ICSA-19-192-03 Siemens TIA Administrator (TIA Portal)

1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION : Low skill level to exploit Vendor : Siemens Equipment : TIA Administrator TIA Portal Vulnerability : Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an execution of some commands without proper...

BD Alaris Gateway Workstation

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: BD Becton, Dickinson and Company Equipment: Alaris Gateway Workstation Vulnerabilities: Improper Access Control, Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Exploitation of...

WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : WAGO Equipment : Industrial Managed Switches 852-303, 852-1305, and 852-1505 Vulnerabilities : Use of Hard-coded Credentials, Use of Hard-coded Cryptographic Key, Using Components with Known...

Siemens SIMATIC WinCC and SIMATIC PCS 7

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC WinCC and SIMATIC PCS 7 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

GE Communicator

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: General Electric Equipment: Communicator Vulnerabilities: Uncontrolled Search Path, Use of Hard-coded Credentials, Improper Access Controls 2. RISK EVALUATION Successful exploitation of these...

AVEVA InduSoft Web Studio and InTouch Edge HMI

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : AVEVA Software, LLC AVEVA Equipment : InduSoft Web Studio and InTouch Edge HMI formerly InTouch Machine Edition Vulnerabilities : Missing Authentication for Critical Function, Resource Injection...

Siemens TIM 1531 IRC Modules

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: TIM 1531 IRC Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform...

Cybersecurity Threats to Precision Agriculture

DHS has released a report to address cybersecurity threats to new precision agriculture technologies used in crop and livestock production. Precision agriculture employs a variety of embedded and connected technologies to generate data used to enhance agricultural and livestock management. As...

Schneider Electric Modicon M221

1. EXECUTIVE SUMMARY CVSS v3 4.8 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Modicon M221 Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to remotely...

AVEVA Wonderware License Server

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low skill level to exploit Vendor: AVEVA Software, LLC AVEVA Equipment: Wonderware License Server Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of...

WAGO e!DISPLAY Web-Based-Management

1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/Low skill level to exploit/Public exploits are available Vendor: WAGO Equipment: e!DISPLAY Web-Based-Management WBM Vulnerabilities: Cross-site Scripting, Unrestricted Upload of File with Dangerous Type, and Incorrect Permissions fo...

Yokogawa CENTUM and Exaopc

1. EXECUTIVE SUMMARY CVSS v3 6.5 Vendor : Yokogawa Equipment : CENTUM series and Exaopc Vulnerability : Permissions, Privileges, and Access Controls 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to generate false system or process alarms, or block...

Geutebruck IP Cameras

CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: Geutebrück Equipment: IP Cameras Vulnerabilities: Improper Authentication, SQL Injection, Cross-Site Request Forgery, Improper Access Control, Server-Side Request Forgery, Cross-site Scripting AFFECTED PRODUCTS...

OSIsoft PI Vision

CVSS v3 6.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: OSIsoft Equipment: PI Vision Vulnerabilities: Protection Mechanism Failure, Information Exposure AFFECTED PRODUCTS The following versions of PI Vision, a data visualization framework, are affected: PI Vision versions...

OSIsoft PI Data Archive

CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: OSIsoft Equipment: PI Data Archive Vulnerabilities: Deserialization of Untrusted Data, Improper Input Validation, Incorrect Default Permissions AFFECTED PRODUCTS The following versions of PI Data Archive, a data stora...

Moxa OnCell G3100-HSPA Series

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Moxa Equipment: OnCell G3100-HSPA Series Vulnerabilities: Reliance on Cookies without Validation and Integrity Checking, Improper Handling of Length Parameter Inconsistency, NULL Pointer Dereference AFFECTED PRODUCTS...

3S-Smart Software Solutions GmbH CODESYS Web Server

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: 3S-Smart Software Solutions GmbH Equipment: CODESYS Web Server Vulnerability: Stack-based Buffer Overflow AFFECTED PRODUCTS All Microsoft Windows also WinCE based CODESYS web servers running stand-alone Version 2.3, o...