CBL Mariner 2.0 Security Update: git (CVE-2024-50349)

The version of git installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50349 advisory. - Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides...

ZF Roll Stability Support Plus (RSSPlus)

RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely proximal/adjacent with RF equipment call diagnostic functions which could impact both the availability and integrity. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

CVE-2024-52006

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems mos...

Belledonne Communications Linphone-Desktop

RISK EVALUATION Successful exploitation of this vulnerability could could result in a remote attacker causing a denial-of-service condition on the affected devices. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability,...

Siemens SIMATIC S7-1200 CPUs

SUMMARY The web interface of SIMATIC S7-1200 CPUs before V4.7 is affected by a cross-site request forgery CSRF vulnerability. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general security measure,...

Siemens Industrial Edge Management

SUMMARY Industrial Edge Management is affected by a reflected cross-site scripting XSS vulnerability that could allow an attacker to extract sensitive information by tricking users into accessing a malicious link. Siemens recommends countermeasures for products where fixes are not, or not yet...

Schneider Electric EcoStruxure Power Build Rapsody

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

CISA: Secure by Demand: Priority Considerations

This is CISA's Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products. This guide is intended to help owners and operators procure Operational Technology OT products, particularly industrial automation and control system products,...

CVE-2024-6352

creationtimestamp| type| source ---|---|--- 2025-01-13 18:45:01+00:00| seen| https://t.me/cvedetector/15160 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-03...

PT-2025-43668

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 146 Firefox ESR versions prior to 115.31 Firefox ESR versions prior to 140.6 Description A sandbox escape exists because of incorrect boundary conditions within the Graphics: CanvasWebGL component. Real-world attacks...

Delta Electronics DTM Soft

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...

Tibbo AggreGate Network Manager

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve code execution on the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

The vulnerability of the software for controlling the Geovision GV-ASManager system lies in the absence of an authentication procedure, which allows a intruder to disclose the protected information.

The vulnerability of the software for controlling the Geovision GV-ASManager access control system is related to the absence of an authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...

Rockwell Automation PowerMonitor 1000 Remote

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform edit operations, create admin users, perform factory reset, execute arbitrary code, or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures...

Apache Subversion Denial of Service Vulnerability (CNVD-2024-49153)

Apache Subversion is the United States Apache Apache Foundation of a set of open source version control system. The system is compatible with Concurrent Versions System CVS. A denial of service vulnerability exists in Apache Subversion 1.14.4 and earlier versions, which stems from insufficient...

Horner Automation Cscape

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information and execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

Rockwell Automation Arena (Update B)

RISK EVALUATION Successful exploitation of these vulnerabilities could result in execution of arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all control...

Siemens SENTRON Powercenter 1000

SUMMARY SENTRON Powercenter devices are affected by a denial of service vulnerability that can be triggered during BLE Bluetooth Low Energy pairing. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. 2. GENERAL...

Siemens RUGGEDCOM ROX II 

SUMMARY The CLI feature in the web interface of RUGGEDCOM ROX II devices is vulnerable to cross-site request forgery CSRF, which could allow an attacker to perform administrative actions if an authenticated user is tricked into accessing a malicious link. Siemens has released new versions for...

Siemens Teamcenter Visualization 

SUMMARY Siemens Teamcenter Visualization contains multiple file parsing vulnerabilities that could be triggered when the application reads files in WRL format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially...