Guidance

Read more about the article ICS Advisory: Rockwell Automation LP30/40/50 and BM40 Operator Interface

ICS Advisory: Rockwell Automation LP30/40/50 and BM40 Operator Interface

  • Post author:
  • Post category:

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: LP30, LP40, LP50, and BM40 Operator Panels Vulnerability: Improper Validation of Consistency within Input, Out-of-bounds Write, Stack-based Buffer Overflow, Untrusted Pointer Dereference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated attacker to use specifically

Continue ReadingICS Advisory: Rockwell Automation LP30/40/50 and BM40 Operator Interface
Read more about the article ICS Advisory: Rockwell Automation FactoryTalk Service Platform

ICS Advisory: Rockwell Automation FactoryTalk Service Platform

  • Post author:
  • Post category:

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Service Platform Vulnerability: Improper Verification of Cryptographic Signature 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to retrieve user information and modify settings without any authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The

Continue ReadingICS Advisory: Rockwell Automation FactoryTalk Service Platform
Read more about the article ICS Advisory: Rockwell Automation ControlLogix and GuardLogix

ICS Advisory: Rockwell Automation ControlLogix and GuardLogix

  • Post author:
  • Post category:

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix, GuardLogix Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to crash the device by exploiting a Denial-of-Service (DoS) vulnerability. 3. TECHNICAL DETAILS

Continue ReadingICS Advisory: Rockwell Automation ControlLogix and GuardLogix
Read more about the article ICS Advisory: Hitron Systems Security Camera DVR

ICS Advisory: Hitron Systems Security Camera DVR

  • Post author:
  • Post category:

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: Hitron Systems Equipment: DVR Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to affect the availability of the product through exploitation of an improper input validation vulnerability and

Continue ReadingICS Advisory: Hitron Systems Security Camera DVR
Read more about the article ICS Advisory: Mitsubishi Electric MELSEC WS Series Ethernet Interface Module

ICS Advisory: Mitsubishi Electric MELSEC WS Series Ethernet Interface Module

  • Post author:
  • Post category:

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: MELSEC WS Series Vulnerability: Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized attacker to login to the modules and disclose or tamper with the programs and parameters in the modules. 3. TECHNICAL

Continue ReadingICS Advisory: Mitsubishi Electric MELSEC WS Series Ethernet Interface Module