CVE-2025-54603

creationtimestamp| type| source ---|---|--- 2025-10-30 19:29:51+00:00| seen| https://www.darkreading.com/ics-ot-security/claroty-patches-authentication-bypass-flaw 2025-11-01 14:40:08+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3m4l7upujag22...

CVE-2025-54603

An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users...

EUVD-2025-34434

An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users...

CVE-2025-54603

An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users...

Claroty Secure Access 安全漏洞

Claroty Secure Access is a remote secure access management platform from Claroty USA. A security vulnerability exists in Claroty Secure Access versions 3.3.0 through 4.0.2, which stems from an incorrect OIDC authentication process that could result in an unauthorized user creating or impersonatin...

PT-2025-42006

Name of the Vulnerable Software and Affected Versions Claroty Secure Access versions 3.3.0 through 4.0.2 Description An incorrect OpenID Connect OIDC authentication flow can lead to unauthorized user creation or impersonation of existing OIDC users. Recommendations Update Claroty Secure Access to...

CVE-2025-54603

An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users...

CVE-2025-54603

The CVE-2025-54603 entry affects Claroty Secure Access versions 3.3.0 through 4.0.2. The root cause is an incorrect OIDC authentication flow, which can enable unauthorized user creation or impersonation of existing OIDC users. The vulnerability is described with network attack surface and a low t...

EUVD-2021-19679

Malware in sbrugna...

CVE-2021-32958

Successful exploitation of this vulnerability on Claroty Secure Remote Access SRA Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface UI. With acces...

CVE-2024-7847

VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to assess the following vulnerabilities. The following vulnerabilities were reported to us by Sharon Brizinov of Claroty Research - Team82. A feature in the affected products enables users to prepare a...

CVE-2024-7847 RSLogix™ 5 and RSLogix 500® Remote Code Execution Via VBA Embedded Script

VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to assess the following vulnerabilities. The following vulnerabilities were reported to us by Sharon Brizinov of Claroty Research - Team82. A feature in the affected products enables users to prepare a...

CVE-2024-7847 RSLogix™ 5 and RSLogix 500® Remote Code Execution Via VBA Embedded Script

VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to assess the following vulnerabilities. The following vulnerabilities were reported to us by Sharon Brizinov of Claroty Research - Team82. A feature in the affected products enables users to prepare a...

Optigo Networks ONS-S8 - Spectra Aggregation Switch

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Optigo Networks Equipment: ONS-S8 - Spectra Aggregation Switch Vulnerabilities: Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion', Weak...

Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access

A high-severity security bypass vulnerability has been disclosed in Rockwell Automation ControlLogix 1756 devices that could be exploited to execute common industrial protocol CIP programming and configuration commands. The flaw, which is assigned the CVE identifier CVE-2024-6242, carries a CVSS...

Rockwell Automation Logix Controllers

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ControlLogix, GuardLogix, and 1756 ControlLogix I/O Modules Vulnerability : Unprotected Alternate Channel 2. RISK EVALUATION Successful exploitation of this...

Walchem Intuition 9

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Walchem Equipment: Intuition 9 Vulnerabilities: Missing Authentication for Critical Function, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

Critical Security Flaws Uncovered in Honeywell Experion DCS and QuickBlox Services

Multiple security vulnerabilities have been discovered in various services, including Honeywell Experion distributed control system DCS and QuickBlox, that, if successfully exploited, could result in severe compromise of affected systems. Dubbed Crit.IX, the nine flaws in the Honeywell Experion D...

Over 100 Siemens PLC Models Found Vulnerable to Firmware Takeover

Security researchers have disclosed multiple architectural vulnerabilities in Siemens SIMATIC and SIPLUS S7-1500 programmable logic controllers PLCs that could be exploited by a malicious actor to stealthily install firmware on affected devices and take control of them. Discovered by Red Balloon...

ICONICS and Mitsubishi Electric Products

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Low attack complexity Vendor: ICONICS, Mitsubishi Electric Equipment: ICONICS Product Suite Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to write arbitrary files. 3. TECHNICAL...