Improper Input Validation vulnerability has been discovered in Horner Automation's Equipment- Cscape.
Successful exploitation of this vulnerability could crash the device being accessed, allow the attacker to read
confidential information, and may allow an attacker to remotely execute arbitrary code.
Open Redirect vulnerability has been discovered in Schneider Electric's Equipment- EcoStruxure.
Successful exploitation of this vulnerability could allow an attacker to use this device as a platform to
conduct a phishing attack.
Heap-based Buffer Overflow vulnerability has been discovered in Rockwell Automation's
Equipment- FactoryTalk Services Platform. Successful exploitation of this vulnerability could
allow a remote attacker to diminish communications or cause a complete denial of service to the device.
Multiple vulnerabilities such as Missing Authentication for Critical Function,
Cross-site Scripting have been discovered in ABB's Equipment- GATE-E2.
Successful exploitation of these vulnerabilities could allow unrestricted access
to the administrative telnet/web interface of the device, enabling attackers to
compromise the availability of the device, read or modify registers and settings,
or change the device configuration.
Improper Input Validation vulnerability has been discovered in Advantech's Equipment- WebAccess/SCADA.
Successful exploitation of this vulnerability could cause a stack buffer overflow condition.
Improper Access Control vulnerability has been discovered in 3S-Smart Software Solutions
GmbH's Equipment- CODESYS Control V3 products. Successful exploitation of this vulnerability
could allow unauthorized access and exfiltration of sensitive data including user credentials.
Multiple vulnerabilities such as Use of Insufficiently Random Values, Improper Restriction of Communication Channel
to Intended Endpoints have been discovered in 3S-Smart Software Solutions GmbH's Equipment- CODESYS V3 products.
Successful exploitation of these vulnerabilities could allow a remote attacker to disguise the source of malicious
communication packets and also exploit a random values weakness affecting confidentiality and integrity of data stored
on the device.
Missing Authentication for Critical Function vulnerability has been discovered in Siemens' Equipment- TIM 1531 IRC.
Successful exploitation of this vulnerability could allow an attacker to perform arbitrary administrative operations.
Improper Authentication vulnerability has been discovered in ABB's Equipment- CMS-770.
Successful exploitation of this vulnerability may allow an attacker to read sensitive
configuration files that may lead to code execution on the device.
Improper Authentication vulnerability has been discovered in ABB's Equipment- M2M ETHERNET.
Successful exploitation of this vulnerability could allow an attacker to upload a malicious language file.
Missing Encryption of Sensitive Data vulnerability has been discovered in Medtronic's Equipment- 9790 CareLink Programmer,
2090 CareLink Programmer, 29901 Encore Programmer. Successful exploitation of the vulnerability may allow an attacker with
physical access to an affected programmer to access PHI or PII stored on the device.
Multiple vulnerabilities such as Type Confusion, Stack-based Buffer Overflow have been discovered in Schneider Electric's
Equipment- Eurotherm by Schneider Electric GUIcon. Successful exploitation of these vulnerabilities may allow an attacker to execute code
with privileges within the context of the application.
Improper Input Validation vulnerability has been discovered in Siemens' Equipment- EN100 Ethernet Communication Module
and SIPROTEC 5 relays. Successful exploitation of these vulnerabilities could cause a denial-of-service condition of
the network functionality of the device, compromising the availability of the system.
OS Command Injection vulnerability has been discovered in Geutebrück GmbH's Equipment- E2 Camera Series.
Successful exploitation of this vulnerability may allow a remote attacker to inject OS commands as root.
Path Traversal vulnerability has been discovered in GE's Equipment- Mark VIe, EX2100e, EX2100e_Reg, and LS2100e.
Successful exploitation of this vulnerability could allow an attacker to access system data, which could result
in escalation of privilege and unauthorized access to the controller.
Improper Access Control vulnerability has been discovered in McAfee's Equipment- SINAMICS PERFECT HARMONY GH180.
These files can be executed to compromise the HMI, and by extension, the drive system.
Multiple vulnerabilities such as Heap-based Buffer Overflow, Integer Overflow or Wraparound,
Protection Mechanism Failure, Permissions, Privileges, and Access Controls, Stack-based Buffer Overflow,
Uncaught Exception have been discovered in Siemens' Equipment- SINUMERIK Controllers.
Successful exploitation of these vulnerabilities could cause denial-of-service conditions, privilege escalation, or allow remote code execution.
Inadequate Encryption Strength vulnerability has been discovered in Philips' Equipment- Philips HealthSuite Health Android App.
Successful exploitation of this vulnerability may allow an attacker with physical access to impact confidentiality and integrity of the product.
XXE vulnerability has been discovered in GE's Equipment- Proficy GDS.
Successful exploitation of this vulnerability could allow an attacker to initiate an OPC UA session and retrieve an arbitrary file.
Missing Authentication for Critical Function vulnerability has been discovered in Rockwell Automation's Equipment-
MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules. Successful exploitation of this
vulnerability could allow an unauthenticated attacker to modify system settings and cause a loss of communication between the device and the system.
Multiple vulnerabilities such as Stack-based Buffer Overflow, Use After Free have been discovered in Omron's Equipment- CX-One.
Successful exploitation of these vulnerabilities could allow an attacker to execute code under the privileges of the application.
Reflected Cross-site Scripting vulnerability has been discovered in SpiderControl's Equipment- SCADA WebServer.
Successful exploitation of this vulnerability could allow an attacker to execute JavaScript on the victim’s browser.
Multiple vulnerabilities such as Deserialization of Untrusted Data, Heap-based Buffer Overflow have been discovered in INVT Electric's Equipment- VT-Designer.
Successful exploitation of these vulnerabilities could cause the program to crash and may allow remote code execution.
Uncontrolled Search Path Element vulnerability has been discovered in AVEVA Software's Equipment- Vijeo Citect, Citect SCADA.
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
Insufficient Verification of Data Authenticity vulnerability has been discovered in Schneider Electric's Equipment- Modicon M221.
Successful exploitation of this vulnerability could cause a change of IPv4 configuration (IP address, mask, and gateway)
when remotely connected to the device.
Stack-based Buffer Overflow vulnerability has been discovered in Teledyne DALSA's Equipment- Sherlock.
Successful exploitation of this vulnerability could crash the device being accessed; a buffer overflow
condition may allow remote code execution.
Multiple vulnerabilities such as Path Traversal, Open Redirect have been discovered in Siemens' Equipment- SIMATIC Panels.
Successful exploitation of these vulnerabilities could allow download of arbitrary files from the device, or allow URL redirections to untrusted websites.
Improper Authentication vulnerability has been discovered in Siemens' Equipment- SIMATIC IT Production Suite.
Successful exploitation of this vulnerability could allow an attacker to compromise confidentiality, integrity and
availability of the system.
Unprotected Storage of Credentials vulnerability has been discovered in Siemens' Equipment- SIMATIC STEP 7 (TIA Portal).
Successful exploitation of this vulnerability could allow an attacker to reconstruct passwords.
Resource Exhaustion vulnerability has been discovered in Siemens' Equipment- SIMATIC S7.
Successful exploitation of this vulnerability could result in a denial-of-service condition that could
result in a loss of availability of the affected device.
Cross-site Scripting vulnerability has been discovered in Siemens' Equipment- SCALANCE S.
If an attacker tricks a user into clicking a malicious link, the device could allow arbitrary script injection (XSS).
Code Injection vulnerability has been discovered in Siemens' Equipment- SIMATIC Panels and SIMATIC WinCC.
Successful exploitation of this vulnerability could allow an attacker with network access to the web server to perform
a HTTP header injection attack.
Improper Input Validation vulnerability has been discovered in Siemens' Equipment- S7-400 CPUs.
Successful exploitation of these vulnerabilities could crash the device being accessed which may
require a manual reboot or firmware re-image to bring the system back to normal operation.
Improper Access Control vulnerability has been discovered in Siemens' Equipment- IEC 61850 system configurator, DIGSI 5,
DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC. Successful exploitation of this vulnerability could allow a
remote attacker to exfiltrate limited data from the system or execute code with operating system user permissions.
Weak Password Requirements vulnerability has been discovered in Philips' Equipment- iSite and IntelliSpace PACS.
Successful exploitation of this vulnerability may allow an attacker with local network access to impact confidentiality,
integrity, and availability of a component of the system.
Multiple vulnerabilities such as Improper Authentication, OS Command Injection, Unrestricted Upload of File with Dangerous Type,
Improper Access Control have been discovered in Roche Diagnostics' Equipment- Accu-Chek Inform II, CoaguChek Pro II/XS Plus/XS Pro,
cobas h 232 POC handheld medical devices. Successful exploitation of these vulnerabilities could allow an attacker to gain
unauthorized access to modify system settings or execute arbitrary code.
International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow vulnerability in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.
A vulnerability in the ft_font_face_hash function of libgxps could allow an unauthenticated, remote attacker to cause a Denial of Service (DoS) condition on a targeted system.
Armis announced the presence of a Remote Code Execution (RCE) or
Denial of Service (DoS) vulnerability in the Bluetooth Low Energy (BLE) Stack on Texas Instruments (TI) chips CC2640 and CC2650.
Improper Restriction of XML External Entity Reference vulnerability has been discovered
in Fr. Sauter AG's Equipment- CASE Suite. Successful exploitation of this vulnerability
could allow an attacker to remotely retrieve unauthorized files from the system.
Multiple vulnerabilities such as Authentication Bypass Using an Alternate Path or Channel,
Insufficiently Protected Credentials have been discovered in Circontrol's Equipment- CirCarLife.
Successful exploitation of these vulnerabilities could allow a remote attacker to retrieve credentials
stored in clear text to bypass authentication, and see and access critical information.
DLL hijacking vulnerability has been discovered in Schneider Electric's Equipment- Software Update (SESU).
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
Stack-based Buffer Overflow, Empty Password in Configuration File vulnerabilities have been
discovered in AVEVA Software's Equipment- InduSoft Web Studio and InTouch Edge HMI.
Successful exploitation of these vulnerabilities could allow an unauthenticated user to remotely execute code.
Improper Privilege Management vulnerability has been discovered in PEPPERL+FUCHS's Equipment- CT50-Ex.
Successful exploitation of this vulnerability could allow a malicious third-party application to gain elevated privileges
and obtain access to sensitive information.
Cross-site Scripting vulnerability has been discovered in GEOVAP's Equipment- Reliance 4 SCADA/HMI.
Successful exploitation of this vulnerability could allow an unauthenticated attacker to use HTTP proxy to
inject arbitrary Javascript in a specially crafted HTTP request that may reflect it back in the HTTP response.
Multiple vulnerabilities such as Improper Access Control, Stack-based Buffer Overflow have been discovered in Advantech's Equipment- WebAccess.
Successful exploitation of these vulnerabilities could allow for arbitrary remote code execution.
Authentication Bypass by Capture-Replay vulnerability has been discovered in Telecrane's Equipment- F25 Series.
Successful exploitation of this vulnerability could allow unauthorized users to view commands, replay commands,
control the device, or stop the device from running.
Multiple vulnerabilities such as Authentication Bypass by Capture-replay, Improper Access Control, Improper
Authentication have been discovered in GAIN Electronic's Equipment- SAGA1-L series. Successful exploitation
of these vulnerabilities could allow remote code execution and potentially delete the product's firmware.
Multiple vulnerabilities such as Stack-based Buffer Overflow, External Control of File Name or Path, Improper
Privilege Management, Path Traversal have been discovered in Advantech's Equipment- WebAccess.
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, access files
and perform actions at a privileged level, or delete files on the system.
Multiple vulnerabilities such as Improper Restriction of Operations within the Bounds of a Memory Buffer,
Out-Of-Bounds Read, Use-After-Free, Incorrect Type Conversion or Cast vulnerabilities have been discovered
in Omron's Equipment- CX-Supervisor. Successful exploitation of these vulnerabilities could allow an
attacker to execute code under the context of the application, corrupt objects, and force the application
to read a value outside of an array.
Multiple vulnerabilities such as Untrusted Pointer Dereference, Out-of-Bounds Read, Integer Overflow to Buffer Overflow, Path Traversal,
Out-of-bounds Write, and Stack-based Buffer Overflow vulnerabilities have been discovered in LCDS' Equipment- LAquis SCADA.
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, crash the system, or write controlled
content to the target system.
Multiple vulnerabilities such as Out-of-bounds Write, Stack-based Buffer Overflow vulnerabilities have been discovered in Delta Electronics' Equipment- Delta Industrial Automation TPEditor.
Successful exploitation of these vulnerabilities could crash the accessed device, resulting in a buffer overflow condition that may allow remote code execution.
Multiple vulnerabilities such as Use of Insufficiently Random Values, Use of Obsolete Function, Incorrect Permission Assignment for Critical Resource, Use of Hard-coded Credentials vulnerabilities have been discovered in NUUO's Equipment- CMS.
Successful exploitation of theses vulnerabilities could result in arbitrary remote code execution.
Multiple vulnerabilities such as Stack-based Buffer Overflow, Leftover Debug Code vulnerabilities have been discovered in NUUO's Equipment- NVRmini2, NVRsolo.
Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution and user account modification.
Unsafe ActiveX Control Marked Safe For Scripting vulnerability has been discovered in GE's Equipment- Gigasoft component of iFix.
Successful exploitation of this vulnerability could cause a buffer overflow condition.
Cryptographic issues has been discovered in Siemens' Equipment- SCALANCE W1750D.
Successful exploitation of this vulnerability could allow an attacker to decrypt TLS traffic.
Multiple vulnerabilities such as Predictable From Observable State, Hidden Functionality, Missing Encryption of Sensitive Data have been discovered in Hangzhou's Equipment- XMeye P2P Cloud Server.
Successful exploitation of these vulnerabilities could allow unauthorized access to video feeds with the potential to modify settings, replace firmware, and/or execute code.
Denial of Service from improper input validation vulnerability has been discovered in Siemens' Equipment- SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP Open Controller.
An attacker with network access to the PLC may be able to cause a denial-of-service condition on the network stack.
Uncontrolled Search Path Element vulnerability has been discovered in Fuji Electric's Equipment- Fuji Electric Energy Savings Estimator.
Successful exploitation of this vulnerability may allow an attacker to load a malicious DLL and execute code on the affected system with
the same privileges as the application that loaded the malicious DLL.
CSRF vulnerability has been discovered in Siemens' Equipment- SIMATIC S7-1200 CPU Family Version 4.
Successful exploitation of this vulnerability could allow a CSRF attack if an unsuspecting user is tricked into accessing a malicious link.
Improper Privilege Management vulnerability has been discovered in Siemens' Equipment- ROX II.
Successful exploitation of these vulnerabilities could allow valid users to escalate their privileges and execute arbitrary commands.
Multiple vulnerabilities such as Stack-based Buffer Overflow, Out-of-Bounds Write, Information Exposure Through XML External Entity Reference,
Out-of-Bounds Read have been discovered in WECON's Equipment- PI Studio. Successful exploitation of these vulnerabilities may allow remote
code execution, execution of code in the context of an administrator, read past the end of an allocated object or allow an attacker to disclose
sensitive information under the context of administrator.
Information Exposure Through an Error Message vulnerability has been discovered in Change Healthcare's Equipment- PeerVue Web Server.
Successful exploitation of this vulnerability could allow an attacker to obtain technical information about the PeerVue Web Server,
allowing an attacker to target a system for attack.
Information Exposure Through an Error Message vulnerability has been discovered in Carestream's Equipment- Carestream Vue RIS.
An attacker with access to the network of the affected system can passively read traffic.
Multiple vulnerabilities such as Improper Authentication, Information Exposure Through Query Strings in GET Request have been discovered in Delta Electronics' Equipment- EMG 12.
Successful exploitation of these vulnerabilities may allow attackers to gain unauthorized access and could allow the ability to change device configuration and settings.
Heap-based Buffer Overflow vulnerability has been discovered in GE's Equipment- Communicator.
Exploitation could allow attackers to execute arbitrary code or create a denial-of-service condition.
Stack-based Buffer Overflow vulnerability has been discovered in Delta Electronics' Equipment- ISPSoft.
Successful exploitation of this vulnerability could allow an attacker to execute code under the context of the application.
Multiple vulnerabilities such as Buffer Over-read, Out-of-Bounds Read, Stack-based Buffer Overflow have been discovered in Fuji Electric's Equipment- FRENIC Loader, FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace.
Successful exploitation of these vulnerabilities could allow for arbitrary remote code execution affecting the availability of the device.
Out-of-Bounds Read vulnerability has been discovered in Delta Electronics' Equipment- Delta Industrial Automation PMSoft.
Successful exploitation of this vulnerability could allow an attacker to read confidential information.
Multiple vulnerabilities such as Classic Buffer Overflow, Heap-based Buffer Overflow have been discovered in Fuji Electric's Equipment- Alpha5 Smart Loader.
Successful exploitation of these vulnerabilities could allow for arbitrary remote code execution on the device.
Stack-based Buffer Overflow vulnerability has been discovered in Emerson's Equipment- AMS Device Manager.
Successful exploitation of these vulnerabilities could allow arbitrary remote code execution and malware injection.
Multiple vulnerabilities such as Stack-based Buffer Overflow, Heap-based Buffer Overflow,
Resource Exhaustion have been discovered in Rockwell Automation's Equipment- RSLinx Classic.
Successful exploitation of these vulnerabilities could crash the device being accessed or allow arbitrary code execution on the device.
Missing Authentication for Critical Function vulnerability has been discovered in Tec4Data's Equipment- SmartCooler.
Successful exploitation of this vulnerability could cause the device to shut down by exploiting missing authentication for a critical function.
Stack-based Buffer Overflow vulnerability has been discovered in WECON's Equipment- PLC Editor.
Successful exploitation of this vulnerability could result in unauthorized code execution within the current process.
Improper Privilege Management vulnerability has been discovered in Honeywell's Equipment- Mobile Computers.
A vulnerability in a system service on CT60, CN80, CT40, CK75, CN75, CT50, D75e, CN51, and EDA series mobile
computers running the Android Operating System (OS) could allow a malicious third-party application to gain elevated privileges.
Multiple vulnerabilities such as Use-After Free, Untrusted Pointer Dereference,
Heap-based Buffer Overflow, Out-of-Bounds Write, Integer Underflow, Out-of-Bounds Read,
and Stack-based Buffer Overflow have been discovered in Fuji Electric's Equipment- V-Server.
Successful exploitation of these vulnerabilities could allow for remote code execution on the device,
causing a denial of service condition or information exposure.
Classic Buffer Overflow vulnerability has been discovered in Fuji Electric's V-Server Lite Equipment.
Successful exploitation of this vulnerability could allow a remote attacker to view sensitive information and disrupt the availability of the device.
Improper Input Validation vulnerability has been discovered in Siemens' SCALANCE X Switches Equipment.
Successful exploitation of this vulnerability could allow an attacker with network access to the device to cause a denial-of-service condition.
Improper Access Control vulnerability has been discovered in Siemens' SIMATIC WinCC OA Equipment.
Successful exploitation of this vulnerability could allow an unauthenticated remote user to escalate their privileges in the context of the program.
Uncontrolled Search Path Element vulnerability has been discovered in Siemens' TD Keypad Designer Equipment.
Successful exploitation of this vulnerability could allow a local low-privileged attacker to escalate their privileges.
Multiple vulnerabilities such as Improper Authentication, Unprotected Storage of Credentials have been discovered in
Ice Qube's Equipment- Thermal Management Center. Successful exploitation of these vulnerabilities could allow an
attacker to gain unauthorized access to configuration files or obtain sensitive information.
Stack-based Buffer Overflow vulnerability has been discovered in
Opto22's Equipment- PAC Control Basic and PAC Control Professional.
Successful exploitation of this vulnerability could crash the device
being accessed, and a buffer overflow condition may then allow remote code execution.
Multiple vulnerabilities such as Improper Input Validation, Cross-site Scripting,
Information Exposure, Incorrect Default Permissions, Cleartext Transmission of
Sensitive Information, Cross-site Request Forgery, Session Fixation, Resource Exhaustion,
Use of Hard-coded Credentials have been discovered in Philips' Equipment- Philips e-Alert Unit.
Successful exploitation from an attacker within the same subnet may impact or compromise user contact details, unit integrity, and/or unit availability.
Code Weakness vulnerability has been discovered in Qualcomm Life's Equipment- Capsule Datacaptor Terminal Server (DTS).
Successful exploitation of this vulnerability could allow an attacker to execute unauthorized code to obtain administrator-level privileges on the device.
Cross-site Scripting vulnerability has been discovered in Schneider Electric's Equipment- PowerLogic PM5560.
Successful exploitation of this vulnerability could allow user input to be manipulated, allowing for remote code execution.
Improper Authentication vulnerability has been discovered in ABB's eSOMS Equipment.
Successful exploitation of this vulnerability requires an attacker to discover a valid user account,
which could be used to gain access to the application without authentication.
Improper Authentication vulnerability has been discovered in BD's Equipment- Alaris GS, Alaris GH, Alaris CC, Alaris TIVA.
Successful exploitation of this vulnerability may allow a remote attacker to gain unauthorized access to various Alaris
Syringe pumps and impact the intended operation of the pump when it is connected to a terminal server via the serial port.
Resource Exhaustion vulnerability has been discovered in Philips's Equipment- Philips IntelliVue Information Center iX.
Successful exploitation of this vulnerability may result in a denial of service, the operating system will become unresponsive
due to the network attack, which will affect the applications ability to meet the intended use.
Stack-based Buffer Overflow vulnerability has been discovered in Yokogawa's Equipment- iDefine, STARDOM, ASTPLANNER, and TriFellows.
Successful exploitation of this vulnerability may allow arbitrary code execution, or the stopping of the license management function.
Multiple vulnerabilities such as Improper Input Validation, Use of Hard Coded Credentials have been discovered in
Philips' Equipment- PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs. Successful exploitation of these vulnerabilities
could allow buffer overflows, or allow an attacker to access and modify settings on the device.
Multiple vulnerabilities such as Uncontrolled Search Path Element, Relative Path Traversal, Improper Privilege Management,
Stack-Based Buffer Overflow have been discovered in Emerson's Equipment- DeltaV DCS Workstations. Successful exploitation
of these vulnerabilities could allow arbitrary code execution, malware injection, or malware to spread to other workstations.
Multiple vulnerabilities such as Path Traversal, Improper Authentication have been discovered in
Tridium's Equipment- Niagara. Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution.
Multiple vulnerabilities such as Improper Privilege Management, Unquoted Search Path or Element have been discovered in
Philips' Equipment- Philips’ IntelliSpace Cardiovascular (ISCV) products. Successful exploitation of these vulnerabilities could
allow an attacker with local access and users privileges to the ISCV/Xcelera server to escalate privileges on the ISCV/Xcelera server and execute arbitrary code.
Incorrect Default Permissions vulnerability has been discovered in
Siemens' Equipment. Successful exploitation of these vulnerabilities may allow
an attacker with local file write access to manipulate files and cause a denial-of-service-condition,
or execute code both on the manipulated installation as well as devices configured using the manipulated installation.
Cleartext Transmission of Sensitive Information vulnerability has been discovered in
Siemens' Industrial Products Equipment. Successful exploitation of this vulnerability
could result in unencrypted data being transmitted by the SSL/TLS record layer.
Multiple vulnerabilities such as Relative Path Traversal, Improper Input Validation have been discovered in
Siemens' Equipment- Automation License Manager. Successful exploitation of these vulnerabilities could allow
remote code execution or allow an attacker to determine port status on another remote system.
Multiple vulnerabilities such as OS Command Injections, Improper Access Control, Insufficiently Protected Credentials have been discovered in
Crestron's Equipment- TSW-X60 and MC3. Successful exploitation of these vulnerabilities may allow remote code execution with escalated system privileges.
Multiple vulnerabilities such as Information Exposure, Cross-site Request Forgery, Cross-site Scripting, Information Exposure through Directory Listing have been discovered in NetComm Wireless' Equipment- 4G LTE Light Industrial M2M Router.
Successful exploitation of these vulnerabilities could allow for the exposure of sensitive information.
Multiple vulnerabilities such as Insufficient Verification of Data Authenticity, Storing Passwords in a Recoverable Format have been discovered in
Medtronic's Equipment- MyCareLink Patient Monitor. Successful exploitation of these vulnerabilities may allow an attacker with physical access
to obtain per-product credentials that are utilized to authenticate data uploads and encrypt data at rest.
Multiple vulnerabilities such as Stack-based Buffer Overflow, Out-of-Bounds Read have been discovered in
Delta Electronics' Equipment- CNCSoft and ScreenEditor. Successful exploitation of these vulnerabilities could allow an attacker to gain remote code execution with administrator privileges.
Multiple vulnerabilities such as Stack-based Buffer Overflow, Heap-based Buffer Overflow have been discovered in
WECON's Equipment- LeviStudioU. Successful exploitation of these vulnerabilities could allow an attacker to execute remote code.
Information Exposure Through an Error Message vulnerability has been discovered in
Johnson Controls' Equipment- Metasys and BCPro.
Successful exploitation of this vulnerability could allow an attacker to
obtain technical information about the Metasys or BCPro server, allowing an attacker to target a system for attack.
Use of Password Hash With Insufficient Computational Effort vulnerability has been discovered in
Davolink's Equipment- DVW-3200N. Successful exploitation of this vulnerability may result in a
remote attacker obtaining the password to the device.
Stack-based Buffer Overflow vulnerability has been discovered in
AVEVA's Equipment- InduSoft Web Studio and InTouch Machine Edition.
The listed products are vulnerable only if the TCP/IP Server Task is enabled.
A remote attacker could send a carefully crafted packet during a tag, alarm,
or event related action such as read and write, which may allow remote code execution.
Multiple vulnerabilities such as Information Exposure, Authentication Bypass Using an Alternate Path
or Channel, Unprotected Storage of Credentials, Cleartext Transmission of Sensitive Information have been discovered in
Echelon's Equipment- SmartServer 1, SmartServer 2, i.LON 100, i.LON 600.
Successful exploitation of these vulnerabilities could allow for remote code execution on the device.
Resource Exhaustion vulnerability has been discovered in
Moxa's Equipment- NPort 5210, 5230, 5232.
Successful exploitation of this vulnerability could allow a
remote attacker to send TCP SYN packages, causing a resource
exhaustion condition that would cause the device to become unavailable.
Improper Input Validation has been discovered in
ABB's Equipment- Panel Builder 800.
An attacker could exploit the vulnerability by tricking
a user to open a specially crafted file, allowing the attacker
to insert and run arbitrary code. This vulnerability requires
user interaction, and the exploit is only triggered when a
local user runs the affected product and loads the specially crafted file.
Multiple vulnerabilities such as Cross-site Scripting, Unrestricted
Upload of File with Dangerous Type, and Incorrect Permissions for Critical Resource have been discovered in
WAGO's Equipment- e!DISPLAY Web-Based-Management (WBM).
Successful exploitation of these vulnerabilities could allow an attacker
to execute code in the context of the user, execute code within the user’s
browser, place malicious files within the filesystem, and replace existing files to allow privilege escalation.
Improper Authentication vulnerability has been discovered in
VisuNet RM, VisuNet PC, Box Thin Client (BTC).
Successful exploitation of this vulnerability could allow attackers
to intercept sensitive communications, establish a man-in-the-middle
attack, achieve administrator privileges, and execute remote code.
Stack-based Buffer Overflow vulnerability has been discovered in
Eaton's Equipment- 9000X Drive. Successful exploitation of this vulnerability may allow remote code execution.
Multiple vulnerabilities such as Incorrect Default Permissions, XXE, Resource Exhaustion have been discovered in
SEL's Equipment- Compass and AcSELerator Architect. Successful exploitation of these vulnerabilities could allow
modification/replacement of files within the Compass installation directory, disclosure of information, or denial of service.
Multiple vulnerabilities such as Use of Hard-coded Credentials, Missing Authentication for Critical Function have been discovered in
Universal Robots' Equipment- Robot Controllers. Successful exploitation of these vulnerabilities could allow a remote attacker to run
arbitrary code on the device.
Improper Input Validation, Improper Certificate Validation and Resource Management Errors vulnerabilities
have been discovered in Rockwell Automation 's Equipment- Allen-Bradley Stratix 5950.
Successful exploitation of these vulnerabilities could allow an attacker to bypass client certification
to create connections to the affected device or cause the device to crash.
Use of Hard-coded Password and Exposed Dangerous Method or Function vulnerabilities
have been discovered in Medtronic 's Equipment- MyCareLink Patient Monitor.
If exploited, these vulnerabilities may allow privileged access to the monitor’s operating system.
Improper Input Validation vulnerability has been discovered in
Rockwell Automation's Equipment- Allen-Bradley CompactLogix
and Compact GuardLogix. Successful exploitation of this vulnerability
could result in a denial-of-service condition.
Stack-based Buffer Overflow vulnerability has been discovered in
Delta Electronics' Equipment- Delta Industrial Automation COMMGR.
Successful exploitation of this vulnerability may allow remote code
execution, cause the application to crash, or cause a denial-of-service
condition in the application server.
Multiple vulnerabilities such as Stack-Based Buffer Overflow, Out-of-Bounds Read
have been discovered in Natus Xltek NeuroWorks software. Successful exploitation
of these vulnerabilities require access to the Natus customer network, and could
crash the device being accessed; a buffer overflow condition may allow remote code execution.
Permissions, Privileges, and Access Controls vulnerability in Siemens'
Equipment- SCALANCE X switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C.
By sending a specially-crafted DHCP response to a client’s DHCP request, an unprivileged remote attacker could execute arbitrary code.
Multiple vulnerabilities such as Command Injection, Cross-site Scripting, and Improper Input Validation
have been discovered in Schneider's Electric Equipment- U.motion Builder.
Successful exploitation of these vulnerabilities could allow remote code execution.
Cross-site Scripting vulnerability has been discovered in
RSiemens' Equipment- SCALANCE X switches.
Successful exploitation of these cross-site scripting vulnerabilities
could allow an attacker to store script code on the website and execute
cross-site scripting (XSS), affecting the website’s confidentiality, integrity, and availability.
Unquoted Search Path or Element vulnerability has been discovered in
Rockwell Automation Equipment- RSLinx Classic and FactoryTalk Linx Gateway.
Successful exploitation of this vulnerability could allow an authorized,
but non-privileged local user to execute arbitrary code and allow a threat
actor to escalate user privileges on the affected workstation.
Multiple vulnerabilities such as Improper Authentication, Information Exposure, Stack-based Buffer Overflow
have been discovered in Philips' Equipment- IntelliVue Patient Monitors, Avalon Fetal/Maternal Monitors.
Successful exploitation may allow an attacker to read/write memory, and/or induce a denial of service through
a system restart, thus potentially leading to a delay in diagnosis and treatment of patients.
Multiple vulnerabilities such as Improper Authentication, Cross-site Request Forgery,
Unprotected Storage of Credentials have been discovered in ABB's Equipment- IP Gateway.
Successful exploitation of these vulnerabilities could allow attackers to perform actions using administrative privileges.
Multiple vulnerabilities such as Out-of-bounds Read, Heap-based Buffer Overflow, Stack-based Buffer Overflow have been discovered in
Delta Electronics' Equipment- Delta Industrial Automation DOPSoft. Successful exploitation of these vulnerabilities could allow a remote
attacker to read sensitive information, execute arbitrary code, and/or crash the application.
Multiple vulnerabilities such as Improper Authentication, Improper Restriction of XML External Entity Reference, Relative Path Traversal
have been discovered in GE's Equipment- MDS PulseNET and MDS PulseNET Enterprise. Exploitation of these vulnerabilities may allow
elevation of privilege and exfiltration of information on the host platform.
Hard-coded Credentials vulnerability has been discovered in Yokogawa's Equipment- STARDOM Controllers.
Successful exploitation of this vulnerability could allow an attacker to gain access to the affected device,
which could result in remote code execution.
Multiple vulnerabilities such as Improper Access Control, Insufficiently Protected Credentials
and Unprotected Storage of Credentials have been discovered in BeaconMedaes Equipment-
TotalAlert Scroll Medical Air Systems web application. Successful exploitation of these vulnerabilities
could allow an attacker to view and potentially modify some device information and web application setup information.
Multiple vulnerabilities such as Heap-based Buffer Overflow,
Improper Restriction of Operations within the Bounds of a Memory Buffer
and Open Redirect have been discovered in Schneider Electric's Equipment-
Floating License Manager. Successful exploitation of these vulnerabilities could
cause a denial of service, allow arbitrary execution of code with system level privileges, or send users to arbitrary websites.
Product UI does not Warn User of Unsafe Actions vulnerability has been discovered in BD Kiestra and InoqulA systems.
Successful exploitation of this vulnerabiliy may lead to loss or corruption of data.
Multiple vulnerabilities such as Missing Authentication for Critical Function, Resource Exhaustion and
Cross-Site Scripting have been discovered in Martem's TELEM-GW6/GWM. Successful exploitation of these
vulnerabilities could allow execution of unauthorized industrial process control commands, denial of service, or client-side code execution.
Missing Encryption of Sensitive Data vulnerability has been discovered in Medtronic N'Vision Clinician Programmer.
Successful exploitation of this vulnerability may allow an attacker with physical access to an 8870 N’Vision Compact Flash card to access information.
Vulnerability in PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CPU320/CRU320, RXi has been discovered.
Successful exploitation of this vulnerability could cause the device to reboot and change its state, causing the device to become unavailable.
Multiple vulnerabilities such as Command Injection, Information Exposure,
Stack-based Buffer Overflow have been discovered in PHOENIX CONTACT's FL SWITCH 3xxx/4xxx/48xx Series.
Successful exploitation of these vulnerabilities could allow for remote code execution and information disclosure.
Improper Input Validation vulnerability has been discovered in Siemens' SINAMIC S7-400 CPU.
Successful exploitation of this vulnerability could cause a denial-of-service condition of the CPU.
The CPU will remain in DEFECT mode until a manual restart is performed.
Heap-based Buffer Overflow vulnerability has been discovered in Delta Electronics' Equipment - Delta Industrial Automation TPEditor.
Successful exploitation of this vulnerability could crash the accessed device,
resulting in a buffer overflow condition that may allow remote code execution.
Multiple vulnerabilities such as SQL Injection, Improper Authorization, Path Traversal,
Heap-based Buffer Overflow, Stack-based Buffer Overflow, Untrusted Pointer Dereference,
Improper Privilege Management, and External Control of File Name or Path have been discovered
in Advantech's WebAccess. Successful exploitation of these vulnerabilities could allow an attacker
to disclose sensitive information from the host and/or target, execute arbitrary code, or delete files.
Multiple vulnerabilities such as Execution with Unnecessary Privileges, Exposure of Resource to Wrong Sphere and
Use of Hard-coded Credentials have been discovered in Philips Brilliance CT Scanners. Successful exploitation of
these vulnerabilities may allow an attacker to attain elevated privileges and access unauthorized system resources,
including access to execute software or to view/update files including patient health information (PHI), directories,
or system configuration.
Multiple vulnerabilities such as Improper Input Validation and Stack-based Buffer Overflow have been discovered in Lantech IDS 2102.
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code on the system through crafting malicious input.
Multiple Stack-Based Buffer Overflow vulnerabilities have been discovered in Delta Electronics PMSoft.
Successful exploitation of these vulnerabilities could cause the application to crash; stack-based
buffer overflow conditions may allow arbitrary code execution.
Stack-based Buffer Overflow Vulnerability has been discovered in WECON's Equipment -
LeviStudio HMI Editor, and PI Studio HMI Project Programmer.
Successful exploitation of these vulnerabilities could allow remote code execution.
Reusing a Nonce Vulnerability has been discovered in Certain BD Pyxis Products.
Successful exploitation of this vulnerability could allow data traffic manipulation,
resulting in partial disclosure of encrypted communication or injection of data.
Vulnerabilities such as OS Command Injection and Cleartext Transmission of Sensitive Information have been discovered in Vecna's VGo Robot.
Successful exploitation of these vulnerabilities could allow an attacker to capture firmware updates through network traffic and could
allow remote code execution on the VGo Robot, a mobile robotic assistant.
Buffer Overflow Vulnerability has been discovered in Intel 2G Modem.
Successful exploitation of this buffer overflow vulnerability may allow remote code execution.
Vulnerabilities such as Heap-based Buffer Overflow, Double Free, Out-of-bounds Write have been discovered in Advantech WebAccess HMI Designer.
Successful exploitation of these vulnerabilities may allow an attacker to remotely execute arbitrary code.
File and Directory Information Exposure Vulnerability has been discovered in Siemens SIMATIC WinCC OA Operator IOS App.
Successful exploitation of this vulnerability could allow an attacker with physical access to read sensitive data located in the app’s directory.
Multiple vulnerabilities such as Improper Authentication and Improper Restriction of
Power Consumption have been discovered in Abbott Laboratories' Implantable Cardioverter
Defibrillator (ICD) and Cardiac Synchronization Therapy Defibrillator.
Successful exploitation of these vulnerabilities may allow a nearby attacker to
gain unauthorized access to an ICD to issue commands, change settings, or otherwise
interfere with the intended function of the ICD.
Stack-based Buffer Overflow Vulnerability has been discovered in Schneider Electric Software's Equipment - InduSoft Web Studio and InTouch Machine Edition.
Successful exploitation of this vulnerability during tag, alarm, or event related actions could allow remote code execution that, under high privileges,
could completely compromise the device.
Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability has been
discovered in Schneider Electric's Triconex Tricon, model 3008. Successful exploitation of
these vulnerabilities could misinform or control the Safety Instrumented System which could
result in arbitrary code execution, system shutdown, or the compromise of safety systems.
Vulnerabilities such as Improper Input Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer,
Use of Externally-Controlled Format String have been discovered in Allen-Bradley Stratix 5900 Services Router.
Successful exploitation of these vulnerabilities could result in loss of availability, confidentiality, and/or
integrity caused by memory exhaustion, module restart, information corruption, and/or information exposure.
Vulnerabilities such as Improper Input Validation, Resource Management Errors, Improper Restriction of Operations within the Bounds of a Memory Buffer,
Use of Externally-Controlled Format String have been discovered in Allen-Bradley Stratix and ArmorStratix Switches.
uccessful exploitation of these vulnerabilities could result in loss of availability, confidentiality, and/or integrity
caused by memory exhaustion, module restart, information corruption, and/or information exposure.
Vulnerabilities such as Improper Input Validation, Resource Management Errors, 7PK – Errors, Improper Restriction of Operations within the Bounds of a Memory Buffer,
Use of Externally-Controlled Format String have been discovered in Allen-Bradley Stratix Industrial Managed Ethernet Switch. Successful exploitation of these
vulnerabilities could result in loss of availability, confidentiality, and/or integrity caused by memory exhaustion, module restart, information corruption,
and/or information exposure.
Permission, Privilege, and Access Control vulnerability has been discovered in certain Yokogawa CENTUM series, Exaopc, B/M9000 CS and B/M9000 VP products.
Successful exploitation of this vulnerability may allow a local attacker to generate false system or process alarms, or block system or process alarm displays.
Multiple vulnerabilities such as Improper Authentication and Missing Encryption of Sensitive Data have been discovered in
ATI Emergency Mass Notification Systems. Successful exploitation of these vulnerabilities could trigger false alarms.
Multiple vulnerabilities such as Stack-based Buffer Overflow, Heap-based Buffer Overflow and Type Confusion have been discovered in
Omron CX-One. Successful exploitation of these vulnerabilities could allow remote code execution.
Multiple improper authentication vulnerabilities have been discovered in Rockwell MicroLogix Controller. Successful exploitation of these vulnerabilities may
cause denial of service, disclosure of sensitive information, communication loss, modification of settings or ladder logic.
Improper Check or Handling of Exceptional Conditions vulnerability has been found in LAquis SCADA software versions 4.1.0.3391 and prior.
Successful exploitation of this vulnerability can cause the device to crash, resulting in a structured exception handler overflow condition,
which may allow code execution.
Multiple vulnerabilities have been identified in Siemens Building Technologies Products. Successful exploitation of these vulnerabilities may allow
arbitrary code execution, NTLM-relay attacks, remote code execution, denial of service, or increased attack surface.
Philips iSite and IntelliSpace PACS contain security vulnerabilities, predominantly in third-party components.
If exploited, these vulnerabilities could impact or compromise patient confidentiality, system integrity, and/or system availability.
Successful exploitation of this vulnerability could allow a denial-of-service condition affecting the ability
of the device to establish connections to commissioning and service software tools.
Improper Input Validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to cause
a denial-of-service condition on the remote and local communication functionality of the affected products.
A system reboot is required to recover.
Stack-based Buffer Overflow, Use of Hard-coded Credentials, Use of a Broken or Risky Cryptographic Algorithm vulnerabilities.
Successful exploitation of these vulnerabilities could allow a remote unauthorized attacker access to the file transfer service
on the device, which could result in arbitrary code execution or malicious firmware installation.
Untrusted Pointer Dereference vulnerability in Beckhoff TwinCAT. Successful exploitation of
this vulnerability could allow local attackers to escalate privileges.
Improper Access Control vulnerability in Siemens SIMATIC WinCC OA UI Mobile App.
This vulnerability could be exploited by an attacker who tricks an app user to
connect to a malicious WinCC OA server. Successful exploitation of this vulnerability
could allow an attacker to read and write data from and to the app’s project cache folder.
Multiple vulnerabilities in Geutebruck IP Cameras. Successful exploitation of these vulnerabilities
could lead to proxy network scans, access to a database, adding an unauthorized user to the system,
full configuration download including passwords, and remote code execution.
Improper Input Validation vulnerability in Siemens SIMATIC, SINUMERIK, and PROFINET IO .
Successful exploitation of this vulnerability could result in a denial-of-service condition
requiring a manual restart to recover the system.
The Quagga BGP daemon bpgd prior to version 1.2.3 may be vulnerable to multiple issues
that may result in denial of service, information disclosure, or remote code execution.
GE D60 Line Distance Relay Vulnerabilities. Successful exploitation of these vulnerabilities
could allow a remote attacker to execute arbitrary code on the device.
Nortek Linear eMerge E3 Series Command Injection Vulnerability.
Successful exploitation of this vulnerability could allow a remote attacker to execute malicious code on the system with
elevated privileges, allowing for full control of the server.
Adobe has released security updates for Adobe Experience Manager.
These updates resolve a reflected cross-site scripting vulnerability (CVE-2018-4875) rated moderate,
and a cross-site scripting vulnerability (CVE-2018-4876) in Apache Sling XSS protection API rated important.
Microsoft has released updates to address vulnerabilities in Microsoft software.
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Schneider Electric IGSS SCADA Software Security Misconfiguration vulnerability.
Successful exploitation of this vulnerability could cause the device the attacker
is accessing to crash or execute arbitrary code.
WAGO PFC200 Series Improper Authentication vulnerability.Successful exploitation of this vulnerability could
allow a remote attacker unauthorized access to the PLC to perform operations on the file system without authentication.
Cisco has released several updates to address vulnerabilities affecting multiple products.
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
An uncontrolled search path element vulnerability in Vyaire Medical’s CareFusion Upgrade Utility application.
Successful exploitation of this vulnerability may allow an attacker to insert a malicious DLL on the target system and run arbitrary code.
February 6, 2018, is Safer Internet Day (SID), a worldwide event aimed at promoting the safe and
positive use of digital technology for all users, especially children and teens.
A vulnerability was reported in Squid. A remote user can cause denial of service conditions on the target system. Remediation : Ubuntu has issued a fix.
A vulnerability was reported in Apache Tomcat.
A remote user can execute arbitrary code on the target system. Red Hat JBoss is affected. Remediation : Ubuntu has issued a fix.
Fuji Electric Stack-based Buffer Overflow vulnerability.
Successful exploitation of this vulnerability could allow a
remote attacker to view sensitive information and disrupt the availability of the device.
3S-Smart Software Solutions GmbH Stack-based Buffer Overflow vulnerability.
Successful exploitation of this vulnerability could cause the device
to crash, resulting in a buffer overflow condition that may allow remote code execution.
Gemalto Sentinel License Manager Null Pointer Dereference, Buffer Overflows, Improper Access Control vulnerability.
Successful exploitation of these vulnerabilities could lead to remote code execution or cause a denial-of-service
condition, rendering the Sentinel LDK License Manager service unavailable.
Multiple vulnerabilities were reported in Mozilla Firefox.
A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can bypass security controls on the target system.
A remote user can spoof URLs. Mozilla Thunderbird is affected. Remediation : Red Hat has issued a fix.
Two vulnerabilities were reported in ASUS Routers.
A remote user can conduct cross-site request forgery attacks.
A remote user can conduct cross-site scripting attacks.
Two vulnerabilities were reported in ASUS Routers.
Cisco has released software updates to address a vulnerability in its IOS XR Software
Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series.
Mozilla has released a security update to address a vulnerability in Firefox.
Exploitation of this vulnerability may allow an attacker to take control of an affected system.
Siemens TeleControl Server Basic vulnerability. Successful exploitation of these vulnerabilities
could allow for escalation of privileges to perform administrative actions.
PHOENIX CONTACT Improper Validation of Integrity Check Value vulnerability.
Successful exploitation of this vulnerability could allow for an attacker to modify firmware update packages.
Cisco has released a security update to address a vulnerability in its Adaptive Security
Appliance software. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.
Google has released Chrome version 64.0.3282.119 for Windows, Mac, and Linux.
This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system.
Apple has released security updates to address vulnerabilities in multiple products.
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Lenovo has released security updates to address a vulnerability affecting Enterprise Network Operating System (ENOS) firmware.
An attacker could exploit this vulnerability to obtain sensitive information.
Major security flaw has been detected in computer chips being manufactured by major
OEMs in the last two decades. The security flaws are named as "Meltdown" & "Spectre".
It allows attacker to gain access of protected data in computer memory.
The United Kingdom's National Cyber Security Centre (NCSC) has released a report updating its guidance on
Turla Neuron malware, which provides a platform to steal sensitive data.
Cisco has released security updates to address vulnerabilities affecting multiple products.
An attacker could exploit one of these vulnerabilities to take control of an affected system.
Oracle has released its Critical Patch Update for January 2018 to address 237 vulnerabilities
across multiple products. A remote attacker could exploit some of these vulnerabilities to obtain access to sensitive information.
The Internet Systems Consortium (ISC) has released updates or workarounds that address vulnerabilities
in versions of ISC Dynamic Host Configuration Protocol (DHCP) and Berkeley Internet Name Domain (BIND).
A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.
Juniper Networks has released security updates to address vulnerabilities affecting multiple products.
An attacker could exploit some of these vulnerabilities to take control of an affected system.
VMware has released security updates to address vulnerabilities in VMware Workstation and Fusion.
An attacker could exploit these vulnerabilities to take control of an affected system.
VMware has released security updates to address a vulnerability in multiple products.
An attacker could exploit this vulnerability to obtain access to sensitive information.
A vulnerability in ASP.NET Core could allow an unauthenticated, remote attacker
to conduct a Cross-Site Request Forgery (CSRF) attack on a targeted system.
Microsoft has released updates to address vulnerabilities in Microsoft software.
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Adobe has released security updates to address a vulnerability in Flash Player.
A remote attacker could exploit this vulnerability to obtain sensitive information.
The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities.
An attacker could exploit one of these vulnerabilities to take control of an affected system.
Apple has released security updates to address vulnerabilities in multiple products.
An attacker could exploit these vulnerabilities to obtain access to sensitive information.
VMware has released security updates to address multiple vulnerabilities in vRealize Operations for Horizon,
vRealize Operations for Published Applications, Workstation, Horizon View Client, and Tools.
A remote attacker could exploit these vulnerabilities to take control of an affected system.
Multiple vulnerabilities were reported in Microsoft Edge. A remote user can cause arbitrary code to be
executed on the target user's system. A remote user can bypass cross-domain security controls on the target
system. A remote user can obtain potentially sensitive information on the target system.
Advantech has released WebAccess Version 8.3 to address the reported vulnerabilities.
Successful exploitation of these vulnerabilities could cause the device to crash. An attacker may be able to further exploit this condition to
remotely execute arbitrary code or bypass authentication.
Delta Electronics recommends affected users to update the latest version.
Successful exploitation of these vulnerabilities may allow an attacker to remotely execute arbitrary code.
Mozilla has released a security update to address a vulnerability in Firefox.
An attacker could exploit this vulnerability to obtain access to sensitive information.
A set of security vulnerabilities—known as Meltdown and Spectre—that affect modern computer processors.
Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.
