Follow Team82 Disclosure Dashboard's news and updates in a matter of seconds! We will deliver any update via email, phone or you can read them from here on the site on your own news page.
You can even combine different feeds with the feed for Team82 Disclosure Dashboard.
Subscribing and unsubscribing is fast, easy and risk free.
The whole service is free of cost.
Team82 Disclosure Dashboard: Secure Your Cyber-Physical Systems Across the XIoT | Claroty
Is this your feed? Claim it!
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server containing the injected payload.
CWE-404 Improper Resource Shutdown or Release
A vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to occupy active communication channels.
A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.
Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, execute arbitrary commands, or perform a denial-of-service on the...
A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.
Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, execute arbitrary commands, or perform a denial-of-service on the product.
...
A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs.
Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, execute arbitrary commands, or perform a denial-of-service on the product....