Siemens RUGGEDCOM Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

WIN-911 2021

1. EXECUTIVE SUMMARY CVSS v3 5.6 ATTENTION: Low attack complexity Vendor: WIN-911 Equipment: WIN-911 2021 Vulnerabilities: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to leverage the misconfigured privileges to the...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

This is a PoC exploit for CVE-2021-26084, a pre-auth RCE injecti...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

This is a PoC exploit for CVE-2021-26084, a pre-auth RCE injecti...

Mitsubishi Electric MELSEC-F Series

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC-F Series Vulnerability: Improper Initialization 2. RISK EVALUATION Successful exploitation of this vulnerability may cause a denial-of-service condition in the...

Omron CX-One

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Omron Equipment: CX-One Vulnerabilities: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability may allow arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The...

Siemens Healthineers syngo fastView (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Healthineers, a subsidiary of Siemens Equipment: syngo fastView --------- Begin Update A Part 1 of 2 -------- Vulnerabilities: Out-of-bounds Write, Write-what-where Condition --------- End Update A Part 1 of 2...

Mitsubishi Electric FA Engineering Software (Update B)

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: FA Engineering Software Vulnerabilities: Out-of-bounds Read, Integer Underflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-350-05...

Delta Electronics CNCSoft

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow information disclosure or an application crash. 3. TECHNICAL DETAILS 3.1...

Siemens JTTK and JT Utilities

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: JTTK and JT Utilities Vulnerabilities: Out-of-bounds Write, Use after Free, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead the application to crash or...

Schneider Electric SESU

1. EXECUTIVE SUMMARY CVSS v3 3.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Schneider Electric Software Update SESU Vulnerability: Insufficient Entropy 2. RISK EVALUATION Successful exploitation of this vulnerability could cause unintended connection from an internal...

Philips MRI 1.5T and 3T (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.2 ATTENTION: Low attack complexity Vendor: Philips Equipment: MRI 1.5T and 3T Vulnerabilities: Improper Access Control, Incorrect Ownership Assignment, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of these...

Fuji Electric Tellus Lite V-Simulator and V-Server Lite

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Tellus Lite V-Simulator, and V-Server Lite Vulnerabilities : Stack-based Buffer Overflow, Out-of-bounds Write, Untrusted Pointer Dereference, Out-of-bounds Read, Access of Uninitialized Pointer,...

ICONICS GENESIS64 and Mitsubishi Electric MC Works64

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: ICONICS, Mitsubishi Electric Equipment: ICONICS GENESIS64, Mitsubishi Electric MC Works64 Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities may...

Trane Symbio (Update B)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity Vendor: Trane Equipment: Symbio 700 and Symbio 800 controllers Vulnerability: Code Injection 2. UPDATE INFORMATION The updated advisory is a follow-up to the original advisory titled ICSA-21-266-01 Trane Symbio that was published...

Siemens Desigo CC Family

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Desigo CC Family Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code...

Siemens LOGO! CMR and SIMATIC RTU 3000

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: LOGO! CMR2020, LOGO! CMR2040 and SIMATIC RTU 3000 family Vulnerabilities: Incorrect Calculation of Buffer Size, Improper Certificate Validation 2. RISK EVALUATION Successful...

5 high-profile DDoS attacks that should chill you to the bone

Distributed denial of service DDoS attacks are malicious attempts to make an online service unavailable to users, usually by temporarily interrupting or suspending the services of its hosting server. Data revealed in the 2021 DDoS Threat Landscape Report strongly suggests attacks are constantly...

Delta Electronics DOPSoft (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DOPSoft Vulnerability: Stack-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-238-04 Delta Electronics DOPSoft that was...

Delta Electronics TPEditor

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: TPEditor Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability may allow for arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED...