227 matches found
Franklin Fueling System TS-550
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Franklin Fueling System Equipment : TS-550 Vulnerability : Use of Password Hash with Insufficient Computational Effort 2. RISK EVALUATION Successful...
Red Lion Crimson
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Red Lion Equipment : FlexEdge Gateway, DA50A, DA70A running Crimson Vulnerability : Improper Neutralization of Null Byte or NUL Character 2. RISK EVALUATION Successful exploitation of this...
Centralite Pearl Thermostat
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Centralite Equipment : Pearl Thermostat Vulnerability : Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this...
Rockwell Automation FactoryTalk Linx
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk Linx Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to information...
Schneider Electric EcoStruxure Power Monitoring Expert and Power Operation Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : EcoStruxure Power Monitoring Expert, EcoStruxure Power Operation with Advanced Reports, EcoStruxure Power SCADA Operation with Advanced Reports Vulnerability :...
Siemens SCALANCE W1750D
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Hitachi Energy AFS65x,AFF66x, AFS67x, and AFR67x Series Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Hitachi Energy Equipment : AFS65x, AFF66x, AFS67x, AFR67x Series Vulnerabilities : Incorrect Calculation, Integer Overflow or Wraparound, Improper Encoding or Escaping of Output, Exposure of...
Suprema BioStar 2
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Suprema Inc. Equipment : BioStar 2 Vulnerability : SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
Rockwell Automation FactoryTalk View Machine Edition
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk View Machine Edition Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...
Omron CJ/CS/CP Series
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Omron Equipment : Sysmac CJ/CS/CP Series Vulnerability : Improper Control of Interaction Frequency 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
ARDEREG Sistemas SCADA
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: ARDEREG Equipment: Sistemas SCADA Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to manipulate SQL query logic to extract...
PTC Kepware KepServerEX (Update A)
1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : PTC Equipment : Kepware KepServerEX Vulnerabilities : Uncontrolled Search Path Element, Improper Input Validation, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of...
Hitachi Energy AFF66x
1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: AFF66x Vulnerabilities: Cross-site Scripting, Use of Insufficiently Random Values, Origin Validation Error, Integer Overflow or Wraparound, Uncontrolled Resource...
ICONICS and Mitsubishi Electric Products
1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: ICONICS, Mitsubishi Electric Equipment: ICONICS Product Suite Vulnerabilities: Buffer Overflow, Out-of-Bounds Read, Observable Timing Discrepancy, Double Free, and NULL Pointer Dereference 2. RISK EVALUATION Successful...
​Siemens Software Center
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services ...
Siemens RUGGEDCOM ROS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Mitsubishi Electric GOT2000 and GOT SIMPLE
1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: GOT2000 Series and GOT SIMPLE Series Vulnerability: Predictable Exact Value from Previous Values 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...
Mitsubishi Electric GT and GOT Series Products
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GT Designer3, GOT2000 Series, GOT SIMPLE Series, and GT SoftGOT2000 Vulnerability: Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of this...
Rockwell Automation Select Communication Modules
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK,...
SpiderControl SCADAWebServer
1. EXECUTIVE SUMMARY CVSS v3 4.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: SpiderControl Equipment: SCADAWebServer Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition 3. TECHNICAL DETAILS...