Hitachi Energy RTU500 series

RISK EVALUATION Successful exploitation of these vulnerabilities could cause a Denial-of-Service condition in RTU500 devices. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure...

Rockwell Automation Analytics LogixAI

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...

Rockwell FactoryTalk Linx

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to to create, update, and delete FTLinx drivers. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

AVEVA PI Integrator

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, or upload and execute files. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...

Schneider Electric Modicon M340 Controller and Communication Modules (Update A)

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

Siemens RUGGEDCOM ROX II

SUMMARY RUGGEDCOM ROX II devices do not properly limit access through their Built-In-Self-Test BIST mode. This could allow a local attacker to bypass authentication and access a root shell on the device. Siemens is preparing fix versions and recommends specific countermeasures for products where...

Siemens SIMOTION SCOUT, SIMOTION SCOUT TIA, and SINAMICS STARTER

SUMMARY SIMOTION SCOUT, SIMOTION SCOUT TIA and SINAMICS STARTER are affected by an XXE injection vulnerability that could allow an attacker to access arbitrary application files. Siemens has released new versions for several affected products and recommends to update to the latest versions...

CVE-2025-54885

Thinbus Javascript Secure Remote Password is a browser SRP6a implementation for zero-knowledge password authentication. In versions 2.0.0 and below, a protocol compliance bug causes the client to generate a fixed 252 bits of entropy instead of the intended bit length of the safe prime defaulted t...

CVE-2025-54885

Thinbus SRP client (thinbus-srp-npm) prior to version 2.0.1 has a protocol compliance bug that causes the client public value to be generated from a private value 4 bits below the RFC-specified length, leading to only 252 bits of entropy instead of the intended 2048-bit safe prime. This reduces t...

Thinbus Javascript Secure Remote Password 安全特征问题漏洞

Thinbus Javascript Secure Remote Password is a secure remote password implementation from the individual developer Simon Massey. A security signature issue vulnerability exists in Thinbus Javascript Secure Remote Password version 2.0.0 and earlier, which stems from a protocol compliance issue...

GHSA-8Q6V-474H-WHGG The Thinbus Javascript Secure Remote Password (SRP) Client Generates Fewer Bits of Entropy Than Intended

Impact A protocol compliance bug in thinbus-srp-npm versions prior to 2.0.1 causes the client to generate a fixed 252 bits of entropy instead of the intended bit length of the safe prime defaulted to 2048 bits. RFC 5054 states in section 2.5.4 Client Key Exchange The client key exchange message...

CVE-2025-5450

Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted...

Schneider Electric System Monitor Application

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

Schneider Electric EcoStruxure

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

Dover Fueling Solutions ProGauge MagLink LX consoles

RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker gaining control of the monitoring device, manipulating fueling operations, deleting system configurations, or deploying malware. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...

LS Electric GMWin 4

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

Instantel Micromate (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the device's configuration port and execute commands. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability,...

Santesoft Sante DICOM Viewer Pro

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose information or execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

Johnson Controls iSTAR Configuration Utility (ICU) tool

RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to gain access to memory leaked from the ICU. This utility is only used to configure products that are no longer manufactured or supported. ICU is not used to configure the iSTAR Ultra and the current iSTAR G2...

CVE-2023-41719

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution...