• 1
  • 2
  • 3 (current)
Donnerstag, 07.12.2023
Titel
Johnson Controls Metasys and Facility Explorer
Veröffentlicht
7. Dezember 2023 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: Metasys and Facility Explorer Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service by sending invalid credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED ...
Titel
Sierra Wireless AirLink with ALEOS firmware
Veröffentlicht
7. Dezember 2023 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Sierra Wireless Equipment: AirLink Vulnerabilities: Infinite Loop, NULL Pointer Dereference, Cross-site Scripting, Reachable Assertion, Use of Hard-coded Credentials, Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to ...
Titel
Schweitzer Engineering Laboratories SEL-411L
Veröffentlicht
7. Dezember 2023 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schweitzer Engineering Laboratories Equipment: SEL-411L Vulnerability: Improper Restriction of Rendered UI Layers or Frames 2. RISK EVALUATION Successful exploitation of this vulnerability could expose authorized users to clickjacking attacks. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The ...
Mittwoch, 06.12.2023
Titel
Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns
Veröffentlicht
6. Dezember 2023 21:18
Text
The Russia-based actor is targeting organizations and individuals in the UK and other geographical areas of interest. OVERVIEW The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in the UK, and other geographical areas ...
Dienstag, 05.12.2023
Titel
Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d
Veröffentlicht
5. Dezember 2023 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable with adjacent access/low attack complexity Vendor: Zebra Technologies Equipment: ZTC Industrial ZT410, ZTC Desktop GK420d Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send specially crafted ...
Montag, 04.12.2023
Titel
Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers
Veröffentlicht
4. Dezember 2023 19:05
Text
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing a Cybersecurity Advisory (CSA) in response to confirmed exploitation of CVE-2023-26360 by unidentified threat actors at a Federal Civilian Executive Branch (FCEB) agency. This vulnerability presents as an improper access control issue impacting Adobe ColdFusion versions 2018 Update 15 (and ...
Freitag, 01.12.2023
Titel
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities
Veröffentlicht
1. Dezember 2023 23:21
Text
SUMMARY The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as "the authoring agencies"—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices ...
  • 1
  • 2
  • 3 (current)

Letzte Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
22.11.2024
US CERT
08.11.2024
US CERT (ICS)
21.11.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds