139 matches found
CVE-2021-20028
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access SRA products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier...
CVE-2021-31589
A cross-site scripting XSS vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization...
ECOVACS DEEBOT Vacuum and Base Station (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to send malicious updates to the devices or execute code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...
Schneider Electric PrismaSeT Active - Wireless Panel Server
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...
Schneider Electric Modicon Controllers (Update B)
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric Galaxy VS, Galaxy VL, Galaxy VXL (Update A)
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Siemens SCALANCE LPE9403
SUMMARY SCALANCE LPE9403 is affected by multiple vulnerabilities which lead to a compromise in availability, integrity and confidentiality. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. 2. GENERAL RECOMMENDATIONS...
Siemens Teamcenter Visualization
SUMMARY Siemens Teamcenter Visualization contains a out-of-bound read vulnerability that could be triggered when the application reads files in WRL format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially...
Optigo Networks ONS NC600
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to establish an authenticated connection with the hard-coded credentials and perform OS command executions. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
Hitachi Energy Asset Suite
SUMMARY Hitachi Energy is aware multiple vulnerabilities that affects the Asset Suite product versions listed below. If these vulnerabilities are successfully exploited by an attacker, it could have an impact on the confidentiality, integrity, or availability of the product. Please refer to the...
Delta Electronics ISPSoft
RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker executing arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all...
Siemens SENTRON 7KT PAC1260 Data Manager
SUMMARY SENTRON 7KT PAC1260 Data Manager is affected by multiple vulnerabilities as listed below. Software fixes can no longer be provided for The SENTRON 7KT PAC1260 Data Manager. This advisory documents the known open vulnerabilities. To fix the vulnerabilities, Siemens recommends to replace...
Siemens Simcenter Femap
SUMMARY Siemens Simcenter Femap is affected by memory corruption vulnerability that could be triggered when the application reads files in .NEU format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to leak information or...
Optigo Networks Visual BACnet Capture Tool / Optigo Visual Networks Capture Tool
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, gain control over the products, or impersonate the web applications. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...
Schneider Electric EcoStruxure Power Automation System
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric EcoStruxure Panel Server
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Elseta Vinci Protocol Analyzer
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges and perform code execution on the affected system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such...
mySCADA myPRO Manager
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary OS commands, upload files, and obtain sensitive information without providing associated credentials. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize...
Siemens Teamcenter
SUMMARY The SSO login service in Teamcenter contains an open redirect vulnerability that could allow an attacker to redirect the legitimate user to an attacker-chosen URL to steal valid session data. Siemens has released a new version for Teamcenter and recommends to update to the latest...
Siemens SIMATIC
SUMMARY The webserver of several SIMATIC products is affected by a user enumeration vulnerability that could allow an unauthenticated remote attacker to identify valid usernames. Siemens has released new versions for several affected products and recommends to update to the latest versions...