Latest News

The U.S. Department of Commerce (DoC) said it's proposing a ban on the import or sale of connected vehicles that integrate software and hardware made by foreign adversaries, particularly that of the People's Republic of China (PRC) and Russia. "The proposed rule focuses on hardware and software integrated into the Vehicle Connectivity System (VCS) and software integrated into the Automated

Telegram now shares users’ IP addresses and phone numbers with authorities after valid legal requests. This policy change…

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dover Fueling Solutions (DFS) Equipment: ProGauge MAGLINK LX CONSOLE Vulnerabilities: Command Injection, Improper Privilege Management, Use of Hard-coded Password, Cross-site Scripting, Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to gain full control of the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE, tank gauge consoles, are affected: ProGauge MAGLINK LX CONSOLE: Versions 3.4.2.2.6 and prior ProGauge MAGLINK LX4 CONSOLE: Versions 4.17.9e and prior 3.2 Vulnerability Overview 3.2.1 Command Injection CWE-77 A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. CVE-2024-45066 has been assigned to this vulnerab...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Alisonic Equipment: Sibylla Vulnerability: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker obtaining device information from the database, dumping credentials, or potentially gaining administrator access. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Sibylla, an automated tank gauge, are affected: Sibylla: All Versions 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89 Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete access to the database. CVE-2024-8630 has been assigned to this vulnerability. A CVSS v3 base score of 9.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L). A CVSS v4 ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: OPW Fuel Managements Systems Equipment: SiteSentinel Vulnerability: Missing Authentication For Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to bypass authentication and obtain full administrative privileges to the server. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following OPW Fuel Management Systems products are affected: SiteSentinel: Versions prior to 17Q2.1 3.2 Vulnerability Overview 3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 The affected product could allow an attacker to bypass authentication to the server and obtain full admin privileges. CVE-2024-8310 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-8310. A base score of 9.3 has been ...

Ransomware is no longer just a threat; it's an entire industry. Cybercriminals are growing more sophisticated, and their tactics are evolving rapidly. This persistent danger is a major concern for business leaders. But there's good news: you don't have to be defenseless. What if you could gain a strategic edge? Join our exclusive webinar, "Unpacking the 2024 Ransomware Landscape: Insights and

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Franklin Fueling Systems Equipment: TS-550 EVO Automatic Tank Gauge Vulnerability: Absolute Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability allow an attacker to gain administrative access over the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Franklin Fueling Systems products are affected: TS-550 EVO: Versions prior to 2.26.4.8967 3.2 Vulnerability Overview 3.2.1 ABSOLUTE PATH TRAVERSAL CWE-36 Franklin Fueling Systems TS-550 EVO versions prior to 2.26.4.8967 possess a file that can be read arbitrarily that could allow an attacker obtain administrator credentials. CVE-2024-8497 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). A CVSS v4 score has also been calculated for CVE-2024-8497. A base score of 8.7 has been calcu...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: OMNTEC Mfg., Inc. Equipment: Proteus Tank Monitoring Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform administrative actions without proper authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Proteus Tank Monitoring is affected: OMNTEC Proteus Tank Monitoring: OEL8000III Series 3.2 Vulnerability Overview 3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 The affected product could allow an attacker to perform administrative actions without proper authentication. CVE-2024-6981 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-6981. A base score of 9.3 has been calculated; the C...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Moxa Equipment: MXview One, MXview One Central Manager Series Vulnerabilities: Cleartext Storage In A File or On Disk, Path Traversal, Time-of-Check Time-of-Use Race Condition 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to expose local credentials and write arbitrary files to the system, resulting in execution of malicious code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Moxa products are affected: MXview One Series: Versions 1.4.0 and prior MXview One Central Manager Series: Version 1.0.0 3.2 Vulnerability Overview 3.2.1 CLEARTEXT STORAGE IN A FILE OR ON DISK CWE-313 The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused because of sensitive information exposure. CVE-2024-6785 has been assign...

Antivirus vendor Kaspersky has formally begun pulling back its offerings in the U.S., migrating existing users to UltraAV, effective September 19, 2024, ahead of its formal exit at the end of the month. "Kaspersky antivirus customers received a software update facilitating the transition to UltraAV," the company said in a post announcing the move on September 21. "This update ensured that users