View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix, GuardLogix, and 1756 ControlLogix I/O Modules Vulnerability: Unprotected Alternate Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute CIP programming and configuration commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following… Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: AVTECH SECURITY Corporation Equipment: IP camera Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject and execute commands as the owner of the running process. 3. TECHNICAL DETAILS… Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: exacqVision Web Service Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a man-in-the-middle attack and gain access to sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The… Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.6 ATTENTION: Exploitable remotely Vendor: Johnson Controls Inc. Equipment: exacqVision Web Service Vulnerability: Permissive Cross-domain Policy with Untrusted Domains 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send an unauthorized request or access data from an untrusted domain. 3. TECHNICAL DETAILS 3.1 AFFECTED… Read more

Post Content Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Vonets Equipment: VAR1200-H, VAR1200-L, VAR600-H, VAP11AC, VAP11G-500S, VBG1200, VAP11S-5G, VAP11S, VAR11N-300, VAP11G-300, VAP11N-300, VAP11G, VAP11G-500, VBG1200, VAP11AC, VGA-1000 Vulnerabilities: Use of Hard-coded Credentials, Improper Access Control, Path Traversal, Command Injection, Improper Check or Handling of Exceptional Conditions, Stack Based Buffer Overflow,… Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: exacqVision Server Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a man-in-the-middle attack and intercept communications. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Johnson Controls exacqVision… Read more

Post Content Read more

DigiCert, a certificate authority (CA) organization, is revoking a subset of transport layer security (TLS) certificates due to a non-compliance issue with domain control verification (DCV). Revocation of these certificates may cause temporary disruptions to websites, services, and applications relying on these certificates for secure communication. DigiCert has notified affected customers and provided instructions on… Read more

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-37085 VMware ESXi Authentication Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited… Read more