Multiple vulnerabilities in Computrols' Equipment (21 May 2019)
Multiple vulnerabilities such as Cross-site Request Forgery, Information Exposure Through Discrepancy, Cross-site Scripting,
Command Injection, Information Exposure Through Source Code, Use of Hard-coded Cryptographic Key, SQL Injection, Authentication
Bypass Using an Alternate Path or Channel, Inadequate Encryption Strength have been discovered in Computrols' Equipment- CBAS Web.
Successful exploitation of these vulnerabilities could allow unauthorized actions with administrative privileges, disclosure of
sensitive information, execution of code within a user’s browser, execution of unauthorized OS commands, unauthorized access to
the database, execution of unauthorized SQL commands, authentication bypass, or decryption of passwords.
Vulnerability in Mitsubishi Electric's Equipment (21 May 2019)
Uncontrolled Resource Consumption vulnerability has been discovered in Mitsubishi Electric's Equipment- MELSEC-Q series Ethernet module.
Successful exploitation of this vulnerability may render the device unresponsive, requiring a physical reset of the PLC
(Programmable Logic Controller).
Vulnerability Summary (20 May 2019)
Summary of vulnerabilities for the Week of May 13, 2019.