View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: ALBEDO Telecom Equipment: Net.Time – PTP/NTP clock Vulnerability: Insufficient Session Expiration 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to transmit passwords over unencrypted connections, resulting in the product becoming vulnerable to interception. 3. TECHNICAL DETAILS 3.1…

READ MORE →

CISA released seven Industrial Control Systems (ICS) advisories on April 24, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-114-01 Schneider Electric Modicon Controllers ICSA-25-114-02 ALBEDO Telecom Net.Time – PTP/NTP Clock ICSA-25-114-03 Vestel AC Charger ICSA-25-114-04 Nice Linear eMerge E3 ICSA-25-114-05 Johnson Controls ICU ICSA-25-114-06 Planet Technology Network…

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Vestel Equipment: AC Charger Vulnerability: Exposure of Sensitive System Information to an Unauthorized Control Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker access to sensitive information, such as credentials which could subsequently enable them to cause…

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Planet Technology Equipment: Planet Technology Network Products Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’), Use of Hard-coded Credentials, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an…

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Nice Equipment: Linear eMerge E3 Vulnerability: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary OS commands. 3. TECHNICAL DETAILS 3.1 AFFECTED…

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: ICU Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Johnson Controls reports the following versions of ICU are affected:…

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M580, Modicon M340, Modicon Premium, and Modicon Quantum Vulnerabilities: Trust Boundary Violation, Uncaught Exception, Exposure of Sensitive Information to an Unauthorized Actor, Authentication Bypass by Spoofing, Improper Access Control, Reliance on Untrusted Inputs in a Security Decision,…

READ MORE →

Post Content

READ MORE →

Post Content

READ MORE →

CISA released five Industrial Control Systems (ICS) advisories on April 22, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-112-01 Siemens TeleControl Server Basic SQL ICSA-25-112-02 Siemens TeleControl Server Basic ICSA-25-112-03 Schneider Electric Wiser Home Controller WHC-5918A ICSA-25-112-04 ABB MV Drives  ICSA-25-035-04 Schneider Electric Modicon M580 PLCs, BMENOR2200H…

READ MORE →