Tag
#web
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE and RUGGEDCOM Vulnerabilities: Incorrect Authorization, Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to circumvent authorization checks and perform actions that exceed the permissions of the "guest" role. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens RUGGEDCOM RST2428P (6GK6242-6PA00): All versions prior to V3.2 Siemens SCALANCE XCM324 (6GK5324-8TS...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE and RUGGEDCOM Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform actions that exceed the permissions of the "guest" role. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens RUGGEDCOM RST2428P (6GK6242-6PA00): All versions prior to V3.1 Siemens SCALANCE XCM324 (6GK5324-8TS01-2AC2): All versions prior to V3.1 Siemens SCALANCE XCM328 (6GK5328-4TS01-2AC2): All versions prior to V3.1 Siemens SCALANCE X...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: PI Data Archive Vulnerabilities: Uncaught Exception, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could shut down necessary subsystems and cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of PI Data Archive, as delivered by PI Server are affected: PI Data Archive: Versions 2018 SP3 Patch 4 and prior (CVE-2025-44019) PI Data Archive: Version 2023 (CVE-2025-44019, CVE-2025-36539) PI Data Archive: Version 2023 Patch 1 (CVE-2025-44019, CVE-2025-36539) PI Server: Versions 2018 SP3 Patch 6 and prior (CVE-2025-44019) PI Server: Version 2023 (CVE-2025-44019, CVE-2025-36539) PI Server: Version 2023 Patch 1 (CVE-2025-44019, CVE-2025-36539) 3.2 VULNERABILITY OVERVIEW 3.2.1 UNCAUGHT EXCEPTION CWE-248 The affected products are vulnerable to an uncaught exception that, if explo...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Energy Services Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain remote control of the G5DFR component and tamper outputs from the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Energy Services: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT DEFAULT PERMISSIONS CWE-276 Affected solutions using G5DFR contain default credentials. This could allow an attacker to gain control of G5DFR component and...
A BitSight report reveals over 40,000 internet-connected security cameras globally are exposed, streaming live footage without protection. Learn how common devices, from home cameras to factory surveillance, pose privacy and security risks and get simple tips to secure your own.
Flight data of US customers is being sold by several airlines through a joint data broker sending contracts to ICE and CBP.
The US CISA reports critical vulnerabilities in SinoTrack GPS devices that could let attackers remotely control vehicles and track locations. Discover the vulnerabilities and essential steps to secure your device.
Waymo driverless taxis capture troves of video footage in order to operate, but the company reveals very little about how much data is stored—and for how long.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Lightgallery allows Cross-Site Scripting (XSS). This issue affects Lightgallery: from 0.0.0 before 1.6.0.
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three zero-day vulnerabilities in catdoc, as well as vulnerabilities in Parallel, NVIDIA and High-Logic FontCreator 15.