Lucene search
K

27 matches found

CISA
CISA
added 2024/12/13 12:0 p.m.9 views

CISA and EPA Release Joint Fact Sheet Detailing Risks Internet-Exposed HMIs Pose to WWS Sector

Today, CISA and the Environmental Protection Agency EPA released Internet-Exposed HMIs Pose Cybersecurity Risks to Water and Wastewater Systems. This joint fact sheet provides Water and Wastewater Systems WWS facilities with recommendations for limiting the exposure of Human Machine Interfaces HM...

7.2AI score
Exploits0References3
ICS
ICS
added 2024/08/08 6:0 a.m.32 views

Dorsett Controls InfoScan

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Dorsett Controls Equipment : InfoScan Vulnerabilities : Exposure of Sensitive Information To An Unauthorized Actor, Path Traversal 2. RISK EVALUATION Successful exploitation of these...

7.5CVSS5.7AI score0.00384EPSS
Exploits0References10
ICS
ICS
added 2024/06/27 6:0 a.m.31 views

SDG Technologies PnPSCADA

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : SDG Technologies Equipment : PnPSCADA Vulnerability : Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to attach various...

9.3CVSS6.4AI score0.00656EPSS
Exploits0References10
The Hacker News
The Hacker News
added 2024/03/20 5:48 a.m.25 views

U.S. EPA Forms Task Force to Protect Water Systems from Cyberattacks

The U.S. Environmental Protection Agency EPA said it's forming a new "Water Sector Cybersecurity Task Force" to devise methods to counter the threats faced by the water sector in the country. "In addition to considering the prevalent vulnerabilities of water systems to cyberattacks and the...

7.3AI score
Exploits0
ICS
ICS
added 2023/07/21 6:0 a.m.46 views

Walchem Intuition 9

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Walchem Equipment: Intuition 9 Vulnerabilities: Missing Authentication for Critical Function, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

8.8CVSS8.3AI score0.00508EPSS
Exploits0References8
ICS
ICS
added 2022/09/13 12:0 a.m.26 views

Kingspan TMS300 CS

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Kingspan Equipment : TMS300 CS Vulnerability: Improper Authentication 2. RISK EVALUATION The TMS300 CS system does not properly restrict access to endpoints, and successful exploitation of this...

9.8CVSS9.7AI score0.0067EPSS
Exploits0References6
ICS
ICS
added 2022/02/01 12:0 a.m.49 views

Advantech ADAM-3600

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: ADAM-3600 Vulnerability: Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized access to intercept traffic...

9.8CVSS9.9AI score0.01211EPSS
Exploits0References5
ICS
ICS
added 2021/11/30 12:0 a.m.46 views

Xylem Aanderaa GeoView

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Xylem, Inc. Equipment: Aanderaa GeoView Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to manipulate the database server. 3...

9.8CVSS9.7AI score0.01984EPSS
Exploits0References4
ICS
ICS
added 2021/10/25 12:0 p.m.21 views

Ongoing Cyber Threats to U.S. Water and Wastewater Systems

Summary Immediate Actions WWS Facilities Can Take Now to Protect Against Malicious Cyber Activity • Do not click on suspicious links. • If you use RDP, secure and monitor it. • Usestrong passwords. • Usemulti-factor authentication. Note: This advisory uses the MITRE Adversarial Tactics, Technique...

9.8AI score
Exploits0References55
HackRead
HackRead
added 2021/10/15 3:38 p.m.17 views

CISA – Ransomware targeted SCADA systems of 3 US water facilities

By Deeba Ahmed US has warned of more ransomware attacks on IT and OT networks of country's Water and Wastewater Systems WWS Sector facilities. This is a post from HackRead.com Read the original post: CISA - Ransomware targeted SCADA systems of 3 US water facilities...

6.9AI score
Exploits0
ICS
ICS
added 2021/08/17 12:0 a.m.104 views

xArrow SCADA

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: xArrow Equipment: xArrow SCADA Vulnerabilities: Cross-site Scripting, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in remote code execution...

7.8CVSS7.2AI score0.00715EPSS
Exploits0References6
ICS
ICS
added 2021/01/05 12:0 a.m.91 views

Schneider Electric Web Server on Modicon M340

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write, Classic Buffer Overflow 2. RISK...

8.8CVSS9.5AI score0.01087EPSS
Exploits0References5
ICS
ICS
added 2020/11/24 12:0 a.m.67 views

Rockwell Automation FactoryTalk Linx

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk Linx Vulnerabilities: Improper Input Validation, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

9.8CVSS9AI score0.05461EPSS
Exploits0References4
ICS
ICS
added 2020/09/17 12:0 a.m.56 views

Advantech WebAccess Node

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Advantech Equipment: WebAccess Node Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate their...

7.8CVSS8AI score0.0038EPSS
Exploits0References5
ICS
ICS
added 2020/09/10 12:0 a.m.38 views

HMS Networks Ewon Flexy and Cosy

1. EXECUTIVE SUMMARY CVSS v3 2.3 ATTENTION: Low skill level to exploit Vendor: HMS Networks Equipment: Ewon Flexy and Cosy Vulnerability: Permissive Cross-domain Policy with Untrusted Domains 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to retrieve...

2.3CVSS4AI score0.0034EPSS
Exploits0References5
ICS
ICS
added 2020/08/25 12:0 a.m.72 views

WECON LeviStudioU (Update C)

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: WECON Technology Co., Ltd WECON Equipment: LeviStudioU --------- Begin Update C Part 1 of 3 --------- Vulnerabilities: Stack-based Buffer Overflow, Improper Restriction of XML External Entity Reference, Heap-based...

7.8CVSS8.3AI score0.12007EPSS
Exploits0References5
ICS
ICS
added 2020/04/07 12:0 a.m.105 views

Advantech WebAccess/NMS

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess/NMS Vulnerabilities: Unrestricted Upload of File with Dangerous Type, SQL Injection, Relative Path Traversal, Missing Authentication for Critical Function, Improper...

10CVSS9.3AI score0.14327EPSS
Exploits0References5
ICS
ICS
added 2019/10/10 12:0 p.m.68 views

Siemens Industrial Products Local Privilege Escalation Vulnerability (Update I)

1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable locally Vendor: Siemens Equipment: Industrial Products Vulnerability: Improper privilege management 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-16-313-02 Siemens Industrial Products Local...

6.9CVSS7AI score0.00378EPSS
Exploits0References55
ICS
ICS
added 2018/12/20 12:0 a.m.124 views

Schneider Electric EcoStruxure

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: EcoStruxure Vulnerability: Open Redirect 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to use this device as a platform to...

6.1CVSS6.6AI score0.00755EPSS
Exploits0References5
ICS
ICS
added 2018/04/26 12:0 a.m.1066 views

WECON Technology Co., Ltd. LeviStudio HMI Editor and PI Studio HMI Project Programmer

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION : Low skill level to exploit. Vendor : WECON Technology Co., Ltd. WECON Equipment : LeviStudio HMI Editor, and PI Studio HMI Project Programmer Vulnerabilities : Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these...

6.8CVSS6.3AI score0.00732EPSS
Exploits0References5
Rows per page
Query Builder