Ilevia EVE X1 Server

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary shell commands and the disclosure of sensitive system information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...

KiloView Encoder Series (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to create or delete administrator accounts, granting full administrative control. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...

Brightpick Mission Control / Internal Logic Control

RISK EVALUATION Successful exploitation of these vulnerabilities could result in the exposure of sensitive information and the manipulation of critical functions by an attacker. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...

Rockwell Automation Arena

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information and execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

Growatt Cloud Applications

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to compromise confidentiality, achieve cross-site scripting, or code execution on affected devices. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation...

Subnet Solutions PowerSYSTEM Center

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Subnet Solutions Inc. Equipment : Subnet PowerSYSTEM Center Vulnerability : Prototype Pollution 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated...

Schneider Electric EcoStruxure Foxboro DCS Core Control Services

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

CAREL Boss-Mini

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : CAREL Equipment : Boss-Mini Vulnerability : Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

Crestron AM-300

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION : Low attack complexity Vendor : Crestron Equipment : AM-300 Vulnerability : OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate their privileges to root-level access. 3...

Integration Objects OPC UA Server Toolkit (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Integration Objects Equipment : OPC UA Server Toolkit Vulnerability : Improper Output Neutralization for Logs 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a...

FANUC ROBOGUIDE-HandlingPRO

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: FANUC Equipment: ROBOGUIDE-HandlingPRO Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read and/or overwrite files on the system running the affected...

Hitachi Energy MicroSCADA Pro X SYS600

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MicroSCADA Pro/X SYS600 Vulnerability: NULL Pointer Dereference, Infinite Loop 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause the affected...

JTEKT TOYOPUC Products

1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: JTEKT Corporation Equipment: TOYOPUC products Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote...

Fuji Electric Alpha5 Smart Loader (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Fuji Electric Equipment: Alpha5 Smart Loader Vulnerabilities: Classic Buffer Overflow, Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a...

Siemens SINAMICS S/G Authentication Bypass Vulnerability

OVERVIEW Siemens has identified an authentication bypass vulnerability in the SINAMICS S/G product family. Siemens has produced a firmware update that mitigates this vulnerability and has tested the update to validate that it resolves the vulnerability. Exploitation of this vulnerability could...

Reading material

Stuxnet expert and industry gadfly Ralph Langner was in attendance at S4 this year, as he has been in past years. This year, however, Langner had a new book to promote: Robust Control System Networks – a kind of call to arms for the industrial control sector to respond to a ‘post Stuxnet’ world...

IntelliCom NetBiter Config HICP hostname buffer overflow

Overview The IntelliCom NetBiter Config HICP configuration utility has a buffer overflow vulnerability that can be triggered by a specially crafted hostname hn value. An attacker with network access could exploit this vulnerability to execute arbitrary code with the privileges of the user running...