In this Team82 report, we analyzed a subset of engineering workstations (EWS) and human-machine interfaces (HMIs) from a sample of more than 125,000 OT assets, and found that more than one-third are insecurely connected to the internet and also contain at least one confirmed vulnerability that has been publicly exploited.
A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information.
CVSS v3: 3.9
The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.
To Axis’ knowledge, no known exploits exist publicly as of today and Axis is not aware that this has been exploited. Axis will not provide more detailed information about the vulnerability.
Axis has released a patch for this flaw with the following versions:
CVSS v3: 9.0
The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack.
To Axis’ knowledge, no known exploits exist publicly as of today and Axis is not aware that this has been exploited. Axis will not provide more detailed information about the vulnerability.
Axis has released a patch for this flaw with the following version:
CVSS v3: 6.8
The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation.
To Axis’ knowledge, no known exploits exist publicly as of today and Axis is not aware that this has been exploited. Axis will not provide more detailed information about the vulnerability.
Axis has released a patch for this flaw with the following version:
CVSS v3: 4.8
The AXIS Camera Station Server had a flaw that allowed to bypass authentication that is normally required.
To Axis’ knowledge, no known exploits exist publicly as of today and Axis is not aware that this has been exploited. Axis will not provide more detailed information about the vulnerability. We appreciate the efforts of security researchers and ethical hackers on improving security in Axis products, solutions, and services.
Axis has released a patch for this flaw with the following versions:
CVSS v3: 5.3
