Blog Posts Tagged with "Advisory"

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Rockwell Automation FactoryTalk Vulnerability

January 21, 2012 Added by:Headlines

Multiple vulnerabilities have been with proof-of-concept exploit code affecting Rockwell Automation FactoryTalk, a SCADA/HMI product. The vulnerability is exploitable by sending specially crafted packets to the server. This report was released by Luigi Auriemma...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Schneider Quantum Ethernet Module Vulnerability

January 20, 2012 Added by:Headlines

Researcher Rubén Santamarta previously announced hard-coded credentials in the Schneider Electric Quantum Ethernet Module.Exploitation of these vulnerabilities may allow an attacker to gain elevated privileges, load modified firmware, or perform malicious activities on the system...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: General Electric D20ME PLC Vulnerability

January 20, 2012 Added by:Headlines

The GE D20ME PLC vulnerability is exploitable by utilizing TFTP connections to the controller. The report is based on information presented by Reid Wightman during Digital Bond’s SCADA Security Scientific Symposium without coordination with the vendor or ICS-CERT...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Certec EDV GmbH App DoS Vulnerability

January 19, 2012 Added by:Headlines

Independent researcher Luigi Auriemma has identified a denial of service (DoS) vulnerability in Certec EDV GmbH atvise application. Certec has produced an update that resolves this vulnerability. Mr. Auriemma validated that the update resolves the vulnerability...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Cogent DataHub Application Vulnerability

January 18, 2012 Added by:Headlines

A cross-site scripting vulnerability exists in the Cogent DataHub application because it lacks server-side validation of query string parameter values. Attacks require that a user visit a URL which injects client-side scripts into the server’s HTTP response...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: 7T IGSS Graphical SCADA System Vulnerability

January 17, 2012 Added by:Headlines

Researcher Kuang-Chun Hung of ICST has identified an unsafe search path vulnerability. Successful exploitation may allow an attacker using social engineering to execute arbitrary code and gain the same privileges as the user that is currently logged into the system...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Open Automation Software OPC Systems Vulnerability

January 13, 2012 Added by:Headlines

Researcher Luigi Auriemma publicly reported a malformed packet vulnerability in Open Automation Software’s OPC Systems.NET. A malformed packet could be sent remotely to cause a denial of service. Public exploits are known to target this vulnerability...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Phishing Campaign Using Spoofed US-CERT Emails

January 11, 2012 Added by:Headlines

US-CERT has received reports of a phishing email campaign that uses spoofed US-CERT email addresses. This campaign appears to be targeting a large number of private sector organizations as well as federal, state, and local governments...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: 3S Smart Software CoDeSys Vulnerabilities

January 10, 2012 Added by:Headlines

Mr. Auriemma publicly disclosed the five vulnerabilities along with proof-of-concept exploit code, including the vulnerability previously coordinated with ICS-CERT by Celil Unuver, without coordination with 3S Smart Software Solutions, ICS-CERT, or any other coordinating entity...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Control System Internet Accessibility Advisory

January 09, 2012 Added by:Headlines

The use of readily available and generally free search tools significantly reduces time and resources required to identify Internet facing control systems. In turn, hackers can use these tools to easily identify exposed control systems, posing an increased risk of attack...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Invensys Wonderware InBatch ActiveX Vulnerabilities

January 06, 2012 Added by:Headlines

Three vulnerabilities in Invensys Wonderware InBatch exist in the GUIControls, BatchObjSrv, and BatchSecCtrl ActiveX controls. Exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or cause a denial of service (DoS) on systems with affected versions of Wonderware...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Siemens Tecnomatix FactoryLink ActiveX

January 05, 2012 Added by:Headlines

Researchers identified two vulnerabilities affecting ActiveX components in the Siemens Tecnomatix FactoryLink application, including buffer overflow and data corruption. Successful exploitation of the vulnerabilities could allow an attacker to perform denial of service and arbitrary code execution...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

US CERT: Hash Table Collision Attack Vulnerability

January 04, 2012 Added by:Headlines

US-CERT is aware of reports stating that multiple programming language implementations, including web platforms, are vulnerable to hash table collision attacks. This vulnerability could be used by an attacker to launch a denial-of-service attack against websites using affected products...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: 7-Technologies IGSS Data Server Vulnerability

December 21, 2011 Added by:Headlines

"This vulnerability can be exploited by sending a specially crafted packet to Port 12401/TCP. A successful exploit will cause a buffer overflow that can result in a remote DoS against the 7T Data Server application on the targeted host..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

HTML Tag Can Cause Windows 7 x64 Blue Screen of Death

December 21, 2011 Added by:Headlines

“The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via a specially crafted web page containing an IFRAME with an overly large height attribute... Successful exploitation may allow execution of arbitrary code with kernel-mode privileges..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Invensys Wonderware InBatch ActiveX Vulnerability

December 20, 2011 Added by:Headlines

"Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or cause a denial of service (DoS) on systems with affected versions of Wonderware InBatch Runtime Client components," the ICS-CERT advisory warns...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »