227 matches found
Phoenix Contact ProConOS and MULTIPROG
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Phoenix Contact Equipment: ProConOS/ProConOS eCLR and MULTIPROG Vulnerability: Insufficient Verification of Data Authenticity CISA is aware of a public report, known as “OT:ICEFALL” that details...
JTEKT TOYOPUC
1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely Vendor: JTEKT Equipment: TOYOPUC Products Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in multiple operational technology OT...
AutomationDirect DirectLOGIC with Ethernet
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: DirectLOGIC with Ethernet Communication Modules Vulnerabilities: Uncontrolled Resource Consumption, Cleartext Transmission of Sensitive Information 2. UPDATE OR REPOSTED...
Mitsubishi Electric MELSEC iQ-R, Q, L Series and MELIPC Series (Update C)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-R, Q, and L Series CPU Module; MELIPC Series CPU Vulnerability : Improper Resource Locking 2. RISK EVALUATION Successful exploitation of this vulnerability...
Mitsubishi Electric MELSEC-Q/L and MELSEC iQ-R
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: MELSEC-Q/L Series and iQ-R Series Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition and/or...
Siemens Teamcenter
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Teamcenter Vulnerability: Use of Hard-coded Credentials 2. UPDATE This updated advisory is a follow-up to the original advisory titled ICSA-22-167-13 Siemens Teamcenter that was...
Matrikon OPC Server
1. EXECUTIVE SUMMARY CVSS v3 5.8 ATTENTION: Exploitable remotely Vendor: Matrikon, a subsidiary of Honeywell Equipment: Matrikon OPC Server Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote command...
Rockwell Automation Logix Controllers
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: Logix Controllers Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an unauthorized user to send malicious messages to...
Mitsubishi Electric MELSEC iQ-F Series
1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-F Series Vulnerabilities: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-22-139-01...
October CMS Local File Inclusion
October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php makeFileContents function that can result in Sensitive information disclosure and remote code execution. This attack appear to be exploitable remotely if the /backend path i...
Siemens Industrial Devices using libcurl
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Industrial devices using libcurl Vulnerabilities: Use After Free 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-22-132-13 Siemens Industrial Devices using...
Hitachi Energy System Data Manager
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: System Data Manager – SDM600 Vulnerabilities: Integer Overflow or Wraparound, Reachable Assertion, Type Confusion, Uncontrolled Recursion, Observable Discrepancy 2. RISK...
Hitachi Energy MicroSCADA Pro/X SYS600
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MicroSCADA Pro/X SYS600 Vulnerabilities: Observable Discrepancy, HTTP Request Smuggling, Classic Buffer Overflow, Improper Certificate Validation, Improper Restriction of...
Siemens SICAM A8000
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM A8000 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access files...
Johnson Controls Metasys
1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: Metasys Vulnerability: Server-side Request Forgery 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to inject...
Mitsubishi Electric FA Products
1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: FA products Vulnerabilities: Use of Password Hash Instead of Password for Authentication, Use of Weak Hash, Cleartext Storage of Sensitive Information, Authentication Bypass by Capture-replay...
Rockwell Automation Logix Controllers
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Logix Controllers Vulnerability: Inclusion of Functionality from Untrusted Control Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an...
Hitachi Energy LinkOne WebView
1. EXECUTIVE SUMMARY CVSS v3 4.2 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: LinkOne WebView Vulnerabilities: Cross-site Scripting, Use of a Password System for Primary Authentication, Configuration, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK...
mySCADA myPRO
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow arbitrary operating system commands injection. 3. TECHNICAL...
Siemens Polarion ALM
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Polarion ALM Vulnerability: Cross-site Scripting 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-22-069-08 Siemens Polarion ALM that...