[webapps] ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery (CSRF)

ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery (CSRF)

[webapps] Node.JS - 'node-serialize' Remote Code Execution (3)

Node.JS - 'node-serialize' Remote Code Execution (3)

[webapps] ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation

ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation

[webapps] ICE Hrm 29.0.0.OS - 'xml upload' Stored Cross-Site Scripting (XSS)

ICE Hrm 29.0.0.OS - 'xml upload' Stored Cross-Site Scripting (XSS)

[remote] Dlink DSL2750U - 'Reboot' Command Injection

Dlink DSL2750U - 'Reboot' Command Injection

Schneider Electric Enerlin'X Com’X 510

Advisory Document
, 17/06/2021 | Source: ICS-CERT Advisory Feed

This advisory contains mitigations for a Improper Privilege Management vulnerability in Schneider Electric Enerlin'X Com’X 510 energy servers.

Softing OPC-UA C++ SDK

Advisory Document
, 17/06/2021 | Source: ICS-CERT Advisory Feed

This advisory contains mitigations for an Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Softing OPC-UA C++ Software Development Kit (SDK). 

Advantech WebAccess/SCADA

Advisory Document
, 17/06/2021 | Source: ICS-CERT Advisory Feed

This advisory contains mitigations for Open Redirect, and Relative Path Traversal vulnerabilities in the Advantech WebAccess/SCADA browser-based software package.

WAGO M&M Software fdtCONTAINER (Update C)

Advisory Document
, 17/06/2021 | Source: ICS-CERT Advisory Feed

This updated advisory is a follow-up to the advisory update titled ICSA-21-021-05 WAGO M&M Software fdtCONTAINER (Update B) that was published February 16, 2021, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for a Deserialization of Untrusted Data vulnerability in the M&M (a WAGO subsidiary) fdtCONTAINER application.

Rockwell Automation ISaGRAF5 Runtime (Update A)

Advisory Document
, 17/06/2021 | Source: ICS-CERT Advisory Feed

This updated advisory is a follow-up to the portal-to-web advisory titled ICSA-20-280-01P Rockwell Automation ISaGRAF5 Runtime. This advisory was originally posted to the HSIN ICS library on October 6, 2020, and was then published as ICSA-20-280-01 Rockwell Automation ISaGRAF5 Runtime to the ICS webpage on us-cert.cisa.gov on June 8, 2021. This advisory contains mitigations for Use of Hard-coded Cryptographic Key, Unprotected Storage of Credentials, Relative Path Traversal, Uncontrolled Search Path Element, and Cleartext Transmission of Sensitive Information vulnerabilities in Rockwell Automation's ISaGRAF5 Runtime automation software.