mitsubishi Electric MELSEC iQ-R Series (Update C)

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-161-02 Mitsubishi...

7.8CVSS7.8AI score0.03336EPSS
Exploits0References5
ICS
ICS
added 2020/04/14 12:0 a.m.70 views

Triangle MicroWorks SCADA Data Gateway

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Triangle MicroWorks Equipment : SCADA Data Gateway Vulnerabilities : Stacked-based Buffer Overflow, Out-of-Bounds Read, Type Confusion 2. RISK EVALUATION These vulnerabilities allow remote...

9.8CVSS8.7AI score0.05226EPSS
Exploits0References5
ICS
ICS
added 2020/02/11 12:0 a.m.70 views

Siemens SIMATIC S7-1500 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC S7-1500 CPU family Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-042-11 Siemens SIMATIC S7-1500 that was...

7.8CVSS7.6AI score0.01636EPSS
Exploits0References9
ICS
ICS
added 2019/04/30 12:0 a.m.70 views

ICSA-19-120-01_Rockwell Automation CompactLogix 5370

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: CompactLogix 5370 Vulnerabilities: Uncontrolled Resource Consumption, Stack-based Buffer Overflow 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to...

9.8CVSS9.2AI score0.09991EPSS
Exploits0References2
ICS
ICS
added 2019/01/17 12:0 a.m.70 views

ControlByWeb X-320M

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ControlByWeb Equipment: X-320M Vulnerabilities: Improper Authentication, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow arbitrary code execution...

6.8CVSS7.1AI score0.01571EPSS
Exploits1References5
ICS
ICS
added 2018/12/11 12:0 a.m.70 views

Siemens TIM 1531 IRC Modules

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: TIM 1531 IRC Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform...

10CVSS9.8AI score0.02796EPSS
Exploits0References9
ICS
ICS
added 2018/07/31 12:0 a.m.70 views

Johnson Controls Metasys and BCPro

1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION : Exploitable on an adjacent network/low skill level to exploit Vendor : Johnson Controls Equipment : Metasys and BCPro Vulnerability : Information Exposure Through an Error Message 2. RISK EVALUATION Successful exploitation of this vulnerability could...

6.5CVSS6.5AI score0.0078EPSS
Exploits0References5
ICS
ICS
added 2018/01/11 12:0 a.m.71 views

WECON Technology Co., Ltd. LeviStudio HMI Editor

CVSS v3 5.3 ATTENTION: Locally exploitable/low skill level to exploit. Vendor: WECON Technology Co., Ltd. WECON Equipment: LeviStudio HMI Editor Vulnerabilities: Buffer Overflows AFFECTED PRODUCTS The following versions of LEVI Studio HMI Editor, an HMI programming software product, are affected:...

7.8CVSS8.5AI score0.02292EPSS
Exploits0References2
ICS
ICS
added 2017/10/26 12:0 a.m.70 views

Rockwell Automation Stratix 5100 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.9 ATTENTION: Exploitable remotely/public exploits are available Vendor: Rockwell Automation Equipment: Stratix 5100 Wireless Access Point/Workgroup Bridge Vulnerability: Reusing a Nonce 2. UPDATE INFORMATION This updated advisory is a follow-up to the original...

8.1CVSS8.4AI score0.04575EPSS
Exploits1References4
ICS
ICS
added 2017/10/05 12:0 a.m.70 views

Siemens 7KT PAC1200 Data Manager

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: 7KT PAC1200 data manager Vulnerability: Authentication Bypass Using an Alternate Path or Channel AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following versions of the 7KT...

10CVSS10AI score0.0298EPSS
Exploits0References3
ICS
ICS
added 2017/08/22 12:0 a.m.70 views

General Motors and Shanghai OnStar (SOS) iOS Client

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: General Motors GM, Shanghai OnStar SOS Equipment: SOS iOS Client Vulnerabilities: Cleartext Storage of Sensitive Information, Man-in-the-Middle, Improper Authentication REPOSTED INFORMATION This advisory was originall...

8.8CVSS7.7AI score0.01852EPSS
Exploits0References2
ICS
ICS
added 2017/05/30 12:0 a.m.70 views

Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU

CVSS v3 6.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Automated Logic Corporation ALC Equipment: ALC WebCTRL, Liebert SiteScan, Carrier i-VU Vulnerability: XML External Entity XXE REPOSTED INFORMATION This advisory was originally posted to the NCCIC Portal on May 30, 201...

7.5CVSS7.9AI score0.02239EPSS
Exploits0References2
ICS
ICS
added 2017/05/16 12:0 a.m.70 views

Schneider Electric VAMPSET

CVSS v3 5.6 ATTENTION: Low skill level to exploit. Vendor: Schneider Electric Equipment: VAMPSET Vulnerability: Memory Corruption AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the following VAMPSET setting and configuration software products: VAMPSET, versions prior ...

5.5CVSS5.5AI score0.00286EPSS
Exploits0References2
ICS
ICS
added 2017/02/02 12:0 a.m.70 views

Honeywell XL Web II Controller Vulnerabilities

OVERVIEW Independent researcher Maxim Rupp has identified vulnerabilities in Honeywell’s XL Web II controller application. Honeywell has produced a new version to mitigate these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED PRODUCTS The following XL Web II controlle...

9.8CVSS8.7AI score0.02251EPSS
Exploits0References2
Total number of security vulnerabilities4251