Bulletins

Spectrum Power 4 before v4.70 SP12 Security Patch 2 contains multiple vulnerabilities that could allow an attacker to remotely execute code as application administrator or locally execute code as operating system administrator. Siemens has released a new version for Spectrum Power 4 and recommends to update to the latest version.

1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Advantech Equipment: DeviceOn/iEdge Vulnerabilities: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in a denial-of-service …

1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Ubia Equipment : Ubox Vulnerability : Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to remotely view camera feeds or modify settings. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The …

1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : ABB Equipment : FBXi, FBVi, FBTi, CBXi Vulnerabilities : Use of Hard-coded Credentials, Improper Validation of Specified Type of Input, Use of a One-Way Hash without a Salt 2. RISK EVALUATION Successful exploitation of these vulnerabilities …

1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : Radiometrics Equipment : VizAir Vulnerabilities : Missing Authentication for Critical Function, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to manipulate critical weather parameters and runway settings, mislead air traffic …

1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Survision Equipment : License Plate Recognition (LPR) Camera Vulnerability : Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to fully access the system without requiring authentication. 3. …

1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION : Low attack complexity Vendor : Fuji Electric Equipment : Monitouch V-SFT-6 Vulnerabilities : Heap-based Buffer Overflow, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the accessed device; a buffer overflow condition may allow remote code execution. 3. …