Alerts and Advisories







  • Vulnerability in Omron's Equipment (10 Jan 2019)

    Type Confusion vulnerability has been discovered in Omron's Equipment- CX-Protocol within CX-One. Successful exploitation of these vulnerabilities could allow an attacker to execute code under the privileges of the application.

  • Vulnerability in Pilz's Equipment (10 Jan 2019)

    Clear-text Storage of Sensitive Information vulnerability has been discovered in Pilz's Equipment- PNOZmulti Configurator. Successful exploitation of this vulnerability could allow sensitive data to be read from the system.

  • Vulnerability in Tridium's Equipment (10 Jan 2019)

    Cross-site Scripting vulnerability has been discovered in Tridium's Equipment- Niagara Enterprise Security, Niagara AX, and Niagara 4. Successful exploitation of this vulnerability could allow an authenticated user to inject client-side scripts into some web pages that could then be viewed by other users.

  • Multiple vulnerabilities in Schneider Electric's Equipment (08 Jan 2019)

    Multiple vulnerabilities such as Path Traversal, Unrestricted Upload of File with Dangerous Type, XXE have been discovered in Schneider Electric's Equipment- IIoT Monitor. Successful exploitation of these vulnerabilities could allow a remote attacker to access files available to system users, arbitrarily upload and execute malicious files, and embed incorrect documents into the system output to expose restricted information.

  • Vulnerability in Schneider Electric's Equipment (08 Jan 2019)

    Use After Free vulnerability has been discovered in Schneider Electric's Equipment- Zelio Soft 2. Successful exploitation of this vulnerability could allow for remote code execution when opening a specially crafted project file.

  • Vulnerability Summary (07 Jan 2019)

    Summary of vulnerabilities for the Week of December 31, 2018.

  • Vulnerability in Hetronic's Equipment (03 Jan 2019)

    Authentication Bypass by Capture-Replay vulnerability has been discovered in Hetronic's Equipment- Nova-M. Successful exploitation of this vulnerability could allow unauthorized users to view commands, replay commands, control the device, or stop the device from running.

  • Vulnerability in Yokogawa's Equipment (03 Jan 2019)

    Resource Management Error vulnerability has been discovered in Yokogawa's Equipment- Vnet/IP Open Communication Driver. Successful exploitation of this vulnerability could allow an attacker to cause Vnet/IP network communications to controlled devices to become unavailable.

  • Vulnerability in Schneider Electric's Equipment (03 Jan 2019)

    Improper Input Validation vulnerability has been discovered in Schneider Electric's Equipment- Pro-face GP-Pro EX. Successful exploitation of this vulnerability could allow an attacker to modify code to launch an arbitrary executable upon launch of the program.