Filter
09 December 2016
Vulnerability in Industrial Control software and quality of the patch managementKaspersky Lab ICS-CERT is launching a series of articles devoted to vulnerability analysis across the world. The articles aim to highlight patch management problems in the ICS world. Each article will focus on one popular ICS vendor and known vulnerabilities according to the MITRE Common Vulnerabilities and Exposures (CVE) database.
Filter
Filter
28 June 2019
Critical vulnerability in SICK MSC800 PLCThe vulnerability is caused by the use of hard-coded credentials
28 June 2019
Multiple vulnerabilities in Advantech WebAccess/SCADAThe vulnerabilities could lead to the disclosure of important information, deletion of files and remote code execution
24 June 2019
Vulnerabilities in Phoenix Contact’s Automation Worx Software SuiteSuccessful exploitations of the vulnerabilities could lead to remote execution of arbitrary code
17 June 2019
Critical vulnerabilities in WAGO industrial switchesExploitation of the vulnerabilities could allow a remote compromise of the managed switch, resulting in disruption of communication and root access to the operating system
11 June 2019
Dangerous vulnerabilities identified in Phoenix Contact industrial switches and controllersThe vulnerabilities allow attackers to gain unauthorized access to device configuration, decrypt passwords, cause denial of service, or bypass authentication
11 June 2019
Dangerous vulnerability fixed in Cisco Industrial Network DirectorThe vulnerability could be used by an authenticated, remote attacker to execute arbitrary code on devices running vulnerable software
10 June 2019
Multiple vulnerabilities in Optergy Proton/Enterprise building management systemIf successfully exploited, the vulnerabilities could allow an attacker to execute code remotely and gain full system access
20 May 2019
Critical vulnerabilities identified by Kaspersky Lab have been corrected in Siemens SIMATIC WinCC and SIMATIC PCS 7Multiple vulnerabilities could lead to arbitrary code and command execution on a target system and a denial-of-service condition
15 January 2019
Vulnerabilities in Schneider Electric industrial solutionsCritical and severe vulnerabilities have been identified in GP-Pro EX programming environment, Zelio Soft software and IIoT Monitor platform
14 December 2018
Critical vulnerabilities in Siemens SINUMERIK controllersExploitation of vulnerabilities in Siemens SINUMERIK controllers cold allow remote code execution, privilege escalation and device denial-of-service conditions