Siemens SCALANCE and SIMATIC (Update H)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE, SIMATIC Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-105-07 Siemens SCALANCE & SIMATIC...

Siemens SIMATIC S7-300 CPUs and SINUMERIK Controller over Profinet (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7-300 CPUs and SINUMERIK Controller over Profinet Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the...

Rockwell Automation MicroLogix Controllers and RSLogix 500 Software

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: MicroLogix 1400 Controllers, MicroLogix 1100 Controllers, and RSLogix 500 Software Vulnerabilities: Use of Hard-coded Cryptographic Key, Use of a Broken or Risky...

Philips Veradius Unity, Pulsera, and Endura Dual WAN Routers

1. EXECUTIVE SUMMARY CVSS v3 5.3 Vendor: Philips Equipment: Veradius Unity, Pulsera, and Endura Dual WAN Router Vulnerability: Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability could compromise the management interface of the front end router...

Omron PLC CJ and CS Series

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Omron Equipment : PLC CJ and CS Series Vulnerabilities : Authentication Bypass by Spoofing, Authentication Bypass by Capture-replay, Unrestricted Externally Accessible Lock 2. UPDATE This updated...

Yokogawa Products

1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low skill level to exploit Vendor: Yokogawa Equipment: Exaopc, Exaplog, Exaquantum, Exasmoc, Exarqe, GA10, and InsightSuiteAE Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a...

Trane Tracer SC Sensitive Information Exposure Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified an information exposure vulnerability in Trane U.S. Inc.’s Tracer SC field panel. Trane U.S. Inc. has produced an update to mitigate this vulnerability. Maxim Rupp has tested the update to validate that it resolves the vulnerability. This...

Certec atvise webMI2ADS Vulnerabilities

Overview This advisory is a follow-up to the ICS-CERT alert titled ICS-ALERT-11-283-02 – Certec atvise webMI Vulnerabilities, released to the ICS-CERT web page on October 10, 2011. Independent researcher Luigi Auriemma has identified vulnerabilities in Certec’s webMI2ADS application. These...

Mitsubishi Electric Factory Automation Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : Multiple Factory Automation Products Vulnerabilities : Observable Timing Discrepancy, Double Free, Access of Resource Using Incompatible Type 'Type Confusion'...

Siemens SINEC NMS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Advantech WebAccess/SCADA

1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess Node Vulnerabilities: Improper Control of Generation of Code 'Code Injection', Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation...

FATEK Automation FvDesigner

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: FATEK Automation Equipment: FvDesigner Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The...

Siemens Teamcenter

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Teamcenter Vulnerabilities: Command Injection, Infinite Loop 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to command injection and denial-of-service...

Siemens SCALANCE LPE 4903 and SINUMERIK Edge

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SCALANCE LPE 4903 and SINUMERIK Edge Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unprivileged local user to escalate privileges and...

Emerson WirelessHART Gateway

1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: WirelessHART Gateway Vulnerabilities: Missing Authentication for Critical Function, Improper Input Validation, Improper Limitation of a Pathname to a Restricted Directory,...

Advantech WebAccess/NMS

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess/NMS Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the exposure of resources or functionality and...

ThroughTek Kalay P2P SDK

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: ThroughTek Equipment: Kalay P2P SDK Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could permit remote code execution and unauthorized access to...

Siemens SCALANCE FragAttacks

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE family devices Vulnerabilities: Improper Authentication, Injection, Improper Validation of Integrity Check, Improper Input Validation 2. RISK EVALUATION Successful...

Hillrom Medical Device Management (Update B)

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Hillrom Equipment: Welch Allyn medical device management tools Vulnerabilities: Out-of-Bounds Write, Out-of-Bounds Read 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...

Johnson Controls Sensormatic Electronics VideoEdge

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Equipment: VideoEdge Vulnerability: Off-by-one Error 2. RISK EVALUATION Under specific circumstances, a local authenticated user may be able to exploit this...

Mitsubishi Electric MELSEC iQ-R, Q, and L Series (Update E)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-R, Q, and L Series Vulnerability : Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a...

Mitsubishi Electric Factory Automation Products Path Traversal (Update C)

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric, Factory Automation products Vulnerability: Path Traversal 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...

Dridex Malware

Summary This Alert is the result of recent collaboration between the Department of the Treasury Financial Sector Cyber Information Group CIG and the Department of the Treasury’s Financial Crimes Enforcement Network FinCEN to identify and share information with the financial services sector...

Rockwell Automation FactoryTalk View SE

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk View SE Vulnerabilities: Cleartext Storage of Sensitive Information, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead...

Honeywell NOTI-FIRE-NET Web Server (NWS-3)

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Honeywell Equipment: NOTI-FIRE-NET Web Server NWS-3 Vulnerabilities: Authentication Bypass by Capture-replay, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

Honeywell equIP and Performance Series IP Cameras and Recorders

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Honeywell Equipment: equIP series and Performance series IP cameras and recorders Vulnerability: Authentication Bypass by Capture-Replay 2. RISK EVALUATION Successful exploitation of this vulnerability could result in...

ICSA-18-023-02 Siemens Industrial Products (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...

ICSA-17-236-01_Westermo MRD-305-DIN, MRD-315, MRD-355, and MRD-455

CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Westermo Equipment: MRD-305-DIN, MRD-315, MRD-355, and MRD-455 Vulnerabilities: Cross-Site Request Forgery CSRF, Use of Hard-Coded Credentials, and Use of Hard-Coded Cryptographic Key AFFECTED PRODUCTS The following...

Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-343-05 Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability that was published January 5, 2017, on the NCCIC/ICS-CERT web site. Rockwell Automation has identified a buff...

Siemens Teamcenter Visualization and JT2Go

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Increased Truebot Activity Infects U.S. and Canada Based Networks

SUMMARY The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, the Multi-State Information Sharing and Analysis Center MS-ISAC, and the Canadian Centre for Cyber Security CCCS are releasing this joint Cybersecurity Advisory CSA in response to cyber...

Autodesk FBX SDK

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Autodesk Equipment: FBX SDK Vulnerability: Out-of-bounds Read, Use After Free, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to code execution or a...

Measuresoft ScadaPro Server and Client

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Measuresoft Equipment: ScadaPro Server and Client Vulnerabilities: Untrusted Pointer Dereference, Stack-based Buffer Overflow, Use After Free, Link Following. 2. RISK EVALUATION Successful exploitation of these...

Siemens SRCS VPN Feature in SIMATIC CP Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Elcomplus SmartPTT SCADA Server

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Elcomplus Equipment: SmartPTT SCADA Server Vulnerabilities: Cross-site Scripting, Unauthorized Exposure to Sensitive Information, Unrestricted Upload of File with Dangerous Type, Path Traversal,...

Siemens TIA Administrator

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATICS PCS neo Admin Console, SINTEPLAN, TIA Portal Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory...

Schneider Electric Rack PDU (Update A)

1. EXECUTIVE SUMMARY --------- Begin Update A Part 1 of 3 --------- CVSS v3 6.5 ATTENTION: Exploitable remotely --------- End Update A Part 1 of 3 --------- Vendor: Schneider Electric Equipment: Rack Power Distribution Unit PDU --------- Begin Update A Part 2 of 3 --------- Vulnerability:...

Cognex In-Sight OPC Server

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Cognex Equipment: In-Sight OPC Server Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker access to system...

Siemens XHQ Operations Intelligence

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: XHQ Operations Intelligence Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Cross-site Scripting, Basic XSS, SQL Injection, Relative Path Traversal,...

Eaton HMiSoft VU3

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Eaton Equipment: HMiSoft VU3 HMIVU3 runtime not impacted Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being...

GE Communicator

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: General Electric Equipment: Communicator Vulnerabilities: Uncontrolled Search Path, Use of Hard-coded Credentials, Improper Access Controls 2. RISK EVALUATION Successful exploitation of these...

Omron CX-Programmer

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Omron Equipment: CX-Programmer within CX-One Vulnerability: Use After Free 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code under the privileges of the...

PHOENIX CONTACT RAD-80211-XD

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Phoenix Contact Equipment: RAD-80211-XD Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute system level commands...

ABB M2M ETHERNET

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: ABB Equipment: M2M ETHERNET Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload a malicious...

Siemens SPCanywhere App Vulnerabilities

OVERVIEW Karsten Sohr, Bernhard Berger, and Kai Hillmann from the TZI-Bremen, Kim Schlyter, Seyton Bradford, and Richard Warren from FortConsult, and Stefan Schuhmann have identified vulnerabilities in the Siemens SPCanywhere mobile application. Siemens has produced a new mobile application calle...

Siemens SIMATIC, SINUMERIK, and PROFINET IO (Update D)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Delta Electronics Delta Industrial Automation Screen Editor

CVSS v3 5.5 ATTENTION: Low skill level to exploit. Vendor: Delta Electronics, Incorporated Delta Electronics Equipment: Delta Industrial Automation Screen Editor Vulnerabilities: Stack-based Buffer Overflow, Use-after-Free, Out-of-bounds Write, Type Confusion AFFECTED PRODUCTS The following...

Trihedral Engineering Limited VTScada

CVSS v3 7.8 ATTENTION: Low skill level to exploit. Vendor: Trihedral Engineering Limited Equipment: VTScada Vulnerabilities: Improper Access Control, Uncontrolled Search Path Element AFFECTED PRODUCTS Trihedral Engineering Limited reports that the vulnerability affects the following versions of t...

Fuji Electric Monitouch V-SFT

CVSS v3 7.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Fuji Electric Equipment: Monitouch V-SFT Vulnerabilities: Stack-Based Buffer Overflow, Heap-Based Buffer Overflow, Improper Privilege Management AFFECTED PRODUCTS The following versions of Monitouch V-SFT, a screen...

BD Alaris 8015 PC Unit (Update B)

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: Becton, Dickinson and Company BD Equipment: BD Alaris 8015 PC Unit Vulnerabilities: Insufficiently Protected Credentials, Security Features 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory...