Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update C)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : ICONICS, Mitsubishi Electric Equipment : ICONICS Product Suite, Mitsubishi Electric MC Works64 Vulnerability : Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could...

Siemens PSS SINCAL

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Alisonic Sibylla

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Alisonic Equipment: Sibylla Vulnerability: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' 2. RISK EVALUATION Successful exploitation of this vulnerability...

Siemens SCALANCE W700

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens COMOS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Rockwell Automation Logix Controllers

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ControlLogix, GuardLogix, and 1756 ControlLogix I/O Modules Vulnerability : Unprotected Alternate Channel 2. RISK EVALUATION Successful exploitation of this...

Siemens TIA Portal and SIMATIC STEP 7

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens TIA Administrator

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens SENTRON 7KM PAC3x20

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Rockwell Automation ControlLogix and GuardLogix

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ControlLogix, GuardLogix Vulnerability : Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of...

APsystems Energy Communication Unit (ECU-C) Power Control Software

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Exploitable via adjacent network / low attack complexity Vendor : APsystems Equipment : Energy communication Unit ECU-C Power Control Software Vulnerability : Improper Access Control 2. RISK EVALUATION Successful exploitation of this...

Horner Automation Cscape

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Horner Automation Equipment : Cscape Vulnerability : Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL...

Siemens SICAM A8000

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Schweitzer Engineering Laboratories SEL-411L

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schweitzer Engineering Laboratories Equipment : SEL-411L Vulnerability : Improper Restriction of Rendered UI Layers or Frames 2. RISK EVALUATION Successful exploitation of this vulnerability...

Delta Electronics DOPSoft

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Delta Electronics Equipment : DOPSoft Vulnerability : Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to remote code execution. 3...

Mitsubishi Electric GX Works2

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 2.5 ATTENTION : Exploitable locally Vendor : Mitsubishi Electric Corporation Equipment : GX Works2 Vulnerability : Denial-of-Service 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a Denial-of-service DoS due to improper input...

Mitsubishi Electric MELSEC iQ-F/iQ-R Series CPU Module (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Exploitable remotely/low attack complexity Equipment : MELSEC iQ-F/iQ-R Series Vulnerability : Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote...

Schneider Electric EcoStruxure Power Monitoring Expert and Power Operation Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : EcoStruxure Power Monitoring Expert, EcoStruxure Power Operation with Advanced Reports, EcoStruxure Power SCADA Operation with Advanced Reports Vulnerability :...

Rockwell Automation FactoryTalk View Machine Edition

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk View Machine Edition Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

Rockwell Automation Armor PowerFlex

1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Rockwell Automation ​Equipment: Armor PowerFlex ​Vulnerability: Incorrect Calculation 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to send an influx of...