View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: MELSEC WS Series Vulnerability: Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Service Platform Vulnerability: Improper Verification of Cryptographic Signature 2. RISK EVALUATION Successful exploitation of this vulnerability could…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix, GuardLogix Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: EZSocket, FR Configurator2, GT Designer3 Version1(GOT1000), GT Designer3 Version1(GOT2000), GX Works2, GX Works3, MELSOFT Navigator, MT Works2, MX…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: LP30, LP40, LP50, and BM40 Operator Panels Vulnerability: Improper Validation of Consistency within Input, Out-of-bounds Write, Stack-based Buffer…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: Hitron Systems Equipment: DVR Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely Vendor: Emerson Equipment: Rosemount GC370XA, GC700XA, GC1500XA Vulnerabilities: Command Injection, Improper Authentication, Improper Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: MachineSense LLC. Equipment: MachineSense FeverWarn Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Credentials, Improper Access Control, OS Command Injection, Improper…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: SystemK Equipment: NVR 504/508/516 Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION: Low attack complexity Vendor: Lantronix Equipment: XPort Vulnerability: Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain…