101 matches found
HID Global Reader Configuration Cards
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Low attack complexity Vendor : HID Global Equipment : Reader Configuration Cards Vulnerability : Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read the credential and device...
INEA ME RTU
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : INEA Equipment : ME RTU Vulnerabilities : OS Command Injection, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code execution...
Hitachi Energy GMS600
SUMMARY Hitachi Energy is aware of the vulnerability, CVE-2022-4304 in the OSS component OpenSSL, that affects the GMS600 versions that are listed below. An attacker successfully exploiting this vulnerability could send trial messages to the server and record the time taken to process them...
Red Lion Crimson
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Red Lion Controls Equipment: Crimson Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain user credential hashes. 3...
Johnson Controls Metasys ADS, ADX, OAS
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc Equipment: Metasys ADS, ADX, OAS with MUI Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...
Keysight N6854A Geolocation server and N6841A RF Sensor software
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Keysight Technologies, Inc. Equipment: N6854A Geolocation server and N6841A RF Sensor software Vulnerabilities: Relative Path Traversal, Deserialization of Untrusted Data 2. RISK EVALUATION Successful...
Eaton Intelligent Power Manager
1. EXECUTIVE SUMMARY CVSS v3 5.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Eaton Equipment: Intelligent Power Manager IPM v1 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code...
Xylem AquaView
1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Low attack complexity Vendor: Xylem, Inc. Equipment: AquaView Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated local attacker to create users, delete users,...
Johnson Controls CEM Systems AC2000
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Controlled Electronic Management Systems, Ltd., a subsidiary of Johnson Controls, Inc. Equipment: CEM Systems AC2000 Vulnerability: Off-by-one Error 2. RISK EVALUATION Successful exploitation of this vulnerability could...
Sensormatic Electronics KT-1
1. EXECUTIVE SUMMARY Vendor: Sensormatic Electronics, LLC., a subsidiary of Johnson Controls, Inc. Equipment: KT-1 Vulnerability: Use of Unmaintained Third-party Components 2. RISK EVALUATION The affected product uses an unsupported version of Microsoft Windows CE. This version may not receive...
Johnson Controls Metasys
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: Metasys Servers, Engines, and Tools Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could give an authenticated...
Understanding the threat landscape and risks of OT environments
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Chris Sistrunk, Technical Manager in...
Siemens Nucleus DNS (Update A)
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Nucleus Vulnerability: Use of Insufficiently Random Values 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-103-14 Siemens Nucleus...
GE MU320E
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: MU320E Vulnerabilities: Use of Hard-coded Password, Execution with Unnecessary Privileges, Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of these...
Siemens LOGO! 8 BM
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Honeywell OPC UA Tunneller
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Matrikon, a subsidiary of Honeywell Equipment: OPC UA Tunneller Vulnerabilities: Heap-based Buffer Overflow, Out-of-bounds Read, Improper Check for Unusual or Exceptional Conditions, Uncontrolled...
Reolink P2P Cameras
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Reolink Equipment: P2P protocol Vulnerabilities: Use of Hard-coded Cryptographic Key, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these...
icsmaster
This repository is an offensive tool for ICS Industrial Control Systems security research. It contains a collection of resources, including papers, exploits, firmware, Nmap scripts, and tools, related to ICS security. The repository is organized into several sections, including a directory of...
Fieldcomm Group HART-IP and hipserver
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Fieldcomm Group Equipment: HARP-IP Developer kit, hipserver Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being...
AVEVA Enterprise Data Management Web
1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: AVEVA Equipment: Enterprise Data Management Web Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL...