97 matches found
Siemens Simcenter STAR-CCM+
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Simcenter STAR-CCM+ Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Simcenter STAR-CCM+ contains an information disclosure vulnerability...
ICONICS Suite and Mitsubishi Electric MC Works64 Products (Update C)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Low attack complexity Vendors: ICONICS, Mitsubishi Electric Equipment: ICONICS Product Suite, MC Works64 Vulnerabilities: Path Traversal, Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere, Out-of-Bounds Read 2...
CODESYS Gateway Server (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: CODESYS GmbH Equipment: CODESYS Gateway Server Vulnerability: Heap Based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-15-258-02 3S...
Yokogawa CENTUM and ProSafe-RS
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Yokogawa Equipment: CENTUM and ProSafe-RS Vulnerabilities: OS Command Injection, Improper Authentication, NULL Pointer Dereference, Improper Input Validation, Resource Management Errors 2. RISK...
AVEVA System Platform
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: System Platform Vulnerability: Cleartext Storage of Sensitive Information in Memory 2. RISK EVALUATION Successful exploitation of this vulnerability could expose cleartext credentials for the network user...
Siemens SINEC INS
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC INS Vulnerability: Using Components with Known Vulnerabilities 2. RISK EVALUATION Successful exploitation of this vulnerability in third-party components could allow an attacker...
Siemens RUGGEDCOM Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...
WIN-911 2021
1. EXECUTIVE SUMMARY CVSS v3 5.6 ATTENTION: Low attack complexity Vendor: WIN-911 Equipment: WIN-911 2021 Vulnerabilities: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to leverage the misconfigured privileges to the...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
This is a PoC exploit for CVE-2021-26084, a pre-auth RCE injecti...
Mitsubishi Electric MELSEC-F Series
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC-F Series Vulnerability: Improper Initialization 2. RISK EVALUATION Successful exploitation of this vulnerability may cause a denial-of-service condition in the...
Omron CX-One
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Omron Equipment: CX-One Vulnerabilities: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability may allow arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The...
Siemens Healthineers syngo fastView (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Healthineers, a subsidiary of Siemens Equipment: syngo fastView --------- Begin Update A Part 1 of 2 -------- Vulnerabilities: Out-of-bounds Write, Write-what-where Condition --------- End Update A Part 1 of 2...
Mitsubishi Electric FA Engineering Software (Update B)
1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: FA Engineering Software Vulnerabilities: Out-of-bounds Read, Integer Underflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-350-05...
Delta Electronics CNCSoft
1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow information disclosure or an application crash. 3. TECHNICAL DETAILS 3.1...
Siemens JTTK and JT Utilities
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: JTTK and JT Utilities Vulnerabilities: Out-of-bounds Write, Use after Free, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead the application to crash or...
Schneider Electric SESU
1. EXECUTIVE SUMMARY CVSS v3 3.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Schneider Electric Software Update SESU Vulnerability: Insufficient Entropy 2. RISK EVALUATION Successful exploitation of this vulnerability could cause unintended connection from an internal...
Philips MRI 1.5T and 3T (Update A)
1. EXECUTIVE SUMMARY CVSS v3 6.2 ATTENTION: Low attack complexity Vendor: Philips Equipment: MRI 1.5T and 3T Vulnerabilities: Improper Access Control, Incorrect Ownership Assignment, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of these...
Fuji Electric Tellus Lite V-Simulator and V-Server Lite
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Tellus Lite V-Simulator, and V-Server Lite Vulnerabilities : Stack-based Buffer Overflow, Out-of-bounds Write, Untrusted Pointer Dereference, Out-of-bounds Read, Access of Uninitialized Pointer,...
ICONICS GENESIS64 and Mitsubishi Electric MC Works64
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: ICONICS, Mitsubishi Electric Equipment: ICONICS GENESIS64, Mitsubishi Electric MC Works64 Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities may...
Trane Symbio (Update B)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity Vendor: Trane Equipment: Symbio 700 and Symbio 800 controllers Vulnerability: Code Injection 2. UPDATE INFORMATION The updated advisory is a follow-up to the original advisory titled ICSA-21-266-01 Trane Symbio that was published...