• 1
  • 2
  • 3 (current)
Thursday, 08.08.2024
14:00
US CERT (ICS)
Dorsett Controls InfoScan
Title
Dorsett Controls InfoScan
Published
Aug. 8, 2024, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-221-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dorsett Controls Equipment: InfoScan Vulnerabilities: Exposure of Sensitive Information To An Unauthorized Actor, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to expose sensitive information, resulting in data theft and ...
Wednesday, 07.08.2024
02:00
BOSCH PSIRT
Multiple Curl vulnerabilities in the Git for Windows component of Bosch DIVAR IP all-in-one Devices
Title
Multiple Curl vulnerabilities in the Git for Windows component of Bosch DIVAR IP all-in-one Devices
Published
Aug. 7, 2024, 2 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-587194-bt.html
Summary

BOSCH-SA-587194-BT: DIVAR IP System Manager is a central user interface that provides an easy system setup, configuration and application software upgrades through an easily accessible web-based application. Multiple Curl vulnerabilities in the Git for Windows component have been discovered in DIVAR IP System Manager versions prior to 2.3.2, affecting several ...

Friday, 02.08.2024
02:00
SIEMENS CERT
SSA-857368 V1.0: Multiple Vulnerabilities in Omnivise T3000
Title
SSA-857368 V1.0: Multiple Vulnerabilities in Omnivise T3000
Published
Aug. 2, 2024, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-857368.html
Summary
Omnivise T3000 contains multiple vulnerabilities that could allow an attacker to escalate privileges. Siemens Energy has released patches for several affected products and recommends to apply the patches. Siemens Energy is preparing further fixes for versions still under maintenance and recommends countermeasures for products where fixes are not, or not ...
Thursday, 01.08.2024
14:00
US CERT (ICS)
Vonets WiFi Bridges
Title
Vonets WiFi Bridges
Published
Aug. 1, 2024, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Vonets Equipment: VAR1200-H, VAR1200-L, VAR600-H, VAP11AC, VAP11G-500S, VBG1200, VAP11S-5G, VAP11S, VAR11N-300, VAP11G-300, VAP11N-300, VAP11G, VAP11G-500, VBG1200, VAP11AC, VGA-1000 Vulnerabilities: Use of Hard-coded Credentials, Improper Access Control, Path Traversal, Command Injection, Improper Check or Handling of Exceptional ...
14:00
US CERT (ICS)
Johnson Controls exacqVision Server Web Service
Title
Johnson Controls exacqVision Server Web Service
Published
Aug. 1, 2024, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.6 ATTENTION: Exploitable remotely Vendor: Johnson Controls Inc. Equipment: exacqVision Web Service Vulnerability: Permissive Cross-domain Policy with Untrusted Domains 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send an unauthorized request or access data from an untrusted domain. ...
14:00
US CERT (ICS)
AVTECH IP Camera
Title
AVTECH IP Camera
Published
Aug. 1, 2024, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-07
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: AVTECH SECURITY Corporation Equipment: IP camera Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject and execute commands as the owner of the ...
14:00
US CERT (ICS)
Johnson Controls exacqVision Web Service
Title
Johnson Controls exacqVision Web Service
Published
Aug. 1, 2024, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-04
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: exacqVision Web Service Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a man-in-the-middle attack and gain access to sensitive information. 3. TECHNICAL ...
14:00
US CERT (ICS)
Johnson Controls exacqVision Client and exacqVision Server
Title
Johnson Controls exacqVision Client and exacqVision Server
Published
Aug. 1, 2024, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.0 ATTENTION: Exploitable remotely Vendor: Johnson Controls Inc. Equipment: exacqVision Client, exacqVision Server key Vulnerability: Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to be able to decrypt communications between exacqVision Server and exacqVision Client due ...
  • 1
  • 2
  • 3 (current)

Last Updates

BOSCH PSIRT
21.08.2024
SIEMENS CERT
12.09.2024
US CERT
04.09.2024
US CERT (ICS)
19.09.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds