Read more about the article ICS Advisory: Mitsubishi Electric FA Engineering Software Products

ICS Advisory: Mitsubishi Electric FA Engineering Software Products

  • Post author:
  • Post category:

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: FA Engineering Software Products Vulnerability: External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious attacker to execute malicious code by tricking legitimate users to open a specially crafted project

Continue ReadingICS Advisory: Mitsubishi Electric FA Engineering Software Products
Read more about the article ICS Advisory: PTC KEPServerEx

ICS Advisory: PTC KEPServerEx

  • Post author:
  • Post category:

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: KEPServerEX, ThingWorx, OPC-Aggregator Vulnerabilities: Heap-based Buffer Overflow, Improper Validation of Certificate with Host Mismatch 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker gaining Windows SYSTEM-level code execution on the service host and may cause the

Continue ReadingICS Advisory: PTC KEPServerEx
Read more about the article ICS Advisory: Yokogawa STARDOM

ICS Advisory: Yokogawa STARDOM

  • Post author:
  • Post category:

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Yokogawa Equipment: STARDOM FCN/FCJ Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a specially crafted packet. 3. TECHNICAL DETAILS 3.1 AFFECTED

Continue ReadingICS Advisory: Yokogawa STARDOM
Read more about the article ICS Advisory: Delta Electronics DOPSoft

ICS Advisory: Delta Electronics DOPSoft

  • Post author:
  • Post category:

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DOPSoft Vulnerability: Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Delta Electronics products are affected: DOPSoft: All versions 3.2

Continue ReadingICS Advisory: Delta Electronics DOPSoft
Read more about the article CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA Adds Two Known Exploited Vulnerabilities to Catalog

  • Post author:
  • Post category:

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-6345 Google Skia Integer Overflow Vulnerability CVE-2023-49103  ownCloud graphapi Information Disclosure Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the

Continue ReadingCISA Adds Two Known Exploited Vulnerabilities to Catalog