View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Vonets Equipment: VAR1200-H, VAR1200-L, VAR600-H, VAP11AC, VAP11G-500S, VBG1200, VAP11S-5G, VAP11S, VAR11N-300, VAP11G-300, VAP11N-300, VAP11G, VAP11G-500, VBG1200, VAP11AC, VGA-1000 Vulnerabilities: Use of Hard-coded
Continue ReadingCategory: Dynamic Threat Feeds
Johnson Controls exacqVision Web Service
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: exacqVision Web Service Vulnerability: Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker
Continue ReadingJohnson Controls exacqVision Web Service
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Web Service Vulnerability: Use of GET Request Method With Sensitive Query Strings 2. RISK EVALUATION Successful exploitation of
Continue ReadingRockwell Automation Logix Controllers
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix, GuardLogix, and 1756 ControlLogix I/O Modules Vulnerability: Unprotected Alternate Channel 2. RISK EVALUATION Successful exploitation of this vulnerability
Continue ReadingJohnson Controls exacqVision Client and exacqVision Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.0 ATTENTION: Exploitable remotely Vendor: Johnson Controls Inc. Equipment: exacqVision Client, exacqVision Server key Vulnerability: Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an
Continue ReadingJohnson Controls exacqVision Web Service
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: exacqVision Web Service Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an
Continue ReadingISC Stormcast For Thursday, August 1st, 2024 https://isc.sans.edu/podcastdetail/9078, (Thu, Aug 1st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingRecent Incidents Have CISOs — and Everyone Else — Talking
Recent Incidents Have CISOs and Everyone Else TalkingOver recent months, we have seen hundreds of companies compromised as a result of massive data breaches, and defective software updates causing widespread system outages. Threat actors immediately launched
Continue ReadingIncreased Activity Against Apache OFBiz CVE-2024-32113, (Wed, Jul 31st)
As part of its extensive project portfolio, the Apache Foundation supports OFBiz, a Java-based framework for creating ERP (Enterprise Resource Planning) applications [1]. OFBiz appears to be far less prevalent than commercial alternatives [2]. However, just
Continue Reading“ERIAKOS” Scam Campaign: Detected by Recorded Future’s Payment Fraud Intelligence Team
Recorded Futures Payment Fraud Intelligence team has identified a scam e-commerce network, named the ERIAKOS campaign, targeting Facebook users. This campaign, detected on April 17, 2024, involves 608 fraudulent websites using brand impersonation and malvertising tactics
Continue Reading