Rockwell Automation Stratix 5800 and Stratix 5200 (UPDATE A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low attack complexity/known public exploitation Vendor : Rockwell Automation Equipment : Stratix 5800 and Stratix 5200 Vulnerabilities : Unprotected Alternate Channel, OS Command Injection 2. RISK EVALUATION Successful...

SDG PnPSCADA

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: SDG Technologies Equipment: PnPSCADA Vulnerabilities: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to interact with the database and retrieve...

BirdDog Cameras & Encoders

1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: BirdDog Equipment: STUDIO R3, 4K QUAD, MINI, A300 EYES Vulnerabilities: Cross-Site Request Forgery, Use of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

Siemens OPC Foundation Local Discovery Server Affecting Siemens Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens SCALANCE Third-Party

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens SINEC INS

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Siemens Equipment: SINEC INS Vulnerabilities: Improper Input Validation, Integer Overflow or Wraparound, Uncontrolled Resource Consumption, Command Injection, Inadequate Encryption Strength, Missing...

Circutor COMPACT DC-S BASIC

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Circutor Equipment: COMPACT DC-S BASIC Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a buffer overflow condition resulting in...

AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: AVEVA InTouch Access Anywhere and AVEVA Plant SCADA Access Anywhere Vulnerability: Exposure of Resource to Wrong Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability...

Automated Logic WebCTRL

1. EXECUTIVE SUMMARY CVSS v3 5.2 ATTENTION: Low attack complexity/exploitable remotely Vendor: Automated Logic is a part of Carrier Global Corporation Equipment: WebCtrl Server Vulnerability: Open Redirect 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

Siemens SIMATIC CP 1543-1 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC CP 1543-1 Vulnerability : Improper Input Validation, Improper Privilege Management 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-16-327-01 Siemens...

Siemens Energy PLUSCONTROL

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Energy Equipment: PLUSCONTROL Vulnerabilities: Type Confusion, Improper Validation of Specified Quantity in Input, Buffer Access with Incorrect Length Value, Integer Underflow, Improper Handling...

APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus

Summary This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework, Version 9. See the ATT&CK for Enterprise framework for referenced threat actor techniques and for mitigations. This joint advisory is the result of analytic efforts...

Advantech WebAccess SCADA

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess/SCADA Vulnerabilities: Cross-site Scripting XSS, Relative Path Traversal, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

Siemens RUGGEDCOM ROX II

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: RUGGEDCOM ROX IIB Vulnerabilities: Improper Input Validation, NULL Pointer Dereference, Out-of-Bounds Write, Insufficient Verification of Data Authenticity, Improper Certificate...

Siemens Desigo CC

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment : Desigo CC Vulnerability: Code Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain remote code execution on the server with...

Secomea GateManager

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Secomea Equipment: GateManager Vulnerabilities: Improper Neutralization of Null Byte or NUL Character, Off-by-one Error, Use of Hard-coded Credentials, Use of Password Hash with Insufficient...

Siemens SIMATIC, SINAMICS (Update C)

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC, SINAMICS Vulnerabilities: Uncontrolled Search Path Element, Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-161-05...

Siemens XHQ Operations Intelligence

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: XHQ Operations Intelligence Vulnerabilities: Cross-site Request Forgery, Improper Neutralization of Script-Related HTML Tags in a Web Page, Improper Input Validation 2. RISK...

ICSA-19-253-02 Siemens SINETPLAN

1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: Siemens Network Planner SINETPLAN Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow information disclosure, code execution, and...

Johnson Controls Metasys

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Johnson Controls Equipment: Metasys Vulnerabilities: Reusing a Nonce, Key Pair in Encryption; Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of these vulnerabilities could be leveraged by an...

Siemens LOGO! Soft Comfort (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: LOGO! Soft Comfort Vulnerability: Deserialization of Untrusted Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-134-03 Siemens LOGO! Soft...

Rockwell Automation PowerFlex 525 AC Drives

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: PowerFlex 525 AC Drives Vulnerability: Resource Exhaustion 2. RISK EVALUATION Successful exploitation of this vulnerability could result in resource exhaustion,...

ICSMA-18-240-01_Qualcomm Life Capsule

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Qualcomm Life Equipment: Capsule Datacaptor Terminal Server DTS Vulnerability: Code Weakness 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute...

Siemens Viewport for Web Office Portal

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Viewport for Web Office Portal Vulnerability: Improper Authentication AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following ViewPort for Web Office Portal products: ViewPort...

GE Multilin SR, UR, and URplus Protective Relays (Update B)

CVSS v3 8.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: GE Equipment: Multilin SR, UR, and URplus Protective Relays Vulnerabilities: Weak Cryptography for Passwords UPDATED INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-117-01A GE...

ICSA-17-061-01_Eaton xComfort Ethernet Communication Interface

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Eaton Equipment: xComfort Ethernet Communication Interface Vulnerability: Improper Access Control AFFECTED PRODUCTS The following versions of xComfort Ethernet Communication Interface ECI, a building automation system...

GE Intelligent Platforms Proficy Cimplicity Multiple Vulnerabilities

Overview This advisory provides mitigation details for multiple vulnerabilities that impact GE Intelligent Platforms Proficy HMI/SCADA—CIMPLICITY. General Electric GE has addressed two vulnerabilities in GE Intelligent Platforms Proficy HMI/SCADA—CIMPLICITY: a directory transversal vulnerability...

Emerson ROC800 Multiple Vulnerabilities (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-13-259-01A Emerson ROC800 Multiple Vulnerabilities that was published December 2, 2014, on the NCCIC/ICS‑CERT web site. This advisory provides mitigation details for multiple vulnerabilities affecting the Emerson...

Siemens Simatic HMI Authentication Vulnerabilities

Overview ICS-CERT is aware of a public report by independent security researchers Billy Rios and Terry McCorkle concerning authentication bypass vulnerabilities affecting Siemens SIMATIC HMI products which are supervisory control and data acquisition/human-machine interface SCADA/HMI products...

Siemens TIM 1531 IRC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Honeywell Equipment : Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Vulnerabilities : Exposed Dangerous Method or Function, Absolute Path Traversal,...

Chirp Systems Chirp Access (Update C)

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 2.3 ATTENTION : Low attack complexity Vendor : Chirp Systems Equipment : Chirp Access Vulnerability : Use of Hard-coded Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to adjust the Beacon configuration...

Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways

Actions to take today to mitigate cyber threats against Ivanti appliances: 1. Limit outbound internet connections from SSL VPN appliances to restrict access to required services. 2. Keep all operating systems and firmware up to date. 3. Limit SSL VPN connections to unprivileged accounts...

Sielco PolyEco FM Transmitter

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Sielco Equipment : PolyEco1000 Vulnerabilities : Session Fixation, Improper Restriction of Excessive Authentication Attempts, Improper Access Control 2. RISK...

Rockwell Automation PanelView 800

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : PanelView 800 Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose...

PiiGAB M-Bus

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: PiiGAB, Processinformation i Göteborg Aktiebolag Equipment: M-Bus SoftwarePack 900S Vulnerabilities: Code Injection, Improper Restriction of Excessive Authentication Attempts, Unprotected Transport of...

Siemens SCALANCE Switch Families

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Elcomplus SmartPTT SCADA

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor: Elcomplus Equipment: SmartPTT Vulnerabilities: Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Authorization, Cross-site Scripting 2. RISK EVALUATION Successful exploitation...

Baker Hughes Bently Nevada 3500

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Bently Nevada, a Baker Hughes subsidiary Equipment: 3500 Vulnerability: Use of Password Hash with Insufficient Computational Effort 2. REPOSTED INFORMATION This advisory was originally posted to the...

Siemens SCALANCE and RUGGEDCOM Devices (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE and RUGGEDCOM Devices Vulnerability: Stack-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-068-03...

Yokogawa WideField3

1. EXECUTIVE SUMMARY CVSS v3 2.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Yokogawa Equipment: Main equipment Vulnerability: Buffer Copy Without Checking Size of Input 2. RISK EVALUATION Successful exploitation of this vulnerability could terminate the program abnormally...

Rockwell Automation FactoryTalk View SE

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk View SE Vulnerabilities: Improper Input Validation, Improper Restriction of Operations Within The Bounds of a Memory Buffer, Permissions, Privileges, and...

SAE IT-systems FW-50 Remote Telemetry Unit (RTU)

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: SAE IT-systems Equipment: FW-50 Remote Telemetry Unit RTU Vulnerabilities: Cross-site Scripting, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow an...

GE Healthcare Ultrasound products (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION : low attack complexity Vendor : GE Healthcare Equipment : Ultrasound Products Vulnerability : Protection Mechanism Failure, Incorrect User Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker...

ICSA-19-134-07 Siemens SCALANCE W1750D

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE W1750D Vulnerabilities: Command Injection, Information Exposure, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

NetComm Wireless 4G LTE Light Industrial M2M Router

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: NetComm Wireless Equipment: 4G LTE Light Industrial M2M Router Vulnerabilities: Information Exposure, Cross-site Request Forgery, Cross-site Scripting, Information Exposure through Directory Listin...

ABB Panel Builder 800

1. EXECUTIVE SUMMARY CVSS v3 7.0 Vendor: ABB Equipment: Panel Builder 800 Vulnerability: Improper Input Validation 2. RISK EVALUATION An attacker could exploit the vulnerability by tricking a user to open a specially crafted file, allowing the attacker to insert and run arbitrary code. This...

OSIsoft PI Web API

CVSS v3 9.3 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: OSIsoft Equipment: PI Web API Vulnerabilities: Permissions, Privileges, and Access Controls; Cross-site Scripting AFFECTED PRODUCTS OSIsoft reports that the vulnerabilities affect the following PI Web API products: PI...

Moxa OnCell G3100-HSPA Series

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Moxa Equipment: OnCell G3100-HSPA Series Vulnerabilities: Reliance on Cookies without Validation and Integrity Checking, Improper Handling of Length Parameter Inconsistency, NULL Pointer Dereference AFFECTED PRODUCTS...

Siemens Industrial Products (Update A)

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products Vulnerability: Improper Input Validation UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-339-01 Siemens Industrial Products that w...