View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.0 ATTENTION: Exploitable remotely Vendor: ICONICS, Mitsubishi Electric Equipment: ICONICS Product Suite Vulnerabilities: Allocation of Resources Without Limits or Throttling, Improper Neutralization, Uncontrolled Search Path Element, Improper Authentication, Unsafe Reflection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in denial of service, improper privilege management, or…

READ MORE →

CISA released seven Industrial Control Systems (ICS) advisories on July 2, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-184-01 Johnson Controls Kantech Door Controllers ICSA-24-184-02 mySCADA myPRO ICSA-24-184-03 ICONICS and Mitsubishi Electric Products ICSA-24-179-04 Johnson Controls Illustra Essentials Gen 4 (Update A) ICSA-24-179-05 Johnson Controls Illustra Essentials…

READ MORE →

Introduction A few days ago, we came across a peculiar file. It looked like some kind of builder, and a quick glance at the settings piqued our interest. It appeared to be a ShadowPad builder, probably created around 2021. ShadowPad builders became a topic of conversation around the time of the i-Soon leak, but we…

READ MORE →

Post Content

READ MORE →

Progress Software released a security bulletin to address a vulnerability in MOVEit Transfer. A cyber threat actor could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the following bulletin and apply the necessary updates: MOVEit Transfer Critical Security Alert Bulletin – June 2024 – (CVE-2024-5806)

READ MORE →

CISA released seven Industrial Control Systems (ICS) advisories on June 27, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-179-01 TELSAT marKoni FM Transmitter ICSA-24-179-02 SDG Technologies PnPSCADA ICSA-24-179-03 Yokogawa FAST/TOOLS and CI Server ICSA-24-179-04 Johnson Controls Illustra Essentials Gen 4 ICSA-24-179-05 Johnson Controls Illustra Essentials Gen 4…

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: SDG Technologies Equipment: PnPSCADA Vulnerability: Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to attach various entities without requiring system authentication. This breach could potentially lead to unauthorized control, data manipulation, and access to sensitive…

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to recover credentials for other Linux users. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Johnson Controls…

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability may allow web interface user’s credentials to be recovered by an authenticated user. 3. TECHNICAL DETAILS 3.1 AFFECTED…

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: Illustra Essentials Gen 4 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Johnson Controls reports that the following versions of Illustra…

READ MORE →