![IoT Security News](https://i1.feedspot.com/5279890.jpg?t=1620827292)
IoT Security News
39 FOLLOWERS
IoT Security News is a blog for the latest news about Industrial IoT security exploits and vulnerabilities.
IoT Security News
2d ago
Summary
A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system.
This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled. An attacker could exploit this vulnerability by sending an email that contains a crafted attachment through an affected device. A successful exploit could allow the attacker to replace any file on the underlying file system. The attacker could then perform a ..read more
IoT Security News
1w ago
1. EXECUTIVE SUMMARY
CVSS v4 8.2
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: RUGGEDCOM APE1808
Vulnerability: Truncation of Security-relevant Information
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow remote attackers to bypass integrity checks.
3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS
The following products of Siemens are affected:
RUGGEDCOM APE1808: All versions
3.2 Vulnerability Overview 3.2.1 TRUNCATION OF SECURITY-RELEVANT INFORMATION CWE-222
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and ..read more
IoT Security News
1w ago
1. EXECUTIVE SUMMARY
CVSS v4 8.2
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: SIMATIC WinCC
Vulnerability: Exposure of Private Personal Information to an Unauthorized Actor
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to retrieve information such as users and passwords.
3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS
Siemens reports that the following versions of SIMATIC WinCC are affected:
Siemens SIMATIC PCS 7 V9.1: all versions
Siemens SIMATIC WinCC Runtime Professional V18: all versions
Siemens SIMATIC WinCC Run ..read more
IoT Security News
1w ago
1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric
Equipment: MELSEC iQ-R, iQ-L Series and MELIPC Series
Vulnerability: Improper Resource Shutdown or Release
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition in the module’s ethernet communication.
3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS
Mitsubishi Electric reports this vulnerability affects the following MELSEC iQ-R, iQ-L series CPU module, and MELIPC series:
MELSEC iQ-R Series R00CPU: firmwa ..read more
IoT Security News
1M ago
1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SCALANCE XM-400/XR-500
Vulnerabilities: Inadequate Encryption Strength, Double Free, Use-After-Free, Improper Input Validation, Improper Certificate Validation
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to cause a memory leak or execute arbitrary code.
3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS
The following Siemens products, are affected:
Siemens SCALANCE XM408-4C (6GK5408-4GP00-2AM2): All versions prior to V6.6.1
Siemens SCALANC ..read more
IoT Security News
1M ago
1. EXECUTIVE SUMMARY
CVSS v4 7.4
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: Mendix Applications
Vulnerability: Improper Privilege Management
2. RISK EVALUATION
Successful exploitation requires to guess the identification of a target role which contains the elevated access rights.
3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS
The following Siemens products, are affected:
Siemens Mendix Applications using Mendix 9: Versions prior to V9.24.22 and after V9.3.0
Siemens Mendix Applications using Mendix 10: Versions prior to V10.11.0
Siemens Mendix Applications using Mendix 10 (V10.6 ..read more
IoT Security News
2M ago
Summary
Multiple vulnerabilities in the Cisco Crosswork Network Services Orchestrator (NSO) CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root or elevate privileges to root on the underlying operating system.
For more information about these vulnerabilities, see the Details section of this advisory.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com ..read more
IoT Security News
2M ago
Notice
The information in this document is subject to change without notice, and should not be construed as a commitment by ABB.
ABB provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall ABB or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or s ..read more
IoT Security News
2M ago
12 March 2024
Overview
Schneider Electric is aware of multiple vulnerabilities in its Easergy T200 products.
The Easergy T200 RTU Product Line (T200I, T200E, T200P) is a modular platform for medium
voltage and low voltage public distribution network management. Note, this product has been
obsoleted since December 31st, 2021, and is no longer available for purchase.
Failure to apply the remediations provided below may allow a brute force attack, which could
result in unauthorized data access, and/or compromise of the device
Affected Products and Models
Vulnerability Details
CVE ID: CVE-2024-20 ..read more
IoT Security News
3M ago
Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks: An actively exploited vulnerability in Contec’s SolarView solar power monitoring product poses a significant threat to energy organizations, potentially exposing them to attacks.
This news item highlights the vulnerability, its impact on the affected organizations, and the need for immediate action to mitigate the risks.
Actively exploited solar power product vulnerability: Contec’s SolarView solar power monitoring product has a vulnerability that is actively being exploited, putting hundreds of ene ..read more