Bulletins

1. EXECUTIVE SUMMARY CVSS v3 6.9 ATTENTION : Exploitable remotely Vendor : Schneider Electric Equipment : System Monitor Application Vulnerability : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute untrusted code. 3. TECHNICAL DETAILS …

1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION : Low attack complexity Vendor : Lantronix Equipment : Provisioning Manager Vulnerability : Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a cross-site scripting attack, which could result in remote …

Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect …

A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The integrated ICMP services in the underlying TCP/IP stack is vulnerable to a denial of service attack through specially crafted ICMP packets. A successful attack will impact the availability …

During establishment of a https connection to the TLS server of a managed device, SICAM TOOLBOX II improperly validates that device’s certificate. This could allow an attacker to execute an on-path network (MitM) attack. Siemens has released a new version for SICAM TOOLBOX II and recommends to update to the …

1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Leviton Equipment : AcquiSuite, Energy Monitoring Hub Vulnerability : Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to craft a malicious payload in URL parameters that would execute in a …

1. EXECUTIVE SUMMARY CVSS v4 9.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Hitachi Energy Equipment : Energy Asset Suite Vulnerabilities : Incomplete List of Disallowed Inputs, Plaintext Storage of a Password, Out-of-bounds Write, Release of Invalid Pointer or Reference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could …