LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple CWE-665: Improper Initialization weaknesses in VNC client code, which could allow an attacker to read stack memory and can...
LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains a CWE-665: Improper Initialization vulnerability in VNC Repeater client code, which could allow an attacker to read stack memory and...
A critical vulnerability in Moxa AWK-3131A industrial access point could allow an unauthorized attacker to execute arbitrary code by injecting system commands
LibVNCServer before a 0.9.12 release contains a null pointer dereference in VNC client code, which can result in denial-of-service condition.
The Industrial Internet Consortium has announced the publication of an official Internet of Things Security Maturity Model description.
Kaspersky Lab today announced it is working with the Cybersecurity at MIT Sloan Consortium (CAMS) to host the “Cybersecurity Insight” seminar, offering participants an opportunity to learn about...
The security of products such as IIoT requires special attention. This time, the subject of our research was the ThingsPro Suite, an IIoT gateway and device manager from Moxa.
Zebrocy is the name given to a subset of the Sofacy group (aka Fancy Bear, Sednit, APT28, Tsar Team, etc.). GreyEnergy and Zebrocy used the same servers at the same time and attacked the same organization.
Kaspersky Lab presented its latest findings on CoDeSys Runtime vulnerabilities at the S4x19 conference, in what was a successful debut among competing industrial cybersecurity vendors
An attacker with network access to the affected distributed control system (DCS) workstation can bypass the authentication of a maintenance port via brute-force, because number of login attempts...
AVEVA Wonderware System Platform vulnerability leading to Unauthorized Access to Credentials.
UltraVNC Viewer before 1.2.2.4 has a buffer underflow vulnerability, which can potentially result in code execution.
An attacker controlling a device with the UltraVNC Server running can perform remote code execution on the client devices to cause a denial-of-service condition, modify system's data and/or obtain...
A authenticated attacker with low privileges can use unsecure sudo configuration to expand attack surface.
UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another...
An attacker without authentication can login with default credentials for privileged users.
Critical vulnerabilities in industrial PCs used by Emerson’s DeltaV distributed control system could allow arbitrary code execution, malware injection or malware propagation to other workstations
UltraVNC Viewer before 1.2.2.4 has a out-of-bounds read vulnerability in RRE decoder code, caused by multiplication overflow.
New vulnerabilities have been identified in Schneider Electric PM5560 power meter and Modicon M221 logic controller
UltraVNC Viewer before 1.2.2.4 has an out-of-bounds read vulnerability inside client CoRRE decoder, caused by multiplication overflow.
The vulnerability affects PAC Control Basic and PAC Control Professional version R10.0а and earlier and could allow arbitrary code execution
UltraVNC before 1.2.2.4 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution.
USB media infected with malware were shipped with Conext ComBox and Conext Battery Monitor products
The paper provides an analysis of the prevalence of remote administration tools on OT networks and the threats associated with their use.
An attacker controlling a device with the UltraVNC Server running can perform remote code execution on the client devices to cause a denial-of-service condition, modify system's and/or obtain...
Newly identified vulnerabilities affect SIMATIC WinCC OA HMI system, SCALANCE X switches and TD Keypad Designer tool
UltraVNC before 1.2.2.4 has stack-based Buffer overflow vulnerability in VNC client code inside FileTransfer module, which leads to a denial-of-service (DoS) condition of VNC client.
Remote code execution in Emerson AMS Device Manager.
Wecon PI Studio HMI solutions are affected by multiple vulnerabilities that could allow remote code execution and disclosure of sensitive information, including in the context of an administrator
UltraVNC before 1.2.2.4 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution.