Siemens Energy Services

SUMMARY Energy Services from Siemens previously known as Managed Applications and Services, sell solutions using Elspec G5 devices that allows a person with physical access to the device to reset the Admin password by inserting a USB drive containing a publicly documented reset string into a USB...

Samsung HVAC DMS

RISK EVALUATION Successful exploitation of these vulnerabilities can lead to unauthenticated remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all...

LG Innotek Camera Model LNV5110R

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain administrative access to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure...

Mitsubishi Electric CNC Series (Update B)

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious code by getting setup-launcher to load a malicious DLL. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability,...

CISA Recommends Segmentation & Zero Trust to Combat Interlock Ransomware

...

Lantronix Provisioning Manager

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker perform a cross-site scripting attack, which could result in remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

Leviton AcquiSuite and Energy Monitoring Hub

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to craft a malicious payload in URL parameters that would get executed in a client browser when accessed by a user, steal session tokens and control the service. 2. RECOMMENDED PRACTICES CISA recommends users...

LITEON IC48A and IC80A EV Chargers

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information when accessing the Liteon EV chargers. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...

Siemens SINEC NMS

SUMMARY Siemens SINEC NMS before V4.0 is affected by multiple vulnerabilities which could allow an attacker to elevate privilege and exceute arbitrary code. Siemens has released a new version for SINEC NMS and recommends to update to the latest version. Siemens is preparing further fix versions...

Manufacturing Security: Why Default Passwords Must Go

If you didn't hear about Iranian hackers breaching US water facilities, it's because they only managed to control a single pressure station serving 7,000 people. What made this attack noteworthy wasn't its scale, but how easily the hackers gained access — by simply using the manufacturer's defaul...

Mitsubishi Electric MELSEC iQ-F Series

RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition for legitimate users for a certain period by repeatedly attempting to log in with incorrect passwords. When the product repeatedly receives unauthorized logins from an attacker, legitimate...

Mitsubishi Electric MELSOFT Update Manager (Update B)

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, disclose information, alter information, or cause a denial-of-service DoS condition. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk...

Voltronic Power and PowerShield UPS monitoring software

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker remotely to make configuration changes, resulting in shutting down UPS connected devices or execution of arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures...

Mitsubishi Electric Air Conditioning Systems (Update B)

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to control the air conditioning system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform...

Delta Electronics CNCSoft

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code within the context of the current process. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds...

Fuji Electric Smart Editor

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all...

Santesoft Sante DICOM Viewer Pro

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose information or execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

Johnson Controls iSTAR Configuration Utility (ICU) tool

RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to gain access to memory leaked from the ICU. This utility is only used to configure products that are no longer manufactured or supported. ICU is not used to configure the iSTAR Ultra and the current iSTAR G2...

ABUP IoT Cloud Platform

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access device profiles for which they are not authorized. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...

Siemens RUGGEDCOM ROX II

SUMMARY The web interface of RUGGEDCOM ROX II devices contain multiple Client-Side Enforcement of Server-Side Security vulnerabilities that could allow an attacker with a legitimate, highly privileged account on the web interface to get privileged code execution in the underlying OS of the...