Monthly Archive: May 2016

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant...

A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant...

Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors. Date published : 2016-05-30 https://ics-cert.us-cert.gov/advisories/ICSA-16-147-02

Cross-site request forgery (CSRF) vulnerability on Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allows remote authenticated users to hijack the authentication of arbitrary users. Date published : 2016-05-30 https://ics-cert.us-cert.gov/advisories/ICSA-16-140-01

Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allow remote authenticated users to modify arbitrary passwords via unspecified vectors. Date published : 2016-05-30 https://ics-cert.us-cert.gov/advisories/ICSA-16-140-01

Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter. Date published : 2016-05-30 https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01

Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors. Date published : 2016-05-30 https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01

Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with...

Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with...

Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build...

Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at...

Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests. Date published : 2016-05-30 https://ics-cert.us-cert.gov/advisories/ICSA-16-042-01

Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function. Date published : 2016-05-30 https://ics-cert.us-cert.gov/advisories/ICSA-16-042-01

Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file. Date published : 2016-05-30 https://ics-cert.us-cert.gov/advisories/ICSA-16-042-01