Threatscape

All the following vulnerabilities were discovered either by Positive Research experts or by automated security products from Positive Technologies, including MaxPatrol and PT Application Inspector.
High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
PT-2018-28: Arbitrary Command Execution in Cisco Secure ACS
Fix date: March 7, 2018
Vector: Remote
Systems affected: Cisco Secure ACS 5.x
Vendor: Cisco
Notification status: 01.06.2017 - Vendor gets vulnerability details
07.03.2018 - Vendor releases fixed version and details
11.12.2018 - Public disclosure
High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
PT-2018-27: Arbitrary Command Execution in Cisco Secure ACS
Fix date: May 2, 2018
Vector: Remote
Systems affected: Cisco Secure ACS 5.x
Vendor: Cisco
Notification status: 01.06.2017 - Vendor gets vulnerability details
02.05.2018 - Vendor releases fixed version and details
11.12.2018 - Public disclosure
Medium (6.1) (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)
PT-2018-26: Information Disclosure in MatrikonOPC Explorer
Fix date: April 2, 2018
Vector: Local
Systems affected: MatrikonOPC Explorer 5.x
Vendor: Honeywell
Notification status: 20.02.2015 - Vendor gets vulnerability details
02.04.2018 - Vendor releases fixed version and details
07.12.2018 - Public disclosure
High (8.8) (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
PT-2018-25: Improper Authorization in PRTG Network Monitor
Fix date: May 7, 2018
Vector: Remote
Systems affected: PRTG Network Monitor 18.x
PRTG Network Monitor 17.x
Vendor: Paessler
Notification status: 25.05.2018 - Vendor gets vulnerability details
07.05.2018 - Vendor releases fixed version and details
26.10.2018 - Public disclosure
High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
PT-2018-24: Authentication Bypass, Improper Authorization and Local File Inclusion in PRTG Network Monitor
Fix date: May 7, 2018
Vector: Remote
Systems affected: PRTG Network Monitor 18.x
PRTG Network Monitor 17.x
Vendor: Paessler
Notification status: 25.05.2018 - Vendor gets vulnerability details
07.05.2018 - Vendor releases fixed version and details
26.10.2018 - Public disclosure
High (9.1) (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
PT-2018-23: Remote Code Execution in PRTG Network Monitor
Fix date: September 24, 2018
Vector: Remote
Systems affected: PRTG Network Monitor 18.x
PRTG Network Monitor 17.x
Vendor: Paessler
Notification status: 25.05.2018 - Vendor gets vulnerability details
24.09.2018 - Vendor releases fixed version and details
25.10.2018 - Public disclosure
High (7.5) (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
PT-2018-22: Denial of Service in PRTG Network Monitor
Fix date: June 6, 2018
Vector: Remote
Systems affected: PRTG Network Monitor 18.x
PRTG Network Monitor 17.x
Vendor: Paessler
Notification status: 25.05.2018 - Vendor gets vulnerability details
06.06.2018 - Vendor releases fixed version and details
25.10.2018 - Public disclosure
High (7.5) (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
PT-2018-21: Buffer Overflow in Schneider Electric's Modicon Premium, Modicon Quantum, and Modicon M340
Fix date: March 22, 2018
Vector: Remote
Systems affected: Schneider Electric Modicon Quantum
Schneider Electric Modicon Premium
Schneider Electric Modicon M340
Vendor: Schneider Electric
Notification status: 28.04.2017 - Vendor gets vulnerability details
22.03.2018 - Vendor releases fixed version and details
03.09.2018 - Public disclosure
High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
PT-2018-20: Arbitrary Code Execution in Schneider Electric's BMXNOR0200
Fix date: March 22, 2018
Vector: Remote
Systems affected: Schneider Electric Modicon BMXNOR0200
Vendor: Schneider Electric
Notification status: 28.04.2017 - Vendor gets vulnerability details
22.03.2018 - Vendor releases fixed version and details
03.09.2018 - Public disclosure
High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
PT-2018-19: Authorization Bypass in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200
Fix date: March 22, 2018
Vector: Remote
Systems affected: Schneider Electric Modicon Quantum
Schneider Electric Modicon Premium
Schneider Electric Modicon M340
Schneider Electric Modicon BMXNOR0200
Vendor: Schneider Electric
Notification status: 28.04.2017 - Vendor gets vulnerability details
22.03.2018 - Vendor releases fixed version and details
03.09.2018 - Public disclosure
High (7.5) (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
PT-2018-18: Buffer Overflow in Schneider Electric's Modicon Premium, Modicon Quantum, and Modicon M340
Fix date: March 22, 2018
Vector: Remote
Systems affected: Schneider Electric Modicon Quantum
Schneider Electric Modicon Premium
Schneider Electric Modicon M340
Vendor: Schneider Electric
Notification status: 28.04.2017 - Vendor gets vulnerability details
22.03.2018 - Vendor releases fixed version and details
03.09.2018 - Public disclosure
High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
PT-2018-17: Information Disclosure in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200
Fix date: March 22, 2018
Vector: Remote
Systems affected: Schneider Electric Modicon Quantum
Schneider Electric Modicon Premium
Schneider Electric Modicon M340
Schneider Electric Modicon BMXNOR0200
Vendor: Schneider Electric
Notification status: 28.04.2017 - Vendor gets vulnerability details
22.03.2018 - Vendor releases fixed version and details
03.09.2018 - Public disclosure
High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
PT-2018-16: Hardcoded Accounts in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200
Fix date: March 22, 2018
Vector: Remote
Systems affected: Schneider Electric Modicon Quantum
Schneider Electric Modicon Premium
Schneider Electric Modicon M340
Schneider Electric Modicon BMXNOR0200
Vendor: Schneider Electric
Notification status: 28.04.2017 - Vendor gets vulnerability details
22.03.2018 - Vendor releases fixed version and details
03.09.2018 - Public disclosure
High (8.8) (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
PT-2018-15: Arbitrary Code Execution in Schneider Electric's Modicon Quantum
Fix date: March 22, 2018
Vector: Remote
Systems affected: Schneider Electric Modicon Quantum
Vendor: Schneider Electric
Notification status: 28.04.2017 - Vendor gets vulnerability details
22.03.2018 - Vendor releases fixed version and details
03.09.2018 - Public disclosure
High (9.0) (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
PT-2018-14: Buffer Overflow in PHOENIX CONTACT FL SWITCH
Fix date: May 16, 2018
Vector: Remote
Systems affected: FL SWITCH 3xxx
FL SWITCH 4xxx
FL SWITCH 48xxx
Vendor: PHOENIX CONTACT
Notification status: 22.02.2018 - Vendor gets vulnerability details
16.05.2018 - Vendor releases fixed version and details
29.08.2018 - Public disclosure
High (9.1) (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
PT-2018-13: Command Injection in PHOENIX CONTACT FL SWITCH
Fix date: May 16, 2018
Vector: Remote
Systems affected: FL SWITCH 3xxx
FL SWITCH 4xxx
FL SWITCH 48xxx
Vendor: PHOENIX CONTACT
Notification status: 22.02.2018 - Vendor gets vulnerability details
16.05.2018 - Vendor releases fixed version and details
29.08.2018 - Public disclosure
Medium (5.3) (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
PT-2018-12: Information Disclosure in PHOENIX CONTACT FL SWITCH
Fix date: May 16, 2018
Vector: Remote
Systems affected: FL SWITCH 3xxx
FL SWITCH 4xxx
FL SWITCH 48xxx
Vendor: PHOENIX CONTACT
Notification status: 22.02.2018 - Vendor gets vulnerability details
16.05.2018 - Vendor releases fixed version and details
29.08.2018 - Public disclosure
High (8.1) (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
PT-2018-11: Buffer Overflow in PHOENIX CONTACT FL SWITCH
Fix date: May 16, 2018
Vector: Remote
Systems affected: FL SWITCH 3xxx
FL SWITCH 4xxx
FL SWITCH 48xxx
Vendor: PHOENIX CONTACT
Notification status: 22.02.2018 - Vendor gets vulnerability details
16.05.2018 - Vendor releases fixed version and details
29.08.2018 - Public disclosure
High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
PT-2018-10: Server-Side Request Forgery in Ipswitch WhatsUp Gold
Fix date: March 7, 2018
Vector: Remote
Systems affected: Ipswitch WhatsUp Gold 17.x
Vendor: Ipswitch
Notification status: 21.04.2017 - Vendor gets vulnerability details
07.03.2018 - Vendor releases fixed version and details
22.08.2018 - Public disclosure
High (9.8) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
PT-2018-09: Code Injection in Ipswitch WhatsUp Gold
Fix date: March 7, 2018
Vector: Remote
Systems affected: Ipswitch WhatsUp Gold 17.x
Vendor: Ipswitch
Notification status: 21.04.2017 - Vendor gets vulnerability details
07.03.2018 - Vendor releases fixed version and details
22.08.2018 - Public disclosure
Severity level
Date filters
Date range
Year
Month
Starts:
Year
Month
Ends:
Year
Month
Vendor
Company name
Systems affected
Software name
Reset filter
Positive Technologies Application Inspector
Editor’s Choice