NOTIZIE & EVENTI

SERVIZI

Il servizio utilizza una raccolta di tweet provenienti da utenti appartenenti a Twitter i cui tweet utilizzano parole...

Il servizio offre uno strumento semplice e rapido per l'autovalutazione per il calcolo del rischio cibernetico. Il...

Il servizio mostra una rappresentazione 3D del traffico di rete relativo ad attacchi ad una honeypot a Pisa. Inoltre,...

Il servizio si prefigge di individuare comportamenti tipici dei ransomware quali, ad esempio, la cifratura di una...

ULTIMI CVE

Published Description
CVE-2019-19100
29-04-2020 03:15:00
A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.4SP, <. 4.6.3SP, < 4.7.2 and < 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface.
CVE-2020-8485
29-04-2020 02:15:00
Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash.
CVE-2020-8475
29-04-2020 02:15:00
For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, a weakness in validation of input exists that allows an attacker to block license handling by sending specially crafted messages to the CLS web service.
CVE-2020-8486
29-04-2020 02:15:00
Insufficient protection of the inter-process communication functions in ABB System 800xA RNRP (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling.
CVE-2020-8488
29-04-2020 02:15:00
Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting User Interface update during batch execution and/or compare/printing functionalities.

Pages

ULTIMI EXPLOIT

Date Title Platform Author
12-10-2018
HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin) php Ihsan Sencan
12-10-2018
Phoenix Contact WebVisit 2985725 - Authentication Bypass windows Photubias
12-10-2018
LUYA CMS 1.0.12 - Cross-Site Scripting php Ismail Tasdelen
12-10-2018
HaPe PKH 1.1 - 'id' SQL Injection php Ihsan Sencan
21-09-2018
WebRTC - FEC Out-of-Bounds Read multiple Google Security Research

Pages