Read more about the article ICS Advisory: Schneider Electric IGSS

ICS Advisory: Schneider Electric IGSS

  • Post author:
  • Post category:

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: low attack complexity Vendor: Schneider Electric Equipment: IGSS (Interactive Graphical SCADA System) Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow arbitrary code execution or loss of control of the SCADA system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric

Continue ReadingICS Advisory: Schneider Electric IGSS
Read more about the article ICS Advisory: Advantech WebAccess

ICS Advisory: Advantech WebAccess

  • Post author:
  • Post category:

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could leak user credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Advantech WebAccess, are affected: Advantech WebAccess: Version

Continue ReadingICS Advisory: Advantech WebAccess
Read more about the article ICS Advisory: Hikvision Access Control and Intercom Products

ICS Advisory: Hikvision Access Control and Intercom Products

  • Post author:
  • Post category:

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Hikvision Equipment: Access Control and Intercom Products Vulnerabilities: Session Fixation, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker hijacking a session and gaining device operation permissions or result in an attacker modifying device network configuration by sending specific data packets

Continue ReadingICS Advisory: Hikvision Access Control and Intercom Products
Read more about the article ICS Advisory: Mitsubishi Electric MELSEC-F Series

ICS Advisory: Mitsubishi Electric MELSEC-F Series

  • Post author:
  • Post category:

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC-F Series Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability may allow a remote attacker to obtain sequence programs from the product, write malicious sequence programs, or improper data in the product without authentication.

Continue ReadingICS Advisory: Mitsubishi Electric MELSEC-F Series
Read more about the article ICS Advisory: Weintek cMT3000 HMI Web CGI

ICS Advisory: Weintek cMT3000 HMI Web CGI

  • Post author:
  • Post category:

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Weintek Equipment: cMT3000 CMI Web CGI Vulnerabilities: Stack-based Buffer Overflow, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to hijack control flow and bypass login authentication or execute arbitrary commands. 3. TECHNICAL DETAILS 3.1

Continue ReadingICS Advisory: Weintek cMT3000 HMI Web CGI