Monthly Archive: February 2017

An issue was discovered in certain legacy Eaton ePDUs — the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAMAxx...

An issue was discovered in Moxa DACenter Versions 1.4 and older. The application may suffer from an unquoted search path issue. Date published : 2017-02-13 http://www.securityfocus.com/bid/94891 https://ics-cert.us-cert.gov/advisories/ICSA-16-348-02

An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7. An unauthorized user with physical access to an Alaris...

An issue was discovered in Moxa DACenter Versions 1.4 and older. A specially crafted project file may cause the program to crash because of Uncontrolled Resource Consumption. Date published : 2017-02-13 http://www.securityfocus.com/bid/94891 https://ics-cert.us-cert.gov/advisories/ICSA-16-348-02

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse...

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file. Date published : 2017-02-13 http://www.securityfocus.com/bid/94629 https://www.exploit-db.com/exploits/42402/

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure. Date published : 2017-02-13 http://www.securityfocus.com/bid/94629 https://www.exploit-db.com/exploits/42401/

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort...

An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the DeltaV system, release v13.3,...

An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted....

An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system. Date published...

An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session...

An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP)...

An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elements within the pathname that...