Siemens Desigo PXC and DXR Devices have unspecified vulnerabilities

Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA Total Room Automation applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use...

Siemens SIMATIC WinCC Kiosk Mode Incorrect Initialization Vulnerability

SIMATIC PCS 7 is a process control system.SIMATIC WinCC is an automated data acquisition and monitoring SCADA system.SIMATIC WinCC Runtime Professional is a visual runtime platform for operators to control and monitor machines and equipment. A security vulnerability exists in Siemens SIMATIC WinC...

Eaton Intelligent Power Manager

1. EXECUTIVE SUMMARY CVSS v3 5.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Eaton Equipment: Intelligent Power Manager IPM v1 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the server virtualization automation design (Automation Design) SCADA system Yokogawa CENTUM VP’s network protocol implementation allows a hacker to exploit the functions provided by the AD server.

The vulnerability of the server network protocol implementation in the Automation Design SCADA system of Yokogawa CENTUM VP is related to errors during the authentication process. Exploiting this vulnerability allows a malicious actor to utilize the features provided by the AD server...

Rockwell Automation ISaGRAF5 Runtime Uncontrolled Search Path Element (CVE-2020-25182)

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft...

Schneider Electric Cleartext Transmission of Sensitive Information in embedded Rockwell Automation ISaGRAF5 Runtime (CVE-2020-25178)

ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote...

Rockwell Automation ISaGRAF5 Runtime Cleartext Transmission of Sensitive Information (CVE-2020-25178)

ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote...

Elcomplus SmartPPT 跨站脚本漏洞

Elcomplus SmartPPT is an integrated voice and data scheduling software from Elcomplus USA. A cross-site scripting vulnerability exists in SmartPPT SCADA Server version v1.4, which allows an authenticated attacker to inject arbitrary JavaScript into critical parameters...

CVE-2021-46662

creationtimestamp| type| source ---|---|--- 2022-04-17 20:59:51+00:00| seen| https://t.me/cibsecurity/36611 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

CVE-2022-27447

creationtimestamp| type| source ---|---|--- 2022-04-17 00:02:20+00:00| seen| https://t.me/cibsecurity/40769 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

CVE-2022-27448

creationtimestamp| type| source ---|---|--- 2022-04-14 16:19:05+00:00| seen| https://t.me/cibsecurity/40761 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

CVE-2022-27457

creationtimestamp| type| source ---|---|--- 2022-04-14 16:19:00+00:00| seen| https://t.me/cibsecurity/40758 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

CVE-2022-27445

creationtimestamp| type| source ---|---|--- 2022-04-14 16:18:55+00:00| seen| https://t.me/cibsecurity/40753 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

Feds: APTs Have Tools That Can Take Over Critical Infrastructure

Threat actors have built and are ready to deploy tools that can take over a number of widely used industrial control system ICS devices, which spells trouble for critical infrastructure providers—particularly those in the energy sector, federal agencies have warned. In a joint advisory, the...

CVE-2022-27381

creationtimestamp| type| source ---|---|--- 2022-04-13 00:17:09+00:00| seen| https://t.me/cibsecurity/40687 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

CVE-2022-27387

creationtimestamp| type| source ---|---|--- 2022-04-13 00:17:06+00:00| seen| https://t.me/cibsecurity/40685 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

Siemens TIA Administrator Denial of Service Vulnerability

SIMATIC PCS neo is a distributed control system DCS.TIA Administrator is a web-based framework.Siemens Network Planner SINETPLAN supports you as a planner of PROFINET-based automation systems.TIA Portal is a PC A denial of service vulnerability exists in Siemens TIA Administrator, which can be...

Siemens Mendix

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...

The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, allows a intruder to trigger a service failure.

The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a...

CVE-2022-21235

The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection...