Good news ! Hackbusters community is waiting for you !
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at:

Hackers Can Chain Multiple Flaws to Attack WAGO HMI Devices

Germany-based industrial automation company WAGO has patched several vulnerabilities in its e!DISPLAY 7300T Web Panel human-machine interface (HMI) products that can be chained to take control of affected devices.

The security holes, discovered by researchers at security consultancy SEC Consult and rated “high severity,” include multiple reflected and one stored cross-site scripting (XSS) vulnerabilities (CVE-2018-12981), unrestricted file upload and file path manipulation issues (CVE-2018-12980), and an incorrect default permissions flaw (CVE-2018-12979).

The reflected XSS flaws allow an unauthenticated attacker to execute arbitrary scripts in the context of the victim and hijack their session by getting them to click on a specially crafted link. The stored XSS can only be exploited by an authenticated hacker, but it does not require the targeted user to click on a link. Instead, the malicious code is triggered when the victim visits the “PLC List” page in the web...(continued)

View All Trending Stories