Rockwell Automation FactoryTalk Service Platform

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk Service Platform Vulnerability : Improper Verification of Cryptographic Signature 2. RISK EVALUATION Successful exploitation of this vulnerability...

Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers

Actions to take today to mitigate malicious cyber activity: 1. Prioritize remediating known exploited vulnerabilities. 2. Employ proper network segmentation. 3. Enable multifactor authentication MFA for all services to the extent possible, particularly for webmail, VPN, and accounts that access...

Siemens COMOS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Sielco Radio Link and Analog FM Transmitters

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Sielco Equipment : Analog FM Transmitters and Radio Link Vulnerabilities : Improper Access Control, Cross-Site Request Forgery, Privilege Defined with Unsafe...

Schneider Electric EcoStruxure Power Monitoring Expert and Power Operation Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : EcoStruxure Power Monitoring Expert, EcoStruxure Power Operation with Advanced Reports, EcoStruxure Power SCADA Operation with Advanced Reports Vulnerability :...

Hitachi Energy's RTU500 Series Product (UPDATE B)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Hitachi Energy Equipment : RTU500 Series Vulnerabilities : Type Confusion, Observable Timing Discrepancy, Out-of-bounds Read, Infinite Loop, Classic Buffer Overflow 2. RISK EVALUATION...

Mitsubishi Electric Factory Automation Products

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: Factory Automation FA Products Vulnerabilities: Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a malicious...

Siemens Mendix Forgot Password Module

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

VISAM VBASE Automation Base

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: VISAM Equipment: VBASE Vulnerabilities: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information from...

ABB Pulsar Plus Controller

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: Pulsar Plus Controller Vulnerabilities: Use of Insufficiently Random Values, Cross-Site Request Forgery CSRF 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

Schneider Electric EcoStruxure Control Expert, Process Expert, Modicon M340, M580 and M580 CPU (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: EcoStruxure Control Expert, EcoStruxure Process Expert, Modicon M340 CPU, Modicon M580 CPU, Modicon Momentum Unity M1E Processor, Modicon MC80 Vulnerability: Authentication Bypass by...

Siemens SISCO MMS-EASE Third Party Component

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Siemens Equipment : SISCO MMS-EASE third party component Vulnerability : Resource Management Errors 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to cause a...

Siemens Teamcenter

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Teamcenter Vulnerability: Use of Hard-coded Credentials 2. UPDATE This updated advisory is a follow-up to the original advisory titled ICSA-22-167-13 Siemens Teamcenter that was...

Siemens Simcenter Femap

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Simcenter Femap Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow arbitrary code execution. 3. TECHNICAL DETAILS 3.1...

FATEK Automation FvDesigner

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: FATEK Automation Equipment: FvDesigner Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to...

Delta Electronics DOPSoft (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DOPSoft Vulnerabilities: Out-of-bounds Read 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-182-03 Delta Electronics DOPSoft Update A that was...

JTEKT TOYOPUC PLC

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: JTEKT Corporation Equipment: TOYOPUC PLC Vulnerability : Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this...

Siemens and Milestone Siveillance Video Open Network Bridge

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens and Milestone Equipment: Siveillance Video Open Network Bridge ONVIF Vulnerability: Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of this vulnerability could...

Rockwell Automation MicroLogix 1400 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: MicroLogix 1400 Vulnerability: Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-033-01 Rockwell Automation MicroLogix 1400 that...

Yokogawa CENTUM (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Yokogawa Equipment: CENTUM Vulnerabilities: Improper Authentication, Path Traversal 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-224-01...

Potential Legacy Risk from Malware Targeting QNAP NAS Devices

Summary This is a joint alert from the United States Cybersecurity and Infrastructure Security Agency CISA and the United Kingdom’s National Cyber Security Centre NCSC. CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attach...

Critical Vulnerability in SAP NetWeaver AS Java

Summary On July 13, 2020 EST, SAP released a security update to address a critical vulnerability, CVE-2020-6287, affecting the SAP NetWeaver Application Server AS Java component LM Configuration Wizard. An unauthenticated attacker can exploit this vulnerability through the Hypertext Transfer...

Siemens KTK, SIDOOR, SIMATIC, and SINAMICS (Update D)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Moxa EDS-G516E and EDS-510E Series Ethernet Switches

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: EDS-G516E series, and EDS-510E series Vulnerabilities: Stack-based Buffer Overflow, Use of a Broken or Risky Cryptographic Algorithm, Use of Hard-coded Cryptographic Key, Use of...

Siemens SIMATIC CP 1543-1

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC CP 1543-1 Vulnerabilities: Improper Access Control, Loop with Unreachable Exit Condition 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

Siemens EN100 Ethernet Module (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: EN100 Ethernet Module Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Cross-site Scripting, Relative Path Traversal 2. UPDATE...

BD Pyxis (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Becton, Dickinson and Company BD Equipment: Pyxis Vulnerability: Session Fixation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-248-01 BD Pyxis...

OSIsoft PI Web API

1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Exploitable remotely Vendor: OSIsoft LLC Equipment: OSIsoft PI Web API Vulnerabilities: Inclusion of Sensitive Information in Log Files, Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow direct...

LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA ELS Files

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: LCDS—Leão Consultoria e Desenvolvimento de Sistemas LTDA ME Equipment: LAquis SCADA Vulnerability: Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote code execution...

Schneider Electric IIoT Monitor (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: IIoT Monitor --------- Begin Update A Part 1 of 2 -------- Vulnerabilities: Path Traversal, Unrestricted Upload of File with Dangerous Type, XXE, Cryptographic Issues...

Crestron TSW-X60 and MC3

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Crestron Equipment: TSW-X60 and MC3 Vulnerabilities: OS Command Injections, Improper Access Control, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these...

BD Kiestra and InoquIA Systems (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION : Exploitable from adjacent network Vendor : Becton, Dickinson and Company BD Equipment : BD Kiestra and InoqulA systems Vulnerabilities : Product UI does not Warn User of Unsafe Actions 2. UPDATE INFORMATION This updated advisory is a follow-up to the...

Gemalto Sentinel License Manager

CVSS v3 9.9 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Gemalto Equipment: Sentinel License Manager Vulnerability: Null Pointer Dereference, Buffer Overflows, Improper Access Control AFFECTED PRODUCTS The following Sentinel License Manger services are affected: All HASP SR...

Rockwell Automation Stratix 5100 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.9 ATTENTION: Exploitable remotely/public exploits are available Vendor: Rockwell Automation Equipment: Stratix 5100 Wireless Access Point/Workgroup Bridge Vulnerability: Reusing a Nonce 2. UPDATE INFORMATION This updated advisory is a follow-up to the original...

Siemens 7KT PAC1200 Data Manager

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: 7KT PAC1200 data manager Vulnerability: Authentication Bypass Using an Alternate Path or Channel AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following versions of the 7KT...

Siemens XHQ

CVSS v3 6.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: XHQ Vulnerability: Improper Access Control AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following versions of the XHQ operations intelligence product line: XHQ 4: All version...

Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Rockwell Automation Equipment: Allen-Bradley MicroLogix 1100 and 1400 Vulnerabilities: Predictable Value Range from Previous Values; Reusing a Nonce, Key Pair in Encryption; Information Exposure; Improper Restriction ...

Eaton ePDU Path Traversal Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified a path traversal vulnerability in certain legacy Eaton ePDUs. Although the affected products are past end-of-life EoL and is no longer supported, Eaton has provided defense-in-depth mitigation instructions to protect devices that are still...

Honeywell Experion PKS Improper Input Validation Vulnerability

OVERVIEW Honeywell reported a denial-of-service condition caused by an improper input validation vulnerability in Honeywell’s Experion Process Knowledge System PKS platform. Honeywell has produced patches to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED...

Siemens SIMATIC STEP 7 TIA Portal Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-050-01 Siemens SIMATIC STEP 7 TIA Portal Vulnerabilities that was published February 19, 2015, on the NCCIC/ICS-CERT web site. Siemens has identified two vulnerabilities in its SIMATIC STEP 7 TIA Portal. Siemens...

Siemens SIMATIC HMI Devices Vulnerabilities (Update E)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-099-01D Siemens SIMATIC HMI Devices Vulnerabilities that was published September 10, 2015, on the NCCIC/ICS‑CERT web site. Siemens has identified three vulnerabilities in its SIMATIC HMI devices. These...

Schneider Electric Vijeo Citect, CitectSCADA, PowerLogic SCADA Vulnerability

Overview Schneider Electric has identified an XML external entity vulnerability in Vijeo Citect, CitectSCADA, and PowerLogic SCADA applications. Timur Yunusov, Alexey Osipov, and Ilya Karpov of Positive Technologies reported the vulnerability directly to Schneider Electric. Schneider Electric has...

Monroe Electronics DASDEC Compromised Root SSH Key

OVERVIEW This advisory provides mitigation details for a vulnerability that impacts the Monroe Electronics DASDEC. Mike Davis, a researcher with IOActive, reported a compromised root SSH key vulnerability to CERT Coordination Center CERT/CC. This vulnerability is in Monroe Electronics DASDEC‑I an...

Siemens RUGGEDCOM APE 1808

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens SCALANCE W700

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens RUGGEDCOM APE1808

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

#StopRansomware: Rhysida Ransomware

Actions to take today to mitigate malicious cyber activity: 1. Prioritize remediating known exploited vulnerabilities. 2. Enable multifactor authentication MFA for all services to the extent possible, particularly for webmail, VPN, and accounts that access critical systems. 3. Segment networks to...

Phoenix Contact TC ROUTER and TC CLOUD CLIENT

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Phoenix Contact Equipment : TC ROUTER and TC CLOUD CLIENT Vulnerabilities : Cross-site Scripting, XML Entity Expansion 2. RISK EVALUATION Successful exploitation of this...

Horner Automation Cscape

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Horner Automation Equipment: Cscape, Cscape EnvisionRV Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Read, Use After Free, Access of Uninitialized Pointer, Improper Restriction of Operations within the Bounds...

ProPump and Controls Osprey Pump Controller (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : ProPump and Controls, Inc. Equipment : Osprey Pump Controller Vulnerabilities: Insufficient Entropy, Use of GET Request Method with Sensitive Query Strings, Use...