Saturday, July 6, 2019

Public ICS Disclosure – Week of 06-29-19


This week we have a vendor update for the Microsoft® RDP vulnerability and seven researcher reports (okay is should be a single report with seven vulnerabilities) from Zero Science for products from FaceSentry.

Microsoft RDP Vulnerability Vendor Reports


Philips Update

FaceSentry Advisories


Zero Science published seven reports of vulnerabilities in the FaceSentry Access Control System. These are all zero-day reports with Zero Science reporting no response from iWT, the manufacturer.

The seven reported vulnerabilities (with proof of concept code) are:

Cleartext transmission of sensitive information;
Cleartext transmission of sensitive information;
Cross-site scripting;
Hard-coded credentials;
OS command injection;
Cross-site request forgery; and
OS command injection


Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
/* Use this with templates/template-twocol.html */