Contact
(877) 208-4091
info@sofiaitc.com

News

AVEVA InduSoft Web Studio and InTouch Machine Edition

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: AVEVA Software, LLC (AVEVA) Equipment: InduSoft Web Studio and InTouch Machine Edition Vulnerabilities: Stack-based buffer overflow 2. RISK EVALUATION The listed products are vulnerable only if the TCP/IP Server Task is enabled. A remote attacker could send a carefully crafted packet during a tag, alarm, or event related action such as read and ...

AVEVA InTouch

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: AVEVA Software, LLC. (AVEVA) Equipment: InTouch Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as those of the InTouch View process which could lead to a compromise of the InTouch HMI.Systems are only vulnerable if ...

Echelon SmartServer 1, SmartServer 2, SmartServer 3, i.LON 100, i.LON 600

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Echelon Equipment: SmartServer 1, SmartServer 2, i.LON 100, i.LON 600 Vulnerabilities: Information Exposure, Authentication Bypass Using an Alternate Path or Channel, Unprotected Storage of Credentials, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow for remote code execution on the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Smart ...

Moxa NPort 5210 5230 5232

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: NPort 5210, 5230, 5232 Vulnerability: Resource Exhaustion 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to send TCP SYN packages, causing a resource exhaustion condition that would cause the device to become unavailable. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of NPort, a serial network interface, are ...

How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape: The Growth of Miners

Introduction Cyber criminals tend to favor cryptocurrencies because they provide a certain level of anonymity and can be easily monetized. This interest has increased in recent years, stemming far beyond the desire to simply use cryptocurrencies as a method of payment for illicit tools and services. Many actors have also attempted to capitalize ...

The Growth of HTS, Death of WiMAX and the Future of Smart Antennas

Hear Susan Bull, Senior Consultant and Partner of COMSYS share her insights on the present and future state of satellite communications. With capacity prices continuing to fall, the primary focus is no longer on the bandwidth. Satellite operators and service providers are targeting the applications, services and content that customers will pay for and that will drive revenues according to ...

ABB Panel Builder 800

1. EXECUTIVE SUMMARY CVSS v3 7.0 Vendor: ABB Equipment: Panel Builder 800 Vulnerability: Improper Input Validation 2. RISK EVALUATION An attacker could exploit the vulnerability by tricking a user to open a specially crafted file, allowing the attacker to insert and run arbitrary code. This vulnerability requires user interaction, and the exploit is only triggered when a local user runs the affected product and loads the ...

WAGO e!DISPLAY Web-Based-Management

1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/Low skill level to exploit/Public exploits are available Vendor: WAGO Equipment: e!DISPLAY Web-Based-Management (WBM) Vulnerabilities: Cross-site Scripting, Unrestricted Upload of File with Dangerous Type, and Incorrect Permissions for Critical Resource 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the user, execute code within the user’s browser, place malicious ...

PEPPERL+FUCHS VisuNet RM, VisuNet PC, and Box Thin Client

1. EXECUTIVE SUMMARY CVSS v3 7.5 Vendor: PEPPERL+FUCHS Equipment: VisuNet RM, VisuNet PC, Box Thin Client (BTC) Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to intercept sensitive communications, establish a man-in-the-middle attack, achieve administrator privileges, and execute remote code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following PEPPERL+FUCHS product families are affected: VisuNet RM All models, VisuNet PC All models, and BTC All models. 3.2 ...

PRESS RELEASE: U.S. Army Special Operations Ranger killed in combat

1 / 1 Show Caption +

Eaton 9000X Drive

1. EXECUTIVE SUMMARY CVSS v3 5.6 ATTENTION: Exploitable remotely Vendor: Eaton Equipment: 9000X Drive Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Eaton 9000X Drive is affected: 9000X Drive, Versions 2.0.29 and prior. 3.2 VULNERABILITY OVERVIEW 3.2.1    STACK-BASED BUFFER OVERFLOW CWE-121 A stack-based buffer overflow vulnerability has been identified, which may allow remote code ...

Chinese Espionage Group TEMP.Periscope Targets Cambodia Ahead of July 2018 Elections and Reveals Broad Operations Globally

Introduction FireEye has examined a range of TEMP.Periscope activity revealing extensive interest in Cambodia's politics, with active compromises of multiple Cambodian entities related to the country’s electoral system. This includes compromises of Cambodian government entities charged with overseeing the elections, as well as the targeting of opposition figures. This campaign occurs in the run up ...

Malicious PowerShell Detection via Machine Learning

Introduction Cyber security vendors and researchers have reported for years how PowerShell is being used by cyber threat actors to install backdoors, execute malicious code, and otherwise achieve their objectives within enterprises. Security is a cat-and-mouse game between adversaries, researchers, and blue teams. The flexibility and capability of PowerShell has ...

Universal Robots Robot Controllers

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Universal Robots Equipment: Robot Controllers Vulnerabilities: Use of Hard-coded Credentials, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to run arbitrary code on the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of robot controllers are affected: CB 3.1, SW Version 3.4.5-100 3.2 VULNERABILITY OVERVIEW 3.2.1    

Schweitzer Engineering Laboratories, Inc. Compass and AcSELerator Architect

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/Low skill level to exploit/Public exploits are available for these vulnerabilities Vendor: Schweitzer Engineering Laboratories, Inc. (SEL) Equipment: Compass and AcSELerator Architect Vulnerabilities: Incorrect Default Permissions, XXE, Resource Exhaustion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow modification/replacement of files within the Compass installation directory, disclosure of information, or denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following ...

100 years of civil service

1 / 2

Balance, Certainty and Sharing the Spectrum

What is 5G? We are experiencing a change in how 5G is defined to include the growing role of satellites.  They are positioned to be an important 5G player with communications on the move, services to rural areas, backhaul, and trunking network capabilities. However, the wireless industry is demanding additional RF spectrum for 5G and a change in rules may ...

Rockwell Automation Allen-Bradley Stratix 5950

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Allen-Bradley Stratix 5950 Vulnerabilities: Improper Input Validation, Improper Certificate Validation, Resource Management Errors 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass client certification to create connections to the affected device or cause the device to crash. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The Allen-Bradley Stratix 5950 uses ...

RIG Exploit Kit Delivering Monero Miner Via PROPagate Injection Technique

Introduction Through FireEye Dynamic Threat Intelligence (DTI), we observed RIG Exploit Kit (EK) delivering a dropper that leverages the PROPagate injection technique to inject code that downloads and executes a Monero miner (similar has been activity reported by Trend Micro). Apart from leveraging a relatively lesser known injection technique, the attack ...

Bring Your Own Land (BYOL) – A Novel Red Teaming Technique

Introduction One of most significant recent developments in sophisticated offensive operations is the use of “Living off the Land” (LotL) techniques by attackers. These techniques leverage legitimate tools present on the system, such as the PowerShell scripting language, in order to execute attacks. The popularity of PowerShell as an offensive tool culminated in the development ...

Free to air, Lasers and Predictions about LEO

The changes occurring in the satellite and space industry are simply amazing. From miniaturized satellites to space tourism we’re seeing an explosion in innovation and may be heading towards a true commercial space economy. Jim Simpson, CEO of communications satellite operator ABS discusses the opportunities for traditional satellite operators as well as the potential threat posed by the LEO constellations. ...

A Totally Tubular Treatise on TRITON and TriStation

Introduction In December 2017, FireEye's Mandiant discussed an incident response involving the TRITON framework. The TRITON attack and many of the publicly discussed ICS intrusions involved routine techniques where the threat actors used only what is necessary to succeed in their mission. For both INDUSTROYER and TRITON, the attackers moved from the IT ...

Reverse Engineering the Analyst: Build Machine Learning Models for the SOC

Many cyber incidents can be traced back to an original alert that was either missed or ignored by the Security Operations Center (SOC) or Incident Response (IR) team. While most analysts and SOCs are vigilant and responsive, the fact is they are often overwhelmed with alerts. If a SOC is unable to review all the alerts ...

Cloud Technology, Machine Intelligence & Bots

The cloud and the satellite world are on the edge of convergence with the satellite community attracted to the low cost of developing platforms in the cloud and satellite technologies giving the ability to extend a network from a disadvantaged location to anyone in the world demanding cloud assets.  This brings up questions about security.  How will it be addressed?  ...

Remote Authentication GeoFeasibility Tool – GeoLogonalyzer

Users have long needed to access important resources such as virtual private networks (VPNs), web applications, and mail servers from anywhere in the world at any time. While the ability to access resources from anywhere is imperative for employees, threat actors often leverage stolen credentials to access systems and data. Due to large volumes of ...

SofiaITC sign up form


Thank you for signing up for SofiaITC's Newsletter and Articles.

SofiaITClogin form