FANUC Robot Controllers (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: FANUC Equipment: R-30iA and R-30iB series controllers Vulnerabilities: Integer Coercion Error, Out-of-bounds Write 2. UPDATE INFORMATION This advisory is a follow-up to the original advisory titled ICSA-21-243-02P FANUC...

Siemens SINEMA Remote Connect Server

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Remote Connect Server Vulnerabilities: Missing Release of Resource after Effective Lifetime, Infinite Loop 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

Siemens TCP Stack of SIMATIC MV400

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC MV400 Vulnerabilities: Improper Validation of Specified Index, Position, or Offset in Input; Use of Insufficiently Random Values 2. RISK EVALUATION Successful...

Rockwell Automation Logix Controllers (Update A)

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers Vulnerability: Insufficiently Protected Credentials 2. UPDATE INFORMATION This updated advisory is a...

Siemens Spectrum Power 5

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Spectrum Power 5 Vulnerability: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS 2. RISK EVALUATION Successful exploitation of this vulnerability could...

Delta Electronics TPEditor

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Delta Electronics Equipment: TPEditor Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow...

Rockwell Automation FactoryTalk DLL Hijacking Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on March 3, 2015, and is being released to the NCCIC/ICS-CERT web site. Ivan Sanchez of NullCode & Evilcode Team has identified multiple DLL Hijacking vulnerabilities in a software component included with Rockwell...

Rockwell Automation ControlLogix and GuardLogix (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ControlLogix 5580, GuardLogix 5580, CompactLogix 5380, 1756-EN4TR Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this...

Siemens SCALANCE XCM-/XRM-300

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Preventing Web Application Access Control Abuse

SUMMARY The Australian Signals Directorate’s Australian Cyber Security Centre ACSC, U.S. Cybersecurity and Infrastructure Security Agency CISA, and U.S. National Security Agency NSA are releasing this joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and...

Hitachi Energy PCU400

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: PCU400 Vulnerabilities: Reliance on Uncontrolled Component 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in a denial-of-service condition on...

OFFIS DCMTK

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: OFFIS Equipment: DCMTK Vulnerabilities: Path Traversal, Relative Path Traversal, NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

Eaton Intelligent Power Manager Infrastructure

1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Eaton Equipment: Intelligent Power Manager Infrastructure Vulnerabilities: Cross-site Scripting, Reflected Cross-site Scripting, Improper Neutralization of Formula in a CSV File 2. RISK EVALUATION...

Omron CX-Position

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Omron Equipment: CX-Position Vulnerabilities: Stack-based Buffer Overflow, Improper Restriction of Operations Within the Bounds of a Memory Buffer, Use After Free, Out-of-bounds Write 2. RISK EVALUATION Successful...

Fuji Electric Tellus Lite V-Simulator and V-Server Lite

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Tellus Lite V-Simulator, and V-Server Lite Vulnerabilities : Stack-based Buffer Overflow, Out-of-bounds Write, Untrusted Pointer Dereference, Out-of-bounds Read, Access of Uninitialized Pointer,...

Philips Interoperability Solution XDS

1. EXECUTIVE SUMMARY CVSS v3 3.7 ATTENTION: Exploitable remotely Vendor: Philips Equipment: Interoperability Solution XDS Vulnerability: Clear Text Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read the LDAP...

Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments

Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. Updated April 15, 2021: The U.S. Government attributes this activity to the Russian Foreign...

Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers (Update A)

1. EXECUTIVE SUMMARY CVSS v3 5.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: CompactLogix and ControlLogix controllers Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory...

Siemens Embedded TCP/IP Stack Vulnerabilities-AMNESIA:33 (Update C)

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: ENTRON 3VA COM100/800, SENTRON 3VA DSP800, SENTRON PAC2200, SENTRON PAC3200T, SENTRON PAC3200, SENTRON PAC4200, SIRIUS 3RW5 Vulnerability: Integer Overflow 2. UPDATE INFORMATION This...

PEPPERL+FUCHS WirelessHART-Gateways

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: PEPPERL+FUCHS Equipment: WirelessHART-Gateways Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow access to...

PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx Series

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : PHOENIX CONTACT Equipment : FL SWITCH 3xxx/4xxx/48xx Series Vulnerabilities : Command Injection, Information Exposure, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of...

BD Pyxis

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION : Public exploits are available. Vendor : Becton, Dickinson and Company BD Equipment : Certain BD Pyxis Products Vulnerability : Reusing a Nonce 2. RISK EVALUATION Successful exploitation of this vulnerability could allow data traffic manipulation,...

GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-336-05 GE Proficy HMI/SCADA IFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian Vulnerability that was published January 17, 2017, on the NCCIC/ICS-CERT web site. GE has reported an insufficiently protecte...

Honeywell Experion PKS Directory Traversal Vulnerability

OVERVIEW Independent researcher Joel Langill identified a directory traversal vulnerability in Honeywell’s Experion PKS application. This vulnerability exists in all unsupported phased out versions of the application that is still in use by some customers. Honeywell has recommended users of the...

Iranian State Actors Conduct Cyber Operations Against the Government of Albania

Summary The Federal Bureau of Investigation FBI and the Cybersecurity and Infrastructure Security Agency CISA are releasing this joint Cybersecurity Advisory to provide information on recent cyber operations against the Government of Albania in July and September. This advisory provides a timelin...

Siemens Simcenter Femap and Parasolid

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Simcenter Femap and Parasolid Vulnerabilities: Multiple File Parsing Vulnerabilities 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in remote code execution in the...

Distributed Data Systems WebHMI

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Distributed Data Systems Equipment: WebHMI Vulnerabilities: Cross-site Scripting, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

Siemens OPC UA Protocol Stack Discovery Service (Update E)

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC Vulnerabilities: Improper restriction of XML external entity reference 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...

Siemens JT2Go and Teamcenter Visualization

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: JT2Go and Teamcenter Visualization Vulnerabilities: Out-of-Bounds Write, Use of Uninitialized Variable, Out-of-Bounds Read, Off-by-One Error, Use-after-Free 2. RISK EVALUATION Successful exploitation of...

Siemens PROFINET Devices

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: PROFINET Devices Vulnerability: Allocation of Resources Without Limits or Throttling 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...

Texas Instruments SimpleLink

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Texas Instruments Equipment: SimpleLink Wi-Fi, MSP432, CC13XX, CC26XX, CC32XX, CC3100 Vulnerabilities: Stack-based Buffer Overflow, Integer Overflow or Wraparound 2. RISK EVALUATION Successful...

Siemens SCALANCE X Switches (Update B)

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X200, X200IRT, X300 Vulnerabilities: Use of Hard-coded Cryptographic Key 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...

Siemens SIMATIC CP 343-1/CP 443-1 Modules and SIMATIC S7-300/S7-400 CPUs Vulnerabilities (Update B)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

ICSA-19-253-05 Siemens SIMATIC TDC CP51M1

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC TDC CP51M1 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could create a denial-of-service condition within UDP...

Silex Technology SX-500/SD-320AN or GE Healthcare MobileLink (Update B)

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION : Exploitable Remotely / Low skill level to exploit / Public exploits are available Vendors : Silex Technology, GE Healthcare Equipment : SX-500, SD-320AN, MobileLink Vulnerabilities : Improper Authentication, OS Command Injection 2. UPDATE INFORMATION...

Rockwell Automation FactoryTalk Alarms and Events

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Rockwell Automation Equipment: FactoryTalk Alarms and Events Vulnerability: Improper Input Validation AFFECTED PRODUCTS The following versions of FactoryTalk Alarms and Events, a component of the Factory Talk Services...

Rockwell Automation Allen-Bradley Stratix and ArmorStratix

CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Rockwell Automation Equipment: Allen-Bradley Stratix and ArmorStratix Vulnerabilities: SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software REPOSTED INFORMATION This advisory was originally poste...

Schneider Electric ClearSCADA

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: ClearSCADA Vulnerability: Improper Input Validation AFFECTED PRODUCTS The following versions of ClearSCADA, server and communications driver processes, are affected: All supported version...

WAGO Ethernet Web-based Management Authentication Bypass Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified an authentication bypass vulnerability in WAGO’s Ethernet Web-based Management products. WAGO has produced firmware and workarounds to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS WAGO...

Nice Linear eMerge E3-Series

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Nice Equipment : Linear eMerge E3-Series Vulnerabilities : Path traversal, Cross-site scripting, OS command injection, Unrestricted Upload of File with...

Mitsubishi Electric Electrical discharge machines

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Corporation Equipment : Electrical discharge machines Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could...

SEW-EURODRIVE MOVITOOLS MotionStudio

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.6 ATTENTION : Low attack complexity Vendor : SEW-EURODRIVE Equipment : MOVITOOLS MotionStudio Vulnerability : Improper Restriction of XML EXTERNAL Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result in open access...

Rapid Software LLC Rapid SCADA

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely, low attack complexity Vendor: Rapid Software LLC Equipment: Rapid SCADA Vulnerabilities: Path Traversal, Relative Path Traversal, Local Privilege Escalation through Incorrect Permission Assignment for Critical Resource,...

BD Alaris System with Guardrails Suite MX

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION : Low attack complexity Vendor : Becton, Dickinson and Company BD Equipment : Alaris PCU, Guardrails Editor, Systems Manager, Calculation Services, CQI Reporter Vulnerabilities : Insufficient Verification of Data Authenticity, Missing...

Hitachi Energy MSM

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Modular Switchgear Monitoring MSM Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Authentication Bypass by Capture-replay, Code Injection, Improper...

Rockwell Automation Studio 5000 Logix Designer

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Studio 5000 Logix Designer Vulnerability: Code Injection 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to download a modified program to the...

Uffizio GPS Tracker

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Uffizio Equipment: GPS Tracker Vulnerabilities: Improper Access Control, Unrestricted Upload of File with Dangerous Type, Open Redirect, Cross-site Scripting, Cross-site Request Forgery 2. RISK...

Siemens Industrial Products Intel CPUs (Update F)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC, SINUMERIK Vulnerabilities: Missing Encryption of Sensitive Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-21-222-05 Siemens Industrial Products...

Claroty Secure Remote Access Site

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Claroty Equipment: Secure Remote Access SRA Site Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability enables an attacker with local Linux...

Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902

Summary The Cybersecurity and Infrastructure Security Agency CISA is issuing this alert in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902. F5 Networks, Inc. F5 released a patch for CVE-2020-5902 on June 30, 2020.1 Unpatched F5 BIG-IP...