1488 matches found
Rockwell Automation FactoryTalk Policy Manager
RISK EVALUATION Successful exploitation of this vulnerability could lead to resource exhaustion and denial of service. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...
Rockwell Automation FactoryTalk DataMosaix Private Cloud
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to take over accounts, steal credentials, redirect users to a malicious website, or bypass MFA. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...
AVEVA Edge
RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to reverse engineer passwords through brute force. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...
Mitsubishi Electric MELSEC iQ-F Series
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the product. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also...
Malicious Package
Overview SqlDbRepository is a malicious package. This package contains malicious code that injects time-delayed destructive payloads into database operations and target industrial control systems. Published under the NuGet alias shanhai666 together with 8 other malicious packages between 2023 and...
Malicious Package
Overview SqlUnicorn.Core is a malicious package. This package contains malicious code that injects time-delayed destructive payloads into database operations and target industrial control systems. Published under the NuGet alias shanhai666 together with 8 other malicious packages between 2023 and...
Malicious Package
Overview MyDbRepository is a malicious package. This package contains malicious code that injects time-delayed destructive payloads into database operations and target industrial control systems. Published under the NuGet alias shanhai666 together with 8 other malicious packages between 2023 and...
Malicious Package
Overview SqlLiteRepository is a malicious package. This package contains malicious code that injects time-delayed destructive payloads into database operations and target industrial control systems. Published under the NuGet alias shanhai666 together with 8 other malicious packages between 2023 a...
Malicious Package
Overview SqlRepository is a malicious package. This package contains malicious code that injects time-delayed destructive payloads into database operations and target industrial control systems. Published under the NuGet alias shanhai666 together with 8 other malicious packages between 2023 and...
Malicious Package
Overview SqlUnicornCore is a malicious package. This package contains malicious code that injects time-delayed destructive payloads into database operations and target industrial control systems. Published under the NuGet alias shanhai666 together with 8 other malicious packages between 2023 and...
Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation
A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems. According to software supply chain security company Socket, the packages were published in 2023 and 2024 by a user named...
CVE-2025-59171
creationtimestamp| type| source ---|---|--- 2025-11-06 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-01 2025-11-07 00:42:15+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m4ytslb4bua2 2025-11-07 02:38:12+00:00| seen|...
ABB FLXeon Controllers
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to take remote control of the product, insert and run arbitrary code, and crash the device being accessed. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
CVE-2025-12108
creationtimestamp| type| source ---|---|--- 2025-11-04 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-02 2025-11-04 22:06:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4tk7625we2a 2025-11-06 04:15:13+00:00| seen|...
Delta Electronics CNCSoft-G2
RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to execute arbitrary code in the context of the current process. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...
Radiometrics VizAir
RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to manipulate critical weather parameters and runway settings, mislead air traffic control and pilots, extract sensitive meteorological data, and cause significant disruption to airport operations, leading to...
IDIS ICM Viewer
RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker executing arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-303-01 International Standards Organization ISO 15118-2 ICSA-25-303-02 Hitachi Energy TropOS CISA encourages users an...
Vertikal Systems Hospital Manager Backend Services
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain unauthorized access to and disclose sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such...
Siemens SIMATIC Devices Improper Input Validation (CVE-2024-35983)
bounds: Use the right number of bits for power-of-two CONFIGNRCPUS This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503583; scriptversion"1.2";...