Tenable Research Advisory: Patches Issued For Critical Vulnerabilities in 2 AVEVA SCADA/OT Apps

Tenable Research Advisory: Patches Issued For Critical Vulnerabilities in 2 AVEVA SCADA/OT Apps

|
A new critical remote code execution vulnerability in AVEVA’s Indusoft Web Studio and InTouch Machine Edition can be exploited to compromise sensitive operational technology. AVEVA has released a patch and we advise urgent attention and response from affected end users. Tenable Research discovered a new critical remote code execution (RCE) ... Read More
Tenable Research: May Vulnerability Disclosure Roundup

Tenable Research: May Vulnerability Disclosure Roundup

|
Tenable Research has a dedicated team that performs vulnerability research on software and hardware from third-party vendors. The goal is to discover zero-day vulnerabilities and work with vendors to get them addressed before hackers discover and exploit them. This post provides an overview of all the vulnerabilities discovered by Tenable ... Read More
June Vulnerability of the Month: Electron Vulnerability Out-Hyped by Efail?

June Vulnerability of the Month: Electron Vulnerability Out-Hyped by Efail?

|
Every month, we ask our researchers to nominate a vulnerability of the month. Novelty, sophistication or just plain weirdness are some of the potential criteria for selecting a vulnerability to highlight. After the nominations are collected, the candidates are shortlisted and voted on by our 70-plus-member research organization, combining the ... Read More
May Vulnerability of the Month: Java Deserialization Everywhere

May Vulnerability of the Month: Java Deserialization Everywhere

|
Every month, we ask our researchers to nominate a vulnerability of the month. Novelty, sophistication or just plain weirdness are some of the potential criteria for selecting a vulnerability of the month. After the nominations are collected, the candidates are shortlisted and voted on by our 70-plus-member research organization, combining ... Read More
Tenable Research: April Vulnerability Disclosure Roundup

Tenable Research: April Vulnerability Disclosure Roundup

|
Tenable Research has a dedicated team that performs vulnerability research on software and hardware from third-party vendors. The goal is to discover zero-day vulnerabilities and work with vendors to get them addressed before hackers discover and exploit them. This post provides an overview of all the vulnerabilities discovered by Tenable ... Read More
Tenable Research Advisory: Critical Schneider Electric InduSoft Web Studio and InTouch Machine Edition Vulnerability

Tenable Research Advisory: Critical Schneider Electric InduSoft Web Studio and InTouch Machine Edition Vulnerability

|
Tenable Research recently discovered a new remote code execution vulnerability in Schneider Electric’s InduSoft Web Studio and InTouch Machine Edition. The applications contain an overflow condition that is triggered when input is not properly validated. This allows an attacker to force a stack-based buffer overflow, resulting in denial of service ... Read More
April Vulnerability of the Month: Password Free-for-All Via Samba Active Directory Domain Controller Vulnerability

April Vulnerability of the Month: Password Free-for-All Via Samba Active Directory Domain Controller Vulnerability

|
Every month, we ask our researchers to nominate a vulnerability of the month. Novelty, sophistication or just plain weirdness are some of the potential criteria for selecting a vulnerability of the month. After the nominations are collected, the candidates are shortlisted and voted on by our 70-plus-member research organization, combining ... Read More