Lucene search
K

4251 matches found

ICS
ICS
added 3 days ago1 views

Deloitte AI Assist for Customer multiple vulnerabilities

RISK EVALUATION Deloitte AI Assist for Customer contained multiple vulnerabilities. In the worst case, a remote, unauthenticated attacker could read or write data to the RAG corpus or make limited modifications to configurations. 2. RECOMMENDED PRACTICES Use only the most recent available...

6.9CVSS0.00279EPSS
Exploits0References1
ICS
ICS
added 4 days ago1 views

LibreBooking path traversal

RISK EVALUATION LibreBooking's email template editor save action passes the submitted template name directly into the destination file path, allowing a remote attacker with administrator credentials to write an arbitrary file outside the template directory and execute code. 2. RECOMMENDED...

8.6CVSS0.0084EPSS
Exploits1References1
ICS
ICS
added 4 days ago1 views

Superior Court of California Hearing Reminder Service unauthenticated information disclosure

RISK EVALUATION The Hearing Reminder Service for the Superior Court of California at https://www.hrs.courts.ca.gov exposes an API endpoint that returns sensitive court reminder records without authentication. 2. RECOMMENDED PRACTICES Fixed April 28th, 2026. 3. DESCRIPTION The Superior Court of...

6.9CVSS0.00272EPSS
Exploits0References1
ICS
ICS
added 4 days ago1 views

Allwinner TV Box TV98 ADB exposed on network

RISK EVALUATION Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access. 2. RECOMMENDED PRACTICES Contact Allwinner. 3. DESCRIPTION Allwinner H616 TV Box TV98...

8.8CVSS0.00242EPSS
Exploits0References1
ICS
ICS
added 4 days ago5 views

OpenPLC v3

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an authenticated attacker to write arbitrary files to the filesystem and escalate this into arbitrary native code execution through the normal OpenPLC program compilation process, potentially resulting in code execution...

9.9CVSS6.5AI score0.00616EPSS
Exploits0References13
ICS
ICS
added 6 days ago4 views

Hydro-Québec Le Circuit Electrique charging station backend

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could lead to privilege escalation, or result in a denial-of-service attack. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network...

9.8CVSS6.1AI score0.00519EPSS
Exploits0References11
ICS
ICS
added 6 days ago11 views

Digi International PortServer TS, Digi One SP IA

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and gain access to restricted resources, obtain credentials, and inject malicious scripts. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the...

5.7AI score
Exploits0References11
ICS
ICS
added 6 days ago12 views

Labcenter Proteus 9

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could disclose information and allow a malicious user to execute arbitrary code on affected installations. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...

6.7AI score
Exploits0References13
ICS
ICS
added 6 days ago4 views

FluxInk Color Management Driver local privilege escalation

RISK EVALUATION An attacker with a standard user account on a device could escalate their privileges via arbitrary physical memory mapping at \Device\PhysicalMemory. 2. RECOMMENDED PRACTICES Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows 11 25H2 HLK Hardware Lab...

8.4CVSS6AI score0.00101EPSS
Exploits0References1
ICS
ICS
added 2026/07/02 5:50 p.m.4 views

Cloudflare Universal SSL CAA record override

RISK EVALUATION Cloudflare customers requiring strict RFC 8657 enforcement need to disable Universal SSL on the affected zone. Universal SSL's automatic CAA management and customer-set RFC 8657 accounturi and validationmethods enforcement are mutually exclusive by the nature of the issue, so...

7.6CVSS5.9AI score0.00135EPSS
Exploits0References1
ICS
ICS
added 2026/07/02 6:0 a.m.15 views

CubeSpace CW0057 Reaction Wheel

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to upload arbitrary malicious firmware to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network...

5.2CVSS5.9AI score0.00116EPSS
Exploits0References13
ICS
ICS
added 2026/07/02 6:0 a.m.46 views

ST Engineering iDirect iQ-Series Terminals

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to device information or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...

5.8AI score
Exploits0References13
ICS
ICS
added 2026/07/02 5:0 a.m.12 views

Gardyn IoT Hub

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control IoT Hub managed devices. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize...

6AI score
Exploits0References11
ICS
ICS
added 2026/06/30 6:0 a.m.8 views

Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow a local attacker to tamper with or destroy information in the affected product, cause a denial-of-service condition in the affected product, or execute arbitrary code when a specially crafted archive file is...

6.4AI score
Exploits0References12
ICS
ICS
added 2026/06/30 6:0 a.m.11 views

StoneFly Storage Concentrator

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow attackers to gain broad unauthorized access, execute arbitrary commands with root privileges, steal sensitive data, and perform actions on behalf of legitimate users across interconnected systems. 2. RECOMMENDED...

6.3AI score
Exploits0References13
ICS
ICS
added 2026/06/30 6:0 a.m.6 views

Delta Electronics DVP12SE PLC

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to remotely issue commands, modify operational values, interfere with control logic, and alter device behavior without authentication or privilege enforcement. 2. RECOMMENDED PRACTICES CISA recommends users...

9.3CVSS5.8AI score0.0031EPSS
Exploits0References13
ICS
ICS
added 2026/06/30 6:0 a.m.4 views

Frangoteam FUXA SCADA/HMI

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to enumerate all user accounts and role assignments on a FUXA SCADA/HMI instance. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

8.7CVSS5.8AI score0.00352EPSS
Exploits0References13
ICS
ICS
added 2026/06/30 6:0 a.m.18 views

OFFIS DCMTK Toolkit

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to write files, access unauthorized information, exhaust memory, or crash affected DCMTK client or server processes. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the...

5.7AI score
Exploits0References13
ICS
ICS
added 2026/06/30 12:0 a.m.3 views

Hitachi Energy PROMOD V

SUMMARY Hitachi Energy is aware of insecure HTTP transmission vulnerability in PROMOD V product versions listed in this document. This vulnerability could allow attackers to intercept or manipulate sensitive data in transit, potentially leading to credential theft, session hijacking, or...

7CVSS6AI score0.00347EPSS
Exploits0References10
ICS
ICS
added 2026/06/30 12:0 a.m.4 views

Hitachi Energy e-mesh EMS

SUMMARY Hitachi Energy is aware of a buffer overflow vulnerability that affects e-mesh EMS product versions listed in this document. Successful exploitation of this vulnerability could lead to a buffer overflow condition, potentially resulting in application outages denial of service and...

9.2CVSS8AI score0.61469EPSS
Exploits40References10
ICS
ICS
added 2026/06/30 12:0 a.m.9 views

Siemens Mendix Studio Pro

SUMMARY Mendix Studio Pro versions before V11.12 are affected by a file parsing vulnerability that could be triggered when the application reads specially crafted malicious project during the build pipeline. This could allow an attacker to execute arbitrary code in the context of that user...

6.8CVSS6.4AI score0.00193EPSS
Exploits0References10
ICS
ICS
added 2026/06/26 4:8 p.m.8 views

extract-zip unvalidated symlink path traversal

RISK EVALUATION extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the...

8.6CVSS5.9AI score0.00346EPSS
Exploits1References1
ICS
ICS
added 2026/06/25 6:0 a.m.8 views

Delta Electronics DTM Soft

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system...

8.4CVSS6.2AI score0.00388EPSS
Exploits0References13
ICS
ICS
added 2026/06/25 6:0 a.m.8 views

Yokogawa FAST/TOOLS and CI Server

ADVISORY SUMMARY Successful exploitation of this vulnerability may return a response containing the CI Server setting information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all...

8.2CVSS5.8AI score0.00217EPSS
Exploits0References11
ICS
ICS
added 2026/06/25 6:0 a.m.20 views

OHIF Viewers DICOM

ADVISORY SUMMARY Successful exploitation of this vulnerability in a custom integration version could allow an attacker to steal an authenticated clinician's token via a crafted link. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...

8.3CVSS6AI score0.00232EPSS
Exploits0References13
ICS
ICS
added 2026/06/25 6:0 a.m.14 views

H.VIEW HV-500S6 IP Camera

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code and upload malicious files to the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...

6.4AI score
Exploits0References13
ICS
ICS
added 2026/06/25 6:0 a.m.9 views

Horner Automation Cscape

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow a local attacker to disclose information and execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network...

8.4CVSS6.1AI score0.00134EPSS
Exploits0References13
ICS
ICS
added 2026/06/25 6:0 a.m.13 views

pydicom pynetdicom Library

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an unauthenticated attacker to write to arbitrary file paths. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure...

9.1CVSS6AI score0.00434EPSS
Exploits0References11
ICS
ICS
added 2026/06/25 6:0 a.m.51 views

Daktronics Controller Firmware

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could could provide an unauthenticated user with complete root-level access and control of the system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...

6.1AI score
Exploits0References11
ICS
ICS
added 2026/06/25 5:0 a.m.9 views

EVoke Systems Charging Station Management System

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

9.4CVSS5.9AI score0.00378EPSS
Exploits0References11
ICS
ICS
added 2026/06/23 6:0 a.m.17 views

Hubbell Aclara Metrum Cellular Web Interface

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow attackers to manipulate critical device settings and repeatedly disrupt operations, potentially causing a loss of communications to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...

8.7CVSS5.9AI score0.00726EPSS
Exploits0References11
ICS
ICS
added 2026/06/18 3:56 p.m.8 views

Webmin multiple vulnerabilities

RISK EVALUATION Webmin contains multiple vulnerabilities. In the worst case, a remote, unauthenticated attacker could impersonate and authenticate as any user. 2. RECOMMENDED PRACTICES Update to most recent available version of Webmin. 3. DESCRIPTION The Webmin HTTP server miniserv.pl allows...

9.2CVSS6AI score0.00285EPSS
Exploits0References1
ICS
ICS
added 2026/06/18 3:45 p.m.8 views

U.S. GAO EPDS and CBCA EDS multiple vulnerabilities

RISK EVALUATION The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS contained multiple vulnerabilities. In the worst case, a remote, unauthenticated attacker could change all users'...

6.1AI score
Exploits0References1
ICS
ICS
added 2026/06/18 6:0 a.m.31 views

Rockwell Automation FactoryTalk Historian Site Edition

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to obtain a valid authentication token, perform a denial of service, or crash the system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...

5.5AI score
Exploits0References13
ICS
ICS
added 2026/06/18 6:0 a.m.13 views

AzeoTech DAQFactory (Update A)

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to upload malicious .ctl files that may lead to arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities...

8.4CVSS6.2AI score0.00148EPSS
Exploits0References11
ICS
ICS
added 2026/06/18 6:0 a.m.15 views

Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive health-related information and prevent legitimate users from establishing a connection with the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize...

5.6AI score
Exploits0References11
ICS
ICS
added 2026/06/18 6:0 a.m.14 views

AVer PTC cameras

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or...

9.8CVSS6.2AI score0.00616EPSS
Exploits0References13
ICS
ICS
added 2026/06/18 12:0 a.m.13 views

Mitsubishi Electric MELSEC iQ-F Series

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service DoS condition in the affected product by rapidly establishing a large number of TCP connections to it, resulting in an inconsistency in the product's internal connection...

8.7CVSS5.8AI score0.00379EPSS
Exploits0References9
ICS
ICS
added 2026/06/18 12:0 a.m.11 views

Mitsubishi Electric Co.'s MELSEC iQ-F Series FX5-ENET/IP Ethernet Module

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service DoS condition in the affected product by continuously sending a large number of communication packets to the Ethernet port of the product in a short period of time,...

8.7CVSS5.7AI score0.00367EPSS
Exploits0References9
ICS
ICS
added 2026/06/17 6:58 p.m.7 views

ServerCo getssl ACME shell script path injection

RISK EVALUATION In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An...

9.8CVSS6AI score0.00934EPSS
Exploits0References1
ICS
ICS
added 2026/06/16 6:0 a.m.27 views

Rockwell Automation FLEX I/O EtherNet/IP Adapters

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access, account takeover, and cause loss of availability. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...

5.5AI score
Exploits0References13
ICS
ICS
added 2026/06/16 6:0 a.m.70 views

Rockwell Automation CompactLogix

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for...

5.5AI score
Exploits0References13
ICS
ICS
added 2026/06/16 6:0 a.m.58 views

Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP

ADVISORY SUMMARY Successful exploitation of this vulnerability could cause a denial-of-service condition that may result in a major nonrecoverable fault MNRF. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability...

8.7CVSS5.3AI score0.00302EPSS
Exploits0References13
ICS
ICS
added 2026/06/16 6:0 a.m.41 views

RSLinx Classic Third-Party Vulnerability

ADVISORY SUMMARY Successful exploitation of this vulnerability can lead to a denial of service, where the application will become unresponsive and will not recover on its own. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

7.5CVSS7.8AI score0.03388EPSS
Exploits1References13
ICS
ICS
added 2026/06/16 6:0 a.m.28 views

Rockwell Automation FactoryTalk Analytics PavilionX

ADVISORY SUMMARY Successful exploitation of this vulnerability could result in an attacker executing privileged operations. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control...

8.3CVSS5.6AI score0.00235EPSS
Exploits0References11
ICS
ICS
added 2026/06/11 6:0 a.m.22 views

Yarbo Android/iOS Mobile Application and Cloud Infrastructure

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to obtain hard-coded credentials, gain access to telemetry data, and potentially send operational commands to the robot fleet. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...

5.6AI score
Exploits0References13
ICS
ICS
added 2026/06/11 6:0 a.m.18 views

Brickcom Cameras

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to gain unauthorized access to live video feeds, retrieve sensitive visual information from affected premises, and obtain administrative control of the device. 2. RECOMMENDED PRACTICES...

5.5AI score
Exploits0References13
ICS
ICS
added 2026/06/11 6:0 a.m.35 views

Naxclow IoT Platform

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to impersonate devices, intercept or manipulate communications, harvest sensitive credentials at scale, or gain unauthorized access. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...

5.7AI score
Exploits0References13
ICS
ICS
added 2026/06/11 12:30 a.m.9 views

Impact of Linux Kernel vulnerabilities on B&R products

SUMMARY B&R is aware of publicly reported vulnerabilities affecting the Linux kernel versions shipped with the products listed as affected in the advisory. Successful local exploitation of these vulnerabilities could allow an attacker to escalate privileges on the affected system. Public...

5.8AI score
Exploits0References11
ICS
ICS
added 2026/06/10 12:30 a.m.5 views

XZ Utils vulnerability impacting B&R Products

SUMMARY An update is available that resolves vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the product to stop or corrupt memory data. 2. FREQUENTLY ASKED QUESTIONS Could the vulnerability be...

8.7CVSS7AI score0.00647EPSS
Exploits0References11
Total number of security vulnerabilities4251