CVE-2026-4204

Affected products: D-Link DNS-120, DNR-202L, DNS-315L, DNS-320/320L/320LW, DNS-321, DNR-322L, DNS-323, DNS-325/326/327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, DNS-1550-04. Root cause: The CGI endpoints in /cgi-bin/gui_mgr.cgi (cgi_myfavorite_add/…/cgi_mycloud_au...

D-Link多款产品 命令注入漏洞

D-Link DNS-320, etc., are products of D-Link Corporation, a Chinese company. The D-Link DNS-320 is a NAS Network Attached Storage device. The D-Link DNS-120 is a network storage adapter. The D-Link DNS-315L is a network attached storage device. Several D-Link products have command injection...

Rockwell Automation Stratix

RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...

Dover Fueling Solutions ProGauge MagLink LX4 Devices

RISK EVALUATION Successful exploitation of these vulnerabilities could result in a remote attacker causing a denial-of-service condition or gaining administrative access to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...

Mitsubishi Electric CNC Series (Update B)

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious code by getting setup-launcher to load a malicious DLL. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability,...

Siemens Siveillance Video

SUMMARY The installer of Siveillance Video V2024 R1 resets the system configuration password when updating from older versions of Siveillance Video. This could inadvertently remove the password protection from system configuration files, also affecting backup data sets that were created after...

Siemens VersiCharge AC Series EV Chargers

SUMMARY VersiCharge AC Series EV Chargers contain two vulnerabilities that could allow an attacker to gain control of the chargers through default Modbus port or execute arbitrary code by manipulating the M0 firmware. Siemens has released new versions for several affected products and recommends...

Siemens SENTRON 7KT PAC1260 Data Manager

SUMMARY SENTRON 7KT PAC1260 Data Manager is affected by multiple vulnerabilities as listed below. Software fixes can no longer be provided for The SENTRON 7KT PAC1260 Data Manager. This advisory documents the known open vulnerabilities. To fix the vulnerabilities, Siemens recommends to replace...

Siemens SIMATIC IPC Family, ITP1000, and Field PGs

SUMMARY Multiple vulnerabilities has been identified in Siemens SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs that can allow an authenticated attacker to alter the secure boot and password configurations. Siemens has released new versions of BIOS for several affected products and...

Siemens SINEMA Remote Connect Server

SUMMARY SINEMA Remote Connect Server before V3.2 SP3 is affected by multiple vulnerabilities. Siemens has released a new version for SINEMA Remote Connect Server and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends...

HMS Networks Ewon Flexy 202

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose sensitive user credentials. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for...

Siemens SIPORT

SUMMARY SIPORT before V3.4.0 contains a privilege escalation vulnerability which could allow a local attacker with an unprivileged account to override or modify the service executable and subsequently gain elevated privileges. Siemens has released a new version for SIPORT and recommends to...

Siemens NX

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Yokogawa CENTUM

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION : Exploitable remotely/Low attack complexity Vendor : Yokogawa Equipment : CENTUM Vulnerability : Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary...

CAREL Boss-Mini

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : CAREL Equipment : Boss-Mini Vulnerability : Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

Rockwell Automation FactoryTalk View SE

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION : Exploitable remotely/Low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk View SE Vulnerability : Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an outside attacker...

AVEVA PI Web API

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION : Exploitable remotely/low attack complexity Vendor : AVEVA Equipment : PI Web API Vulnerability : Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code...

RoboDK RoboDK

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 3.3 ATTENTION: Low attack complexity Vendor: RoboDK Equipment: RoboDK Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker crashing the program through heap-based buffer...

Subnet Solutions Inc. PowerSYSTEM Center

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Subnet Solutions Inc. Equipment: PowerSYSTEM Center Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker achieving arbitrary...

Siemens JT Open and JT Utilities

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...