101 matches found
PT-2026-41991
In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin...
Siemens RUGGEDCOM APE1808 Devices
SUMMARY Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security...
ABB B&R PVI
SUMMARY ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is now available that addresses and remediates the vulnerability. An attacker who successfully exploited this vulnerability could read sensitive information in the logging data of the...
Rockwell Automation 432ES-IG3 Series A
RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...
Rockwell Automation ArmorStart AOP
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the affected product. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...
Siemens RUGGEDCOM ROX II
SUMMARY RUGGEDCOM ROX II devices do not properly limit access through their Built-In-Self-Test BIST mode. This could allow a local attacker to bypass authentication and access a root shell on the device. Siemens is preparing fix versions and recommends specific countermeasures for products where...
Rockwell Automation Lifecycle Services with VMware
RISK EVALUATION Successful exploitation of these vulnerabilities could lead to code execution on the host or leakage of memory from processes communicating with vSockets. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...
Honeywell Experion PKS (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could result in information exposure, denial of service, or remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...
End-of-Train and Head-of-Train Remote Linking Protocol (Update C)
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send their own brake control commands to the end-of-train device, causing a sudden stoppage of the train which may lead to a disruption of operations, or induce brake failure. 2. RECOMMENDED PRACTICES CISA...
Dover Fueling Solutions ProGauge MagLink LX consoles
RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker gaining control of the monitoring device, manipulating fueling operations, deleting system configurations, or deploying malware. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...
TencentOS Server 2: git (TSSA-2023:0069)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0069 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...
AVEVA PI Connector for CygNet
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to persist arbitrary code in the administrative portal of the product or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
AVEVA PI Web API
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disable content security policy protections. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
Siemens SiPass
SUMMARY SiPass integrated ACC Advanced Central Controller devices do not properly check the integrity of firmware updates. This could allow an attacker to upload a maliciously modified firmware onto the device. Siemens is preparing fix versions and recommends specific countermeasures for...
Rockwell Automation FactoryTalk Historian ThingWorx
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to launch XXE-based attacks on applications that accept malicious log4net configuration files. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...
Schneider Electric EcoStruxure Power Build Rapsody
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...
Siemens Mendix OIDC SSO
SUMMARY The Mendix OIDC SSO module grants read and write access to all tokens exclusively to the Administrator role and could result in privilege misuse by an adversary modifying the module during Mendix development. Siemens has released a new version for Mendix OIDC SSO and recommends to update...
Siemens SiPass Integrated
SUMMARY SiPass integrated versions before V2.95.3.18 contain an out of bounds read vulnerability that could allow an unauthenticated remote attacker to create a denial of service condition. Siemens has released a new version for SiPass integrated and recommends to update to the latest version...
Horner Automation Cscape
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
Delta Electronics ISPSoft
RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker executing arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all...