Lucene search
K

227 matches found

ICS
ICS
added 2022/06/21 12:0 a.m.128 views

Phoenix Contact ProConOS and MULTIPROG

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Phoenix Contact Equipment: ProConOS/ProConOS eCLR and MULTIPROG Vulnerability: Insufficient Verification of Data Authenticity CISA is aware of a public report, known as “OT:ICEFALL” that details...

10CVSS9.9AI score0.01031EPSS
Exploits0References5
ICS
ICS
added 2022/06/21 12:0 a.m.81 views

JTEKT TOYOPUC

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely Vendor: JTEKT Equipment: TOYOPUC Products Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in multiple operational technology OT...

9.8CVSS10AI score0.00982EPSS
Exploits0References4
ICS
ICS
added 2022/06/16 12:0 a.m.59 views

AutomationDirect DirectLOGIC with Ethernet

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: DirectLOGIC with Ethernet Communication Modules Vulnerabilities: Uncontrolled Resource Consumption, Cleartext Transmission of Sensitive Information 2. UPDATE OR REPOSTED...

9.1CVSS9AI score0.00858EPSS
Exploits0References4
ICS
ICS
added 2022/06/14 6:0 a.m.58 views

Mitsubishi Electric MELSEC iQ-R, Q, L Series and MELIPC Series (Update C)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-R, Q, and L Series CPU Module; MELIPC Series CPU Vulnerability : Improper Resource Locking 2. RISK EVALUATION Successful exploitation of this vulnerability...

7.8CVSS7.9AI score0.01556EPSS
Exploits0References10
ICS
ICS
added 2022/06/14 12:0 a.m.49 views

Mitsubishi Electric MELSEC-Q/L and MELSEC iQ-R

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: MELSEC-Q/L Series and iQ-R Series Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition and/or...

10CVSS9.8AI score0.02059EPSS
Exploits0References4
ICS
ICS
added 2022/06/14 12:0 a.m.71 views

Siemens Teamcenter

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Teamcenter Vulnerability: Use of Hard-coded Credentials 2. UPDATE This updated advisory is a follow-up to the original advisory titled ICSA-22-167-13 Siemens Teamcenter that was...

8.8CVSS8.7AI score0.01256EPSS
Exploits0References11
ICS
ICS
added 2022/05/24 12:0 a.m.80 views

Matrikon OPC Server

1. EXECUTIVE SUMMARY CVSS v3 5.8 ATTENTION: Exploitable remotely Vendor: Matrikon, a subsidiary of Honeywell Equipment: Matrikon OPC Server Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote command...

9CVSS7.7AI score0.00619EPSS
Exploits0References5
ICS
ICS
added 2022/05/24 12:0 a.m.62 views

Rockwell Automation Logix Controllers

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: Logix Controllers Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an unauthorized user to send malicious messages to...

8.6CVSS7.9AI score0.01919EPSS
Exploits0References4
ICS
ICS
added 2022/05/19 12:0 a.m.56 views

Mitsubishi Electric MELSEC iQ-F Series

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-F Series Vulnerabilities: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-22-139-01...

8.6CVSS6.8AI score0.03679EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/13 1:24 a.m.28 views

October CMS Local File Inclusion

October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php makeFileContents function that can result in Sensitive information disclosure and remote code execution. This attack appear to be exploitable remotely if the /backend path i...

8.1CVSS7.3AI score0.02391EPSS
Exploits0References3Affected Software1
ICS
ICS
added 2022/05/10 12:0 a.m.75 views

Siemens Industrial Devices using libcurl

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Industrial devices using libcurl Vulnerabilities: Use After Free 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-22-132-13 Siemens Industrial Devices using...

8.1CVSS8AI score0.60122EPSS
Exploits2References11
ICS
ICS
added 2022/04/26 12:0 a.m.40 views

Hitachi Energy System Data Manager

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: System Data Manager – SDM600 Vulnerabilities: Integer Overflow or Wraparound, Reachable Assertion, Type Confusion, Uncontrolled Recursion, Observable Discrepancy 2. RISK...

7.5CVSS7.6AI score0.50732EPSS
Exploits1References4
ICS
ICS
added 2022/04/21 12:0 a.m.223 views

Hitachi Energy MicroSCADA Pro/X SYS600

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MicroSCADA Pro/X SYS600 Vulnerabilities: Observable Discrepancy, HTTP Request Smuggling, Classic Buffer Overflow, Improper Certificate Validation, Improper Restriction of...

9.3CVSS8.7AI score0.16296EPSS
Exploits5References5
ICS
ICS
added 2022/04/12 12:0 a.m.37 views

Siemens SICAM A8000

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM A8000 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access files...

7.5CVSS7.8AI score0.02446EPSS
Exploits1References11
ICS
ICS
added 2022/04/05 12:0 a.m.68 views

Johnson Controls Metasys

1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: Metasys Vulnerability: Server-side Request Forgery 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to inject...

8.8CVSS8.9AI score0.0078EPSS
Exploits0References5
ICS
ICS
added 2022/03/31 12:0 a.m.80 views

Mitsubishi Electric FA Products

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: FA products Vulnerabilities: Use of Password Hash Instead of Password for Authentication, Use of Weak Hash, Cleartext Storage of Sensitive Information, Authentication Bypass by Capture-replay...

9.1CVSS7.9AI score0.0229EPSS
Exploits0References4
ICS
ICS
added 2022/03/31 12:0 a.m.101 views

Rockwell Automation Logix Controllers

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Logix Controllers Vulnerability: Inclusion of Functionality from Untrusted Control Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an...

10CVSS8.7AI score0.05013EPSS
Exploits0References5
ICS
ICS
added 2022/03/29 12:0 a.m.50 views

Hitachi Energy LinkOne WebView

1. EXECUTIVE SUMMARY CVSS v3 4.2 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: LinkOne WebView Vulnerabilities: Cross-site Scripting, Use of a Password System for Primary Authentication, Configuration, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK...

7.5CVSS5.9AI score0.00725EPSS
Exploits0References5
ICS
ICS
added 2022/03/24 12:0 a.m.52 views

mySCADA myPRO

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow arbitrary operating system commands injection. 3. TECHNICAL...

9CVSS9AI score0.01343EPSS
Exploits0References5
ICS
ICS
added 2022/03/08 12:0 a.m.80 views

Siemens Polarion ALM

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Polarion ALM Vulnerability: Cross-site Scripting 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-22-069-08 Siemens Polarion ALM that...

6.1CVSS6.9AI score0.00733EPSS
Exploits0References11
Rows per page
Query Builder